Update SLES15 and OpenSUSE Dockerfiles

jamesongithub · jamesongithub · commit 1be514703793 · 2022-05-16T17:30:55.000-07:00
diff --git a/linux/preview/SLES/README.md b/linux/preview/SLES/README.md
@@ -1,6 +1,6 @@
 # How to build a SQL Server on SLES container image
 
-1. Ensure that host machine is running the same version of the SLES that you will build SQL Server 2019 container image, in this case we are using a host which is running SLES 12 SP 5 and building the SQL Server also on top of SLES 12 SP 5.
+1. Ensure that host machine is running the same version of the SLES that you will build SQL Server 2019 container image, in this case we are using a host which is running SLES15 SP33 and building the SQL Server also on top of SLES15 SP3.
 
 2. Please ensure the host machine is registered using the SUSEConnect command as documented here: https://www.suse.com/support/kb/doc/?id=000018564
 
@@ -9,16 +9,31 @@
     SUSEConnect -s
     ```
 
+4. Depending on how your host machine is registered, setup your machine for SUSE [container-suseconnect](https://github.com/SUSE/container-suseconnect) correctly so the credentials can be made available to the container. Instructions differ for [RMT/SMT](https://github.com/SUSE/container-suseconnect#building-images-on-sle-systems-registered-with-rmt-or-smt), [on-demand/PAYG in the cloud](https://github.com/SUSE/container-suseconnect#building-images-on-demand-sle-instances-in-the-public-cloud), and [non SLES distros](https://github.com/SUSE/container-suseconnect#building-images-on-non-sle-distributions).
+
 **Steps to building SQL Server on SLES container image**
 
 1.	Create the dockerfile as shown in the dockerfile command and save it into your working directory
 
 2.	[optional] Customize the mssql.conf file. Example mssql.conf entries can be found here: https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-configure-mssql-conf?view=sql-server-2017#mssql-conf-format 
 
-3.	Build the docker image. 
+3.	Build the docker image.
+
+    when host is registered against RMT/SMT
     ```
     docker build . -t mssql-sles-tools-nonroot
     ```
+    when host is on-demand or payg in the public cloud
+    ```
+    docker build --network host -t mssql-sles-tools-nonroot .
+    ```
+    when using non SLES distros (Note: building on non SLES distros will require [additonal changes](https://github.com/SUSE/container-suseconnect#building-images-on-non-sle-distributions) to the Dockerfile)
+    ```
+    docker build -t mssql-sles-tools-nonroot \
+        --secret id=SUSEConnect,src=SUSEConnect \
+        --secret id=SCCcredentials,src=SCCcredentials .
+    ```
+
 4. Confirm the image is successfully created using the command
     ```
     docker images
diff --git a/linux/preview/SLES/dockerfile b/linux/preview/SLES/dockerfile
@@ -1,6 +1,9 @@
-## 
+#
+# Note: This image requires an active SLES15 subscription to build.
+# 
 # Thank you to our SUSE Partners for helping with this :)
-##Assumptions
+#
+# Assumptions
 # 1. use a matching version to the underlying build host
 # 2. ensure it is registered to have access to needed repos
 #	then leveraging container-suseconnect-zypp
@@ -12,50 +15,49 @@
 #	All repositories have been refreshed.
 # 3. minimize the layers by consolidating commands
 
-##
-# Base image
-##
-# Start with the appropriate base image
-FROM registry.suse.com/suse/sles12sp5
+FROM registry.suse.com/suse/sle15:15.3
 
-# add a needed (beyon minimal) dependency package this package is need so setcap can be used later on to provide the required privilages
-RUN zypper in --no-confirm libcap-progs
+ENV ADDITIONAL_MODULES=sle-module-legacy
 
-##
-# Install the latest SQL 2019 build on SLES
-##
-# Add product repos / packages
-#	zypper refresh && \
+RUN zypper install --no-confirm --no-recommends \
+    # install setcap to be used later
+    # remove openldap2 version lock when https://bugzilla.suse.com/show_bug.cgi?id=1199594 is fixed
+    # curl is needed for rpm import
+    libcap-progs openldap2-2.4.46-150200.14.5.1 curl && \
+    rpm --import https://packages.microsoft.com/keys/microsoft.asc && \
+    zypper rm --no-confirm --clean-deps curl
 
-RUN zypper addrepo --no-gpgcheck --refresh --check https://packages.microsoft.com/config/sles/12/mssql-server-2019.repo && \
-	zypper --non-interactive install --no-confirm --auto-agree-with-licenses --auto-agree-with-product-licenses mssql-server
+# consider merging the two RUNs to save ~ 40mb at the cost of caching adding the signing key
 
-RUN zypper addrepo --no-gpgcheck --refresh --check https://packages.microsoft.com/config/sles/12/prod.repo && \
-        ACCEPT_EULA=Y zypper --non-interactive install  mssql-tools
+# add mssql-server repo
+RUN zypper addrepo --no-check https://packages.microsoft.com/config/sles/15/mssql-server-2019.repo && \
+    zypper refresh packages-microsoft-com-mssql-server-2019 && \
+    # install mssql-server
+    zypper install --no-confirm --auto-agree-with-licenses --no-recommends mssql-server && \
+    # add mssql-tools repo
+    zypper addrepo --check https://packages.microsoft.com/config/sles/15/prod.repo && \
+    zypper refresh packages-microsoft-com-prod && \
+    # install mssql-tools (consider removing to reduce size) Microsoft already maintains a separate mssql-tools image
+    ACCEPT_EULA=Y zypper install --no-confirm --no-recommends mssql-tools && \
+    zypper clean --all && \
+    # post installation of SQL Server the mssql user/group is created
+    # so set the right permissions to the msssql folder
+    mkdir -p -m 770 /var/opt/mssql && \
+    chown -R mssql /var/opt/mssql && \
+    # grant sql the permissions to connect to ports <1024 as a non-root user
+    setcap 'cap_net_bind_service+ep' /opt/mssql/bin/sqlservr && \
+    # allow dumps from the non-root process
+    setcap 'cap_sys_ptrace+ep' /opt/mssql/bin/paldumper && \        
+    setcap 'cap_sys_ptrace+ep' /usr/bin/gdb && \
+    # ldconfig file because setcap causes the os to remove LD_LIBRARY_PATH
+    # and other env variables that control dynamic linking
+    mkdir -p /etc/ld.so.conf.d && \
+    touch /etc/ld.so.conf.d/mssql.conf && \
+    echo -e "# mssql libs\n/opt/mssql/lib" >> /etc/ld.so.conf.d/mssql.conf && \
+    ldconfig
 
-# post the installation of SQL Server the mssql user/group is created
-# so set the right permissions to the msssql folder
-#
-RUN mkdir -p -m 770 /var/opt/mssql && chown -R mssql. /var/opt/mssql
- 
-# Grant sql the permissions to connect to ports <1024 as a non-root user
-#
-RUN setcap 'cap_net_bind_service+ep' /opt/mssql/bin/sqlservr
- 
-# Allow dumps from the non-root process
-#
-RUN setcap 'cap_sys_ptrace+ep' /opt/mssql/bin/paldumper
-RUN setcap 'cap_sys_ptrace+ep' /usr/bin/gdb
- 
-#ldconfig file because setcap causes the os to remove LD_LIBRARY_PATH
-# and other env variables that control dynamic linking
-#
-RUN mkdir -p /etc/ld.so.conf.d && touch /etc/ld.so.conf.d/mssql.conf
-RUN echo -e "# mssql libs\n/opt/mssql/lib" >> /etc/ld.so.conf.d/mssql.conf
-RUN ldconfig
- 
 EXPOSE 1433
- 
+
 USER mssql
- 
+
 CMD ["/opt/mssql/bin/sqlservr"]
diff --git a/linux/preview/openSUSE/dockerfile b/linux/preview/openSUSE/dockerfile
@@ -1,15 +1,38 @@
-FROM opensuse:42.3
+FROM opensuse/leap:15.4
 
-RUN zypper addrepo -fc https://packages.microsoft.com/config/sles/12/mssql-server-preview.repo
+RUN zypper install --no-confirm --no-recommends \
+    # install setcap to be used later
+    # curl is needed for rpm import
+    libcap-progs curl && \
+    rpm --import https://packages.microsoft.com/keys/microsoft.asc && \
+    zypper rm --no-confirm --clean-deps curl
 
-RUN zypper --gpg-auto-import-keys refresh 
+# consider merging the two RUNs to save ~ 100mb at the cost of caching adding the signing key
 
-RUN zypper install -y mssql-server
-
-RUN cp /var/opt/mssql/mssql.conf /
+# add mssql-server repo
+RUN zypper addrepo --no-check https://packages.microsoft.com/config/sles/15/mssql-server-2019.repo && \
+    zypper refresh packages-microsoft-com-mssql-server-2019 && \
+    # install mssql-server
+    zypper install --no-confirm --auto-agree-with-licenses --no-recommends mssql-server && \
+    zypper clean --all && \
+    # post installation of SQL Server the mssql user/group is created
+    # so set the right permissions to the msssql folder
+    mkdir -p -m 770 /var/opt/mssql && \
+    chown -R mssql /var/opt/mssql && \
+    # grant sql the permissions to connect to ports <1024 as a non-root user
+    setcap 'cap_net_bind_service+ep' /opt/mssql/bin/sqlservr && \
+    # allow dumps from the non-root process
+    setcap 'cap_sys_ptrace+ep' /opt/mssql/bin/paldumper && \        
+    setcap 'cap_sys_ptrace+ep' /usr/bin/gdb && \
+    # ldconfig file because setcap causes the os to remove LD_LIBRARY_PATH
+    # and other env variables that control dynamic linking
+    mkdir -p /etc/ld.so.conf.d && \
+    touch /etc/ld.so.conf.d/mssql.conf && \
+    echo -e "# mssql libs\n/opt/mssql/lib" >> /etc/ld.so.conf.d/mssql.conf && \
+    ldconfig
 
 EXPOSE 1433
 
-ADD ./mssql.conf /var/opt/mssql/
+USER mssql
 
-CMD /opt/mssql/bin/sqlservr
+CMD ["/opt/mssql/bin/sqlservr"]
