add downstream Dockerfile

and files needed for the container build

Signed-off-by: Andrew Schoen <[email protected]>

Author: andrewschoen

Dockerfile

@@ -0,0 +1,74 @@
+# Build stage 1
+
+FROM openshift/golang-builder:rhel_9_golang_1.23 AS builder
+
+COPY $REMOTE_SOURCE $REMOTE_SOURCE_DIR
+
+WORKDIR $REMOTE_SOURCE_DIR/app
+
+ENV GOFLAGS="-mod=vendor"
+
+RUN go run -mod vendor build.go -dev build
+
+# Build stage 2
+FROM registry.redhat.io/ubi9/ubi-minimal:latest
+
+# Update the image to get the latest CVE updates
+RUN microdnf update -y
+
+ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
+    GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \
+    GF_PATHS_DATA="/var/lib/grafana" \
+    GF_PATHS_HOME="/usr/share/grafana" \
+    GF_PATHS_LOGS="/var/log/grafana" \
+    GF_PATHS_PLUGINS="/usr/share/grafana/plugins" \
+    GF_PATHS_PROVISIONING="/etc/grafana/provisioning"
+
+RUN rm -rf $GF_PATHS_HOME && mkdir -p $GF_PATHS_HOME
+COPY --from=builder $REMOTE_SOURCE_DIR/app/bin/grafana /usr/bin/grafana
+COPY --from=builder $REMOTE_SOURCE_DIR/app/bin/grafana-server /usr/bin/grafana-server
+COPY --from=builder $REMOTE_SOURCE_DIR/app/bin/grafana-cli /usr/bin/grafana-cli
+COPY --from=builder $REMOTE_SOURCE_DIR/app/conf $GF_PATHS_HOME/conf/
+COPY --from=builder $REMOTE_SOURCE_DIR/app/docs $GF_PATHS_HOME/docs/
+COPY --from=builder $REMOTE_SOURCE_DIR/app/public $GF_PATHS_HOME/public/
+COPY --from=builder $REMOTE_SOURCE_DIR/app/scripts $GF_PATHS_HOME/scripts/
+
+RUN rm -rf /etc/grafana && mkdir -p /etc/grafana
+COPY --from=builder $REMOTE_SOURCE_DIR/app/conf/sample.ini $GF_PATHS_CONFIG
+COPY --from=builder $REMOTE_SOURCE_DIR/app/conf/ldap.toml /etc/grafana/ldap.toml
+COPY ./run.sh /run.sh
+
+# Create grafana user/group
+RUN microdnf install -y shadow-utils
+RUN groupadd -r -g 472 grafana
+RUN useradd -r -u 472 -g grafana -d /etc/grafana -s /sbin/nologin -c "Grafana Dashboard" grafana
+
+# Unpack plugins and update permissions
+RUN mkdir -p "$GF_PATHS_HOME/.aws" && \
+    mkdir -p "$GF_PATHS_PROVISIONING/datasources" \
+             "$GF_PATHS_PROVISIONING/dashboards" \
+             "$GF_PATHS_PROVISIONING/notifiers" \
+             "$GF_PATHS_PROVISIONING/plugins" \
+             "$GF_PATHS_PROVISIONING/access-control" \
+             "$GF_PATHS_PROVISIONING/alerting" \
+             "$GF_PATHS_LOGS" \
+             "$GF_PATHS_PLUGINS" \
+             "$GF_PATHS_DATA" && \
+    chown -R grafana:grafana "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" && \
+    chmod -R 775 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" /run.sh
+
+EXPOSE 3000
+
+USER grafana
+WORKDIR /
+ENTRYPOINT [ "/run.sh" ]
+
+# Build specific labels
+LABEL maintainer="Nizamudeen A <[email protected]>"
+LABEL com.redhat.component="grafana-container"
+LABEL version=11.5.2
+LABEL name="grafana"
+LABEL description="Red Hat Ceph Storage Grafana container"
+LABEL summary="Grafana container on RHEL 9 for Red Hat Ceph Storage"
+LABEL io.k8s.display-name="Grafana on RHEL 9"
+LABEL io.openshift.tags="rhceph ceph dashboard grafana"

ceph-dashboard.yaml

@@ -0,0 +1,11 @@
+apiVersion: 1 
+providers: 
+- name: 'Ceph Dashboard' 
+  torgId: 1 
+  folder: 'ceph-dashboard' 
+  type: file 
+  disableDeletion: false 
+  updateIntervalSeconds: 3 
+  editable: false 
+  options: 
+    path: '/etc/grafana/dashboards/ceph-dashboard'

run.sh

@@ -0,0 +1,59 @@
+#!/bin/bash -e
+
+PERMISSIONS_OK=0
+
+if [ ! -r "$GF_PATHS_CONFIG" ]; then
+    echo "GF_PATHS_CONFIG='$GF_PATHS_CONFIG' is not readable."
+    PERMISSIONS_OK=1
+fi
+
+if [ ! -w "$GF_PATHS_DATA" ]; then
+    echo "GF_PATHS_DATA='$GF_PATHS_DATA' is not writable."
+    PERMISSIONS_OK=1
+fi
+
+if [ ! -r "$GF_PATHS_HOME" ]; then
+    echo "GF_PATHS_HOME='$GF_PATHS_HOME' is not readable."
+    PERMISSIONS_OK=1
+fi
+
+if [ $PERMISSIONS_OK -eq 1 ]; then
+    echo "You may have issues with file permissions, more information here: http://docs.grafana.org/installation/docker/#migration-from-a-previous-version-of-the-docker-container-to-5-1-or-later"
+fi
+
+if [ ! -d "$GF_PATHS_PLUGINS" ]; then
+    mkdir "$GF_PATHS_PLUGINS"
+fi
+
+if [ ! -z ${GF_AWS_PROFILES+x} ]; then
+    > "$GF_PATHS_HOME/.aws/credentials"
+
+    for profile in ${GF_AWS_PROFILES}; do
+        access_key_varname="GF_AWS_${profile}_ACCESS_KEY_ID"
+        secret_key_varname="GF_AWS_${profile}_SECRET_ACCESS_KEY"
+        region_varname="GF_AWS_${profile}_REGION"
+
+        if [ ! -z "${!access_key_varname}" -a ! -z "${!secret_key_varname}" ]; then
+            echo "[${profile}]" >> "$GF_PATHS_HOME/.aws/credentials"
+            echo "aws_access_key_id = ${!access_key_varname}" >> "$GF_PATHS_HOME/.aws/credentials"
+            echo "aws_secret_access_key = ${!secret_key_varname}" >> "$GF_PATHS_HOME/.aws/credentials"
+            if [ ! -z "${!region_varname}" ]; then
+                echo "region = ${!region_varname}" >> "$GF_PATHS_HOME/.aws/credentials"
+            fi
+        fi
+    done
+
+    chmod 600 "$GF_PATHS_HOME/.aws/credentials"
+fi
+
+export HOME="$GF_PATHS_HOME"
+
+exec grafana server                                         \
+  --homepath="$GF_PATHS_HOME"                               \
+  --config="$GF_PATHS_CONFIG"                               \
+  "$@"                                                      \
+  cfg:default.log.mode="console"                            \
+  cfg:default.paths.data="$GF_PATHS_DATA"                   \
+  cfg:default.paths.logs="$GF_PATHS_LOGS"                   \
+  cfg:default.paths.plugins="$GF_PATHS_PLUGINS"             \
+  cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING"