search

govCMS / scaffold

9 stars 19 forks source link

Solr Dockerfiles refer to old Lagoon/Solr images #32

Open tallytarik opened 2 years ago

tallytarik commented 2 years ago

Dockerfile.solr.paas refers to uselagoon/solr-7.7-drupal which runs Solr 7.7.1. (uselagoon/solr-7.7 => solr/7.7.1-alpine)

The latest Solr 7.x version is actually 7.7.3.

Lagoon has an image with 7.7.3 but it's under a different name - uselagoon/solr-7 (and -drupal) - I'm not totally sure why the image name changed but it took a bit of unwinding to figure this out!

The scaffold's Dockerfile should be updated to point to the newer Lagoon Solr image.

SaaS use govcms images, so the govcms/solr Dockerfile should also be updated with this change - happy to create a copy of this issue in that repo if needed.

tobybellwood commented 2 years ago

(backstory)

The solr-7.7 image is alpine-based, and the docker-solr project no longer publishes any alpine-based images (nor maintains the previously published ones)

So we created the solr-7 image from the upstream solr-7.7.3 debian-slim based images, which are minimally maintained.

The two are interchangeable (unless you do anything alpine-specific in a dockerfile :wink:)

tallytarik commented 2 years ago

@tobybellwood thanks for the explanation :)

Makes a bit more sense how they came into existence - although if they're interchangeable, maybe the update could have been a newer Lagoon version of the same image?

IMO, the image versions don't totally match my expectations. I'd expect solr-7 and solr-7.7 to indicate that they're the latest version of 7.x and 7.7.x, respectively, and therefore be the same version of Solr (7.7.3). But solr-7.7 is actually an earlier version, 7.7.1.

That's on the Lagoon side, though, so I can complain about that on the Lagoon repo ;)

The problem on the scaffold side is that we're pointing people to uselagoon/solr-7.7 which is Solr 7.7.1 - not the latest version. At a glance I can't see that there are security issues with 7.7.1/7.7.2, but out of best practice we should point to the latest version.

tobybellwood commented 2 years ago

we wrestled with this one a lot - we didn't want to use the same tag because there are people adding additional packages/tools, which would break completely with the alpine>debian switch.

Instead, we are using the Major version to refer to Solr images from now on - e.g. solr-7, solr-8 (and solr-9), as we do with some of our other images (e.g postgres), as the minor release cycle for Solr is pretty swift, as opposed to Node, Python or PHP (which all release a minor annually-ish)

I know it's a bit confusing, but the solr-7.7 and solr-7 should be drop-in compatible.

But ideally, yes, the scaffold should be pointing at solr-7