From c5e08253d0409b7a51059ae9e54d9d48b6a0b475 Mon Sep 17 00:00:00 2001 From: openeuler_bot <673672685@qq.com> Date: Wed, 13 Nov 2024 00:27:59 +0000 Subject: [PATCH 1/4] 24.03-lts update grafana to 11.3.0+security-01 --- .../11.3.0+security-01/24.03-lts/Dockerfile | 31 +++++++++ .../24.03-lts/entrypoint.sh | 68 +++++++++++++++++++ grafana/meta.yml | 4 +- 3 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 grafana/11.3.0+security-01/24.03-lts/Dockerfile create mode 100644 grafana/11.3.0+security-01/24.03-lts/entrypoint.sh diff --git a/grafana/11.3.0+security-01/24.03-lts/Dockerfile b/grafana/11.3.0+security-01/24.03-lts/Dockerfile new file mode 100644 index 00000000..4e1d7178 --- /dev/null +++ b/grafana/11.3.0+security-01/24.03-lts/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:24.03-lts +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/24.03-lts/entrypoint.sh b/grafana/11.3.0+security-01/24.03-lts/entrypoint.sh new file mode 100644 index 00000000..3c5ddf7e --- /dev/null +++ b/grafana/11.3.0+security-01/24.03-lts/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/meta.yml b/grafana/meta.yml index 4e8e2c31..83a77b1e 100644 --- a/grafana/meta.yml +++ b/grafana/meta.yml @@ -23,4 +23,6 @@ 11.3.0-oe2203sp4: path: grafana/11.3.0/22.03-lts-sp4/Dockerfile 11.3.0-oe2203sp1: - path: grafana/11.3.0/22.03-lts-sp1/Dockerfile \ No newline at end of file + path: grafana/11.3.0/22.03-lts-sp1/Dockerfile +11.3.0+security-01-oe2403lts: + path: grafana/11.3.0+security-01/24.03-lts/Dockerfile \ No newline at end of file -- Gitee From e173e721d783e20656a619bd10d98ae0e5039fb6 Mon Sep 17 00:00:00 2001 From: openeuler_bot <673672685@qq.com> Date: Wed, 13 Nov 2024 00:28:33 +0000 Subject: [PATCH 2/4] 22.03-lts-sp3 update grafana to 11.3.0+security-01 --- .../22.03-lts-sp3/Dockerfile | 31 +++++++++ .../22.03-lts-sp3/entrypoint.sh | 68 +++++++++++++++++++ .../22.03-lts-sp3/Dockerfile | 31 +++++++++ .../22.03-lts-sp3/entrypoint.sh | 68 +++++++++++++++++++ grafana/meta.yml | 4 +- 5 files changed, 201 insertions(+), 1 deletion(-) create mode 100644 grafana/11.3.0+security-01+security-01/22.03-lts-sp3/Dockerfile create mode 100644 grafana/11.3.0+security-01+security-01/22.03-lts-sp3/entrypoint.sh create mode 100644 grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile create mode 100644 grafana/11.3.0+security-01/22.03-lts-sp3/entrypoint.sh diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/Dockerfile b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/Dockerfile new file mode 100644 index 00000000..0e4d96dd --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp3 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/entrypoint.sh b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/entrypoint.sh new file mode 100644 index 00000000..3c5ddf7e --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp3/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile b/grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile new file mode 100644 index 00000000..c50de78d --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp3 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/22.03-lts-sp3/entrypoint.sh b/grafana/11.3.0+security-01/22.03-lts-sp3/entrypoint.sh new file mode 100644 index 00000000..3c5ddf7e --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp3/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/meta.yml b/grafana/meta.yml index 83a77b1e..0bcf2cba 100644 --- a/grafana/meta.yml +++ b/grafana/meta.yml @@ -25,4 +25,6 @@ 11.3.0-oe2203sp1: path: grafana/11.3.0/22.03-lts-sp1/Dockerfile 11.3.0+security-01-oe2403lts: - path: grafana/11.3.0+security-01/24.03-lts/Dockerfile \ No newline at end of file + path: grafana/11.3.0+security-01/24.03-lts/Dockerfile +11.3.0+security-01-oe2203sp3: + path: grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile \ No newline at end of file -- Gitee From c5703e734fa7e7d12cc7f25132bc773282811843 Mon Sep 17 00:00:00 2001 From: openeuler_bot <673672685@qq.com> Date: Wed, 13 Nov 2024 00:29:09 +0000 Subject: [PATCH 3/4] 22.03-lts-sp4 update grafana to 11.3.0+security-01 --- .../22.03-lts-sp4/Dockerfile | 31 +++++++++ .../22.03-lts-sp4/entrypoint.sh | 68 +++++++++++++++++++ .../22.03-lts-sp4/Dockerfile | 31 +++++++++ .../22.03-lts-sp4/entrypoint.sh | 68 +++++++++++++++++++ grafana/meta.yml | 4 +- 5 files changed, 201 insertions(+), 1 deletion(-) create mode 100644 grafana/11.3.0+security-01+security-01/22.03-lts-sp4/Dockerfile create mode 100644 grafana/11.3.0+security-01+security-01/22.03-lts-sp4/entrypoint.sh create mode 100644 grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile create mode 100644 grafana/11.3.0+security-01/22.03-lts-sp4/entrypoint.sh diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/Dockerfile b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/Dockerfile new file mode 100644 index 00000000..3f8fef8e --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp4 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/entrypoint.sh b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/entrypoint.sh new file mode 100644 index 00000000..3c5ddf7e --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp4/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile b/grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile new file mode 100644 index 00000000..09af13ba --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp4 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/22.03-lts-sp4/entrypoint.sh b/grafana/11.3.0+security-01/22.03-lts-sp4/entrypoint.sh new file mode 100644 index 00000000..3c5ddf7e --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp4/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/meta.yml b/grafana/meta.yml index 0bcf2cba..20931082 100644 --- a/grafana/meta.yml +++ b/grafana/meta.yml @@ -27,4 +27,6 @@ 11.3.0+security-01-oe2403lts: path: grafana/11.3.0+security-01/24.03-lts/Dockerfile 11.3.0+security-01-oe2203sp3: - path: grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile \ No newline at end of file + path: grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile +11.3.0+security-01-oe2203sp4: + path: grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile \ No newline at end of file -- Gitee From 26b01f42ffbdfeac60cf608b6e13581bf010b76c Mon Sep 17 00:00:00 2001 From: openeuler_bot <673672685@qq.com> Date: Wed, 13 Nov 2024 00:29:47 +0000 Subject: [PATCH 4/4] 22.03-lts-sp1 update grafana to 11.3.0+security-01 --- .../22.03-lts-sp1/Dockerfile | 31 +++++++++ .../22.03-lts-sp1/entrypoint.sh | 68 +++++++++++++++++++ .../22.03-lts-sp1/Dockerfile | 31 +++++++++ .../22.03-lts-sp1/entrypoint.sh | 68 +++++++++++++++++++ grafana/meta.yml | 4 +- 5 files changed, 201 insertions(+), 1 deletion(-) create mode 100644 grafana/11.3.0+security-01+security-01/22.03-lts-sp1/Dockerfile create mode 100644 grafana/11.3.0+security-01+security-01/22.03-lts-sp1/entrypoint.sh create mode 100644 grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile create mode 100644 grafana/11.3.0+security-01/22.03-lts-sp1/entrypoint.sh diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/Dockerfile b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/Dockerfile new file mode 100644 index 00000000..ee3692a1 --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp1 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/entrypoint.sh b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/entrypoint.sh new file mode 100644 index 00000000..3c5ddf7e --- /dev/null +++ b/grafana/11.3.0+security-01+security-01/22.03-lts-sp1/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile b/grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile new file mode 100644 index 00000000..25f5a4f5 --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile @@ -0,0 +1,31 @@ +ARG BASE=openeuler/openeuler:22.03-lts-sp1 +FROM ${BASE} + +ARG TARGETARCH +ARG BUILDARCH +ARG VERSION=11.3.0+security-01 + +COPY ./entrypoint.sh / +RUN yum -y update && \ + if [ "$TARGETARCH" = "amd64" ]; then \ + BUILDARCH="x86_64"; \ + elif [ "$TARGETARCH" = "arm64" ]; then \ + BUILDARCH="aarch64"; \ + fi && \ + yum install -y https://dl.grafana.com/enterprise/release/grafana-enterprise-${VERSION}-1.${BUILDARCH}.rpm && \ + yum clean all && \ + chmod 755 /entrypoint.sh + + +ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ + GF_PATHS_DATA="/var/lib/grafana" \ + GF_PATHS_HOME="/usr/share/grafana" \ + GF_PATHS_LOGS="/var/log/grafana" \ + GF_PATHS_PLUGINS="/var/lib/grafana/plugins" \ + GF_PATHS_PROVISIONING="/etc/grafana/provisioning" + +EXPOSE 3000 + +USER grafana +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/grafana/11.3.0+security-01/22.03-lts-sp1/entrypoint.sh b/grafana/11.3.0+security-01/22.03-lts-sp1/entrypoint.sh new file mode 100644 index 00000000..3c5ddf7e --- /dev/null +++ b/grafana/11.3.0+security-01/22.03-lts-sp1/entrypoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash -e + +PERMISSIONS_OK=0 + +if [ ! -r "$GF_PATHS_CONFIG" ]; then + echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable." + PERMISSIONS_OK=1 +fi + +if [ ! -w "$GF_PATHS_DATA" ]; then + echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable." + PERMISSIONS_OK=1 +fi + +if [ ! -r "$GF_PATHS_HOME" ]; then + echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable." + PERMISSIONS_OK=1 +fi + +if [ $PERMISSIONS_OK -eq 1 ]; then + echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migrate-to-v51-or-later" +fi + +if [ ! -d "$GF_PATHS_PLUGINS" ]; then + mkdir "$GF_PATHS_PLUGINS" +fi + +# Convert all environment variables with names ending in __FILE into the content of +# the file that they point at and use the name without the trailing __FILE. +# This can be used to carry in Docker secrets. +for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do + VAR_NAME_FILE="$VAR_NAME"__FILE + if [ "${!VAR_NAME}" ]; then + echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)" + exit 1 + fi + echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}" + export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")" + unset "$VAR_NAME_FILE" +done + +export HOME="$GF_PATHS_HOME" + +if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then + OLDIFS=$IFS + IFS=',' + for plugin in ${GF_INSTALL_PLUGINS}; do + IFS=$OLDIFS + if [[ $plugin =~ .*\;.* ]]; then + pluginUrl=$(echo "$plugin" | cut -d';' -f 1) + pluginInstallFolder=$(echo "$plugin" | cut -d';' -f 2) + grafana-cli --pluginUrl ${pluginUrl} --pluginsDir "${GF_PATHS_PLUGINS}" plugins install "${pluginInstallFolder}" + else + grafana-cli --pluginsDir "${GF_PATHS_PLUGINS}" plugins install ${plugin} + fi + done +fi + +exec grafana-server \ + --homepath="$GF_PATHS_HOME" \ + --config="$GF_PATHS_CONFIG" \ + --packaging=docker \ + "$@" \ + cfg:default.log.mode="console" \ + cfg:default.paths.data="$GF_PATHS_DATA" \ + cfg:default.paths.logs="$GF_PATHS_LOGS" \ + cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \ + cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING" diff --git a/grafana/meta.yml b/grafana/meta.yml index 20931082..e38b2375 100644 --- a/grafana/meta.yml +++ b/grafana/meta.yml @@ -29,4 +29,6 @@ 11.3.0+security-01-oe2203sp3: path: grafana/11.3.0+security-01/22.03-lts-sp3/Dockerfile 11.3.0+security-01-oe2203sp4: - path: grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile \ No newline at end of file + path: grafana/11.3.0+security-01/22.03-lts-sp4/Dockerfile +11.3.0+security-01-oe2203sp1: + path: grafana/11.3.0+security-01/22.03-lts-sp1/Dockerfile \ No newline at end of file -- Gitee