diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/Dockerfile b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..ee3692a121eabdfcae3cfc614e248696ff631ccd --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp1 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/entrypoint.sh b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c5ddf7e968f03c00bd08d166901c81a276e1dc9 --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/Dockerfile b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..0e4d96ddbb1a23dce0ff53742d8f801b7f76d2ea --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp3 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/entrypoint.sh b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c5ddf7e968f03c00bd08d166901c81a276e1dc9 --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/Dockerfile b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..3f8fef8e7b2c4d86e660fe37d187cc99264e7065 --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp4 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/entrypoint.sh b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c5ddf7e968f03c00bd08d166901c81a276e1dc9 --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile b/grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..25f5a4f57e9aedb2e1e920c0e2f04cab209bdbfd --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp1 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/22.03-lts-sp1/entrypoint.sh b/grafana/11.3.0+security-01/22.03-lts-sp1/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c5ddf7e968f03c00bd08d166901c81a276e1dc9 --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp1/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile b/grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..c50de78dd8d9bd49bb61fe5ce118265af1105bed --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp3 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/22.03-lts-sp3/entrypoint.sh b/grafana/11.3.0+security-01/22.03-lts-sp3/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c5ddf7e968f03c00bd08d166901c81a276e1dc9 --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp3/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile b/grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..09af13ba74ee62c5ae8d9547b8a6052b0c345f0c --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp4 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/22.03-lts-sp4/entrypoint.sh b/grafana/11.3.0+security-01/22.03-lts-sp4/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c5ddf7e968f03c00bd08d166901c81a276e1dc9 --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp4/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01/24.03-lts/Dockerfile b/grafana/11.3.0+security-01/24.03-lts/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..4e1d7178ff8bbf3be0a236d417822d8e88336208 --- /dev/null +++ b/grafana/11.3.0+security-01/24.03-lts/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:24.03-lts +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/24.03-lts/entrypoint.sh b/grafana/11.3.0+security-01/24.03-lts/entrypoint.sh new file mode 100644 index 0000000000000000000000000000000000000000..3c5ddf7e968f03c00bd08d166901c81a276e1dc9 --- /dev/null +++ b/grafana/11.3.0+security-01/24.03-lts/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/meta.yml b/grafana/meta.yml index 4e8e2c315b4d9616da49d33a55e7d3abe2a4096a..e38b2375fac1f441c83092777f71ff60c2e47421 100644 --- a/grafana/meta.yml +++ b/grafana/meta.yml @@ -23,4 +23,12 @@ 11.3.0-oe2203sp4: path: grafana/11.3.0/22.03-lts-sp4/Dockerfile 11.3.0-oe2203sp1: - path: grafana/11.3.0/22.03-lts-sp1/Dockerfile \ No newline at end of file + path: grafana/11.3.0/22.03-lts-sp1/Dockerfile +11.3.0+security-01-oe2403lts: + path: grafana/11.3.0+security-01/24.03-lts/Dockerfile +11.3.0+security-01-oe2203sp3: + path: grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile +11.3.0+security-01-oe2203sp4: + path: grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile +11.3.0+security-01-oe2203sp1: + path: grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile \ No newline at end of file