Closed phracek closed 1 month ago
Diff between Dockerfile.fedora and Dockerfile.c10s:
$ diff -u 2.4/Dockerfile.fedora 2.4/Dockerfile.c10s
--- 2.4/Dockerfile.fedora 2024-08-07 09:58:46
+++ 2.4/Dockerfile.c10s 2024-08-07 10:29:17
@@ -1,12 +1,12 @@
-FROM quay.io/fedora/s2i-core:40
+FROM quay.io/sclorg/s2i-core-c10s:c10s
# Apache HTTP Server image.
#
# Volumes:
# * /var/www - Datastore for httpd
-# * /var/log/httpd - Storage for logs when $HTTPD_LOG_TO_VOLUME is set
+# * /var/log/httpd24 - Storage for logs when $HTTPD_LOG_TO_VOLUME is set
# Environment:
-# * $HTTPD_LOG_TO_VOLUME (optional) - When set, httpd will log into /var/log/httpd
+# * $HTTPD_LOG_TO_VOLUME (optional) - When set, httpd will log into /var/log/httpd24
ENV HTTPD_VERSION=2.4 \
HTTPD_SHORT_VERSION=24 \
@@ -22,25 +22,25 @@
LABEL summary="$SUMMARY" \
description="$DESCRIPTION" \
- io.k8s.description="$SUMMARY" \
+ io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="Apache httpd $HTTPD_VERSION" \
io.openshift.expose-services="8080:http,8443:https" \
- io.openshift.tags="builder,$NAME,$NAME24" \
- com.redhat.component="$NAME" \
- name="fedora/$NAME-$HTTPD_SHORT_VERSION" \
- version="$HTTPD_VERSION" \
- usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ quya.io/fedora/$NAME-$HTTPD_SHORT_VERSION sample-server" \
+ io.openshift.tags="builder,$NAME,$NAME-$HTTPD_SHORT_VERSION" \
+ name="sclorg/$NAME-$HTTPD_SHORT_VERSION-c10s" \
+ version="1" \
+ com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \
+ com.redhat.component="httpd-24-container" \
+ usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ quay.io/sclorg/$NAME-$HTTPD_SHORT_VERSION-c10s sample-server" \
maintainer="SoftwareCollections.org <sclorg@redhat.com>"
EXPOSE 8080
EXPOSE 8443
-RUN dnf install -y yum-utils gettext hostname && \
- INSTALL_PKGS="nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session mod_security sscg" && \
+RUN INSTALL_PKGS="gettext hostname nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session sscg" && \
dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
httpd -v | grep -qe "Apache/$HTTPD_VERSION" && echo "Found VERSION $HTTPD_VERSION" && \
- dnf clean all
+ dnf -y clean all --enablerepo='*'
ENV HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
HTTPD_APP_ROOT=${APP_ROOT} \
@@ -57,7 +57,6 @@
COPY 2.4/s2i/bin/ $STI_SCRIPTS_PATH
COPY 2.4/root /
-# Generate SSL certs and reset permissions of filesystem to default values
# Reset permissions of filesystem to default values
RUN /usr/libexec/httpd-prepare && rpm-file-permissions
Diff between C9S and C10S:
$ diff -u 2.4/Dockerfile.c9s 2.4/Dockerfile.c10s
--- 2.4/Dockerfile.c9s 2024-04-22 12:11:03
+++ 2.4/Dockerfile.c10s 2024-08-07 10:29:17
@@ -1,4 +1,4 @@
-FROM quay.io/sclorg/s2i-core-c9s:c9s
+FROM quay.io/sclorg/s2i-core-c10s:c10s
# Apache HTTP Server image.
#
@@ -8,7 +8,10 @@
# Environment:
# * $HTTPD_LOG_TO_VOLUME (optional) - When set, httpd will log into /var/log/httpd24
-ENV HTTPD_VERSION=2.4
+ENV HTTPD_VERSION=2.4 \
+ HTTPD_SHORT_VERSION=24 \
+ NAME=httpd \
+ ARCH=x86_64
ENV SUMMARY="Platform for running Apache httpd $HTTPD_VERSION or building httpd-based application" \
DESCRIPTION="Apache httpd $HTTPD_VERSION available as container, is a powerful, efficient, \
@@ -22,22 +25,22 @@
io.k8s.description="$DESCRIPTION" \
io.k8s.display-name="Apache httpd $HTTPD_VERSION" \
io.openshift.expose-services="8080:http,8443:https" \
- io.openshift.tags="builder,httpd,httpd-24" \
- name="sclorg/httpd-24-c9s" \
+ io.openshift.tags="builder,$NAME,$NAME-$HTTPD_SHORT_VERSION" \
+ name="sclorg/$NAME-$HTTPD_SHORT_VERSION-c10s" \
version="1" \
com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \
com.redhat.component="httpd-24-container" \
- usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ quay.io/sclorg/httpd-24-c9s sample-server" \
+ usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ quay.io/sclorg/$NAME-$HTTPD_SHORT_VERSION-c10s sample-server" \
maintainer="SoftwareCollections.org <sclorg@redhat.com>"
EXPOSE 8080
EXPOSE 8443
-RUN INSTALL_PKGS="gettext hostname nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" && \
- yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+RUN INSTALL_PKGS="gettext hostname nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session sscg" && \
+ dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
httpd -v | grep -qe "Apache/$HTTPD_VERSION" && echo "Found VERSION $HTTPD_VERSION" && \
- yum -y clean all --enablerepo='*'
+ dnf -y clean all --enablerepo='*'
Diff between C10S and RHEL9:
$ diff -u 2.4/Dockerfile.rhel9 2.4/Dockerfile.c10s
--- 2.4/Dockerfile.rhel9 2024-08-07 09:58:46
+++ 2.4/Dockerfile.c10s 2024-08-07 10:29:17
@@ -1,4 +1,4 @@
-FROM ubi9/s2i-core:1
+FROM quay.io/sclorg/s2i-core-c10s:c10s
# Apache HTTP Server image.
#
@@ -10,7 +10,8 @@
ENV HTTPD_VERSION=2.4 \
HTTPD_SHORT_VERSION=24 \
- NAME
+ NAME=httpd \
+ ARCH=x86_64
ENV SUMMARY="Platform for running Apache httpd $HTTPD_VERSION or building httpd-based application" \
DESCRIPTION="Apache httpd $HTTPD_VERSION available as container, is a powerful, efficient, \
@@ -25,21 +26,21 @@
io.k8s.display-name="Apache httpd $HTTPD_VERSION" \
io.openshift.expose-services="8080:http,8443:https" \
io.openshift.tags="builder,$NAME,$NAME-$HTTPD_SHORT_VERSION" \
- name="rhel9/$NAME-$HTTPD_SHORT_VERSION" \
+ name="sclorg/$NAME-$HTTPD_SHORT_VERSION-c10s" \
version="1" \
- com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" \
- com.redhat.component="$NAME-$HTTPD_SHORT_VERSION-container" \
- usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ rhel9/$NAME-$HTTPD_SHORT_VERSION sample-server" \
+ com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#rhel" \
+ com.redhat.component="httpd-24-container" \
+ usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ quay.io/sclorg/$NAME-$HTTPD_SHORT_VERSION-c10s sample-server" \
maintainer="SoftwareCollections.org <sclorg@redhat.com>"
EXPOSE 8080
EXPOSE 8443
-RUN INSTALL_PKGS="gettext hostname nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" && \
- yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+RUN INSTALL_PKGS="gettext hostname nss_wrapper bind-utils httpd mod_ssl mod_ldap mod_session sscg" && \
+ dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
rpm -V $INSTALL_PKGS && \
httpd -v | grep -qe "Apache/$HTTPD_VERSION" && echo "Found VERSION $HTTPD_VERSION" && \
- yum -y clean all --enablerepo='*'
+ dnf -y clean all --enablerepo='*'
ENV HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
HTTPD_APP_ROOT=${APP_ROOT} \
[test]
[test-openshift-pytest][test-openshift]
ALL TESTS PASSED
There seems to be some package differences between Fedora/c10s and ubi9/c10s (
mod_security
,mod_auth_mellon
), that I'd suggest to merge -- using ubi9 package set might be the best match IMO.@uhliarik what do you think?
@hhorak I had a conversion with Tomas Halman and the packages have been removed. The solution is to move from SAML to OAuth (mod_auth_openidc)
Removing mod_security and mod_auth_melon is totally fine for el10, since these components are not shipped there.
mod_auth_mellon is present in Fedora builds. https://koji.fedoraproject.org/koji/packageinfo?packageID=17461
And mod_auth_mellon is present in RHEL9 here: https://brewweb.engineering.redhat.com/brew/packageinfo?packageID=46765
This pull request adds support for C10S and it is separated into multiple commits.