CLOUDP-333181: Combined dockerfiles (#289)

# Summary

Since we will stop re-building images daily, we won't have `-context`
images anymore. We then don't need Dockerfiles templating.
This PR creates self-sufficient Dockerfiles that build our images
without templating. They only need variables passed with ARG.
For images which already had a plain Dockerfile, it was renamed
`Dockerfile.old`, and inventories modified accordingly.

For now, we keep templates and Sonar, until the Atomic Release epic is
completed and we fully get rid of all of it.

## Proof of Work

The proof of work will come when actually using them in a build
pipeline. In a future PR.
This one is a noop, Dockerfiles are created but not used yet.

## Methodology

The Dockerfiles were automatically generated, using Sonar templating, by
adding special `final_dockerfile` tag to stages necessary to generate
one. Using code like:

```
def test_build_init_database_dockerfile():  
    process_image(  
        image_name="init-database",  
        skip_tags=["release"],  
        include_tags=["final_dockerfile"],  
        build_args={  
            "registry": "localhost:5000",  
            "version": "1.1.0",  
            "is_appdb": False,  
            "mongodb_tools_url_ubi": "https://downloads.mongodb.org/tools/db/mongodb-database-tools-rhel93-x86_64-100.12.0.tgz",  
        },  
        build_options={},  
        inventory="inventories/init_database.yaml",  
    )  
```

---------

Co-authored-by: Maciej Karaś <[email protected]>

Author: Julien-Ben

.gitignore

@@ -43,11 +43,6 @@ public/architectures/**/secrets/*
 
 docker/mongodb-kubernetes-appdb/content/readinessprobe
 mongodb-kubernetes
-docker/mongodb-kubernetes-operator/Dockerfile
-docker/mongodb-kubernetes-database/Dockerfile
-docker/mongodb-enterprise-ops-manager/Dockerfile
-docker/mongodb-kubernetes-init-database/Dockerfile
-docker/mongodb-kubernetes-init-ops-manager/Dockerfile
 docker/mongodb-kubernetes-operator/content/mongodb-kubernetes-operator.tar
 docker/mongodb-kubernetes-tests/helm_chart/
 docker/mongodb-kubernetes-tests/public/

docker/mongodb-agent-non-matrix/Dockerfile

@@ -1,5 +1,14 @@
-ARG imagebase
-FROM ${imagebase} as base
+FROM scratch AS base
+
+ARG agent_version
+ARG agent_distro
+ARG tools_version
+ARG tools_distro
+
+ADD https://mciuploads.s3.amazonaws.com/mms-automation/mongodb-mms-build-agent/builds/automation-agent/prod/mongodb-mms-automation-agent-${agent_version}.${agent_distro}.tar.gz /data/mongodb-agent.tar.gz
+ADD https://downloads.mongodb.org/tools/db/mongodb-database-tools-${tools_distro}-${tools_version}.tgz /data/mongodb-tools.tgz
+
+COPY ./docker/mongodb-kubernetes-init-database/content/LICENSE /data/LICENSE
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal
 

docker/mongodb-agent-non-matrix/Dockerfile.old

@@ -0,0 +1,60 @@
+ARG imagebase
+FROM ${imagebase} as base
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal
+
+ARG version
+
+LABEL name="MongoDB Agent" \
+      version="${version}" \
+      summary="MongoDB Agent" \
+      description="MongoDB Agent" \
+      vendor="MongoDB" \
+      release="1" \
+      maintainer="[email protected]"
+
+# Replace libcurl-minimal and curl-minimal with the full versions
+# https://bugzilla.redhat.com/show_bug.cgi?id=1994521
+RUN  microdnf install -y libssh libpsl libbrotli \
+    && microdnf download curl libcurl \
+    && rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" \
+    && microdnf remove -y libcurl-minimal curl-minimal
+
+RUN microdnf install -y --disableplugin=subscription-manager --setopt=install_weak_deps=0 nss_wrapper
+# Copy-pasted from https://www.mongodb.com/docs/manual/tutorial/install-mongodb-enterprise-on-red-hat-tarball/
+RUN microdnf install -y --disableplugin=subscription-manager \
+ cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-plain krb5-libs openldap openssl xz-libs
+# Dependencies for the Agent
+RUN microdnf install -y --disableplugin=subscription-manager  --setopt=install_weak_deps=0 \
+        net-snmp \
+        net-snmp-agent-libs
+RUN microdnf install -y --disableplugin=subscription-manager \
+    hostname tar gzip procps jq \
+    && microdnf upgrade -y  \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -p /agent \
+    && mkdir -p /var/lib/mongodb-mms-automation \
+      && mkdir -p /var/log/mongodb-mms-automation/ \
+      && chmod -R +wr /var/log/mongodb-mms-automation/ \
+      # ensure that the agent user can write the logs in OpenShift
+      && touch /var/log/mongodb-mms-automation/readiness.log \
+      && chmod ugo+rw /var/log/mongodb-mms-automation/readiness.log
+
+
+COPY --from=base /data/mongodb-agent.tar.gz /agent
+COPY --from=base /data/mongodb-tools.tgz /agent
+COPY --from=base /data/LICENSE /licenses/LICENSE
+
+RUN tar xfz /agent/mongodb-agent.tar.gz \
+    && mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent /agent/mongodb-agent \
+    && chmod +x /agent/mongodb-agent \
+    && mkdir -p /var/lib/automation/config \
+    && chmod -R +r /var/lib/automation/config \
+    && rm /agent/mongodb-agent.tar.gz \
+    && rm -r mongodb-mms-automation-agent-*
+
+RUN tar xfz /agent/mongodb-tools.tgz --directory /var/lib/mongodb-mms-automation/ && rm /agent/mongodb-tools.tgz
+
+USER 2000
+CMD ["/agent/mongodb-agent", "-cluster=/var/lib/automation/config/automation-config.json"]

docker/mongodb-agent-non-matrix/README.md

@@ -0,0 +1,17 @@
+### Building locally
+
+For building the MongoDB Agent (non-static) image locally use the example command:
+
+TODO: What to do with label quay.expires-after=48h?
+```bash
+AGENT_VERSION="108.0.7.8810-1"
+TOOLS_VERSION="100.12.0"
+AGENT_DISTRO="rhel9_x86_64"
+TOOLS_DISTRO="rhel93-x86_64"
+docker buildx build --load --progress plain . -f docker/mongodb-agent/Dockerfile -t "mongodb-agent:${AGENT_VERSION}" \
+ --build-arg version="${VERSION}" \
+ --build-arg agent_version="${AGENT_VERSION}" \
+ --build-arg tools_version="${TOOLS_VERSION}" \
+ --build-arg agent_distro="${AGENT_DISTRO}" \
+ --build-arg tools_distro="${TOOLS_DISTRO}"
+```

docker/mongodb-agent/Dockerfile

@@ -1,5 +1,40 @@
-ARG imagebase
-FROM ${imagebase} as base
+# the init database image gets supplied by pipeline.py and corresponds to the operator version we want to release
+# the agent with. This enables us to release the agent for older operator.
+ARG init_database_image
+FROM ${init_database_image} AS init_database
+
+FROM public.ecr.aws/docker/library/golang:1.24 AS dependency_downloader
+
+WORKDIR /go/src/github.com/mongodb/mongodb-kubernetes/
+
+COPY go.mod go.sum ./
+
+RUN go mod download
+
+FROM public.ecr.aws/docker/library/golang:1.24 AS readiness_builder
+
+WORKDIR /go/src/github.com/mongodb/mongodb-kubernetes/
+
+COPY --from=dependency_downloader /go/pkg /go/pkg
+COPY . /go/src/github.com/mongodb/mongodb-kubernetes
+
+RUN CGO_ENABLED=0 GOFLAGS=-buildvcs=false go build -o /readinessprobe ./mongodb-community-operator/cmd/readiness/main.go
+RUN CGO_ENABLED=0 GOFLAGS=-buildvcs=false go build -o /version-upgrade-hook ./mongodb-community-operator/cmd/versionhook/main.go
+
+FROM scratch AS base
+ARG mongodb_tools_url_ubi
+ARG mongodb_agent_url_ubi
+
+COPY --from=readiness_builder /readinessprobe /data/
+COPY --from=readiness_builder /version-upgrade-hook /data/
+
+ADD ${mongodb_tools_url_ubi} /data/mongodb_tools_ubi.tgz
+ADD ${mongodb_agent_url_ubi} /data/mongodb_agent_ubi.tgz
+
+COPY --from=init_database /probes/probe.sh /data/probe.sh
+COPY --from=init_database /scripts/agent-launcher-lib.sh /data/
+COPY --from=init_database /scripts/agent-launcher.sh /data/
+COPY --from=init_database /licenses/LICENSE /data/
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal
 

docker/mongodb-agent/Dockerfile.old

@@ -0,0 +1,64 @@
+ARG imagebase
+FROM ${imagebase} as base
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal
+
+ARG version
+
+LABEL name="MongoDB Agent" \
+      version="${version}" \
+      summary="MongoDB Agent" \
+      description="MongoDB Agent" \
+      vendor="MongoDB" \
+      release="1" \
+      maintainer="[email protected]"
+
+COPY --from=base /data/probe.sh /opt/scripts/probe.sh
+COPY --from=base /data/readinessprobe /opt/scripts/readinessprobe
+COPY --from=base /data/version-upgrade-hook /opt/scripts/version-upgrade-hook
+COPY --from=base /data/agent-launcher-lib.sh /opt/scripts/agent-launcher-lib.sh
+COPY --from=base /data/agent-launcher.sh /opt/scripts/agent-launcher.sh
+COPY --from=base /data/LICENSE /licenses/LICENSE
+
+# Replace libcurl-minimal and curl-minimal with the full versions
+# https://bugzilla.redhat.com/show_bug.cgi?id=1994521
+RUN  microdnf install -y libssh libpsl libbrotli \
+    && microdnf download curl libcurl \
+    && rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" \
+    && microdnf remove -y libcurl-minimal curl-minimal
+
+RUN microdnf install -y --disableplugin=subscription-manager --setopt=install_weak_deps=0 nss_wrapper
+# Copy-pasted from https://www.mongodb.com/docs/manual/tutorial/install-mongodb-enterprise-on-red-hat-tarball/
+RUN microdnf install -y --disableplugin=subscription-manager \
+ cyrus-sasl cyrus-sasl-gssapi cyrus-sasl-plain krb5-libs openldap openssl xz-libs
+# Dependencies for the Agent
+RUN microdnf install -y --disableplugin=subscription-manager  --setopt=install_weak_deps=0 \
+        net-snmp \
+        net-snmp-agent-libs
+RUN microdnf install -y --disableplugin=subscription-manager \
+    hostname tar gzip procps jq \
+    && microdnf upgrade -y  \
+    && rm -rf /var/lib/apt/lists/*
+
+
+COPY --from=base /data/mongodb_tools_ubi.tgz /tools/mongodb_tools.tgz
+COPY --from=base /data/mongodb_agent_ubi.tgz /agent/mongodb_agent.tgz
+
+RUN tar xfz /tools/mongodb_tools.tgz
+RUN mv mongodb-database-tools-*/bin/* /tools
+RUN chmod +x /tools/*
+RUN rm /tools/mongodb_tools.tgz
+RUN rm -rf /mongodb-database-tools-*
+
+RUN tar xfz /agent/mongodb_agent.tgz
+RUN mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent /agent/mongodb-agent
+RUN chmod +x /agent/mongodb-agent
+RUN rm /agent/mongodb_agent.tgz
+RUN rm -rf mongodb-mms-automation-agent-*
+
+RUN mkdir -p /var/lib/automation/config
+RUN chmod -R +r /var/lib/automation/config
+
+USER 2000
+
+HEALTHCHECK --timeout=30s CMD ls /opt/scripts/readinessprobe || exit 1

docker/mongodb-agent/README.md

@@ -1,4 +1,20 @@
 # Mongodb-Agent
 The agent gets released in a matrix style with the init-database image, which gets tagged with the operator version.
-This works by using the multi-stage pattern and build-args. First - retrieve the `init-database:<version>` and retrieve the 
-binaries from there. Then we continue with the other steps to fully build the image.
+This works by using the multi-stage pattern and build-args. First - retrieve the `init-database:<version>` and retrieve the
+binaries from there. Then we continue with the other steps to fully build the image.
+
+### Building locally
+
+For building the MongoDB Agent image locally use the example command:
+
+```bash
+VERSION="108.0.7.8810-1"
+INIT_DATABASE_IMAGE="268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-kubernetes-init-database:1.1.0"
+MONGODB_TOOLS_URL_UBI="https://downloads.mongodb.org/tools/db/mongodb-database-tools-rhel93-x86_64-100.12.0.tgz"
+MONGODB_AGENT_URL_UBI="https://mciuploads.s3.amazonaws.com/mms-automation/mongodb-mms-build-agent/builds/automation-agent/prod/mongodb-mms-automation-agent-108.0.7.8810-1.rhel9_x86_64.tar.gz"
+docker buildx build --load --progress plain . -f docker/mongodb-agent/Dockerfile -t "mongodb-agent:${VERSION}_1.1.0" \
+ --build-arg version="${VERSION}" \
+ --build-arg init_database_image="${INIT_DATABASE_IMAGE}" \
+ --build-arg mongodb_tools_url_ubi="${MONGODB_TOOLS_URL_UBI}" \
+ --build-arg mongodb_agent_url_ubi="${MONGODB_AGENT_URL_UBI}"
+```

docker/mongodb-enterprise-ops-manager/Dockerfile

@@ -0,0 +1,95 @@
+# Build compilable stuff
+
+FROM public.ecr.aws/docker/library/golang:1.24 AS readiness_builder
+COPY . /go/src/github.com/mongodb/mongodb-kubernetes
+WORKDIR /go/src/github.com/mongodb/mongodb-kubernetes
+
+RUN CGO_ENABLED=0 go build -a -buildvcs=false -o /data/scripts/mmsconfiguration ./docker/mongodb-kubernetes-init-ops-manager/mmsconfiguration/edit_mms_configuration.go
+RUN CGO_ENABLED=0 go build -a -buildvcs=false -o /data/scripts/backup-daemon-readiness-probe ./docker/mongodb-kubernetes-init-ops-manager/backupdaemon_readinessprobe/backupdaemon_readiness.go
+
+# Move binaries and scripts
+FROM scratch AS base
+
+COPY --from=readiness_builder /data/scripts/mmsconfiguration /data/scripts/mmsconfiguration
+COPY --from=readiness_builder /data/scripts/backup-daemon-readiness-probe /data/scripts/backup-daemon-readiness-probe
+
+# After v2.0, when non-Static Agent images will be removed, please ensure to copy those files
+# into ./docker/mongodb-enterprise-ops-manager directory. Leaving it this way will make the maintenance easier.
+COPY ./docker/mongodb-kubernetes-init-ops-manager/scripts/docker-entry-point.sh /data/scripts
+COPY ./docker/mongodb-kubernetes-init-ops-manager/scripts/backup-daemon-liveness-probe.sh /data/scripts
+COPY ./docker/mongodb-kubernetes-init-ops-manager/LICENSE /data/licenses/mongodb-enterprise-ops-manager
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal
+
+ARG version
+ARG om_download_url
+
+LABEL name="MongoDB Enterprise Ops Manager" \
+  maintainer="[email protected]" \
+  vendor="MongoDB" \
+  version=${version} \
+  release="1" \
+  summary="MongoDB Enterprise Ops Manager Image" \
+  description="MongoDB Enterprise Ops Manager"
+
+ENV MMS_HOME=/mongodb-ops-manager
+ENV MMS_PROP_FILE=${MMS_HOME}/conf/conf-mms.properties
+ENV MMS_CONF_FILE=${MMS_HOME}/conf/mms.conf
+ENV MMS_LOG_DIR=${MMS_HOME}/logs
+ENV MMS_TMP_DIR=${MMS_HOME}/tmp
+
+EXPOSE 8080
+
+# OpsManager docker image needs to have the MongoDB dependencies because the
+# backup daemon is running its database locally
+
+# Replace libcurl-minimal and curl-minimal with the full versions
+# https://bugzilla.redhat.com/show_bug.cgi?id=1994521
+RUN microdnf install -y libssh libpsl libbrotli \
+    && microdnf download curl libcurl \
+    && rpm -Uvh --nodeps --replacefiles "*curl*$( uname -i ).rpm" \
+    && microdnf remove -y libcurl-minimal curl-minimal
+
+RUN microdnf install --disableplugin=subscription-manager -y \
+  cyrus-sasl \
+  cyrus-sasl-gssapi \
+  cyrus-sasl-plain \
+  krb5-libs \
+  libpcap \
+  lm_sensors-libs \
+  net-snmp \
+  net-snmp-agent-libs \
+  openldap \
+  openssl \
+  tar \
+  rpm-libs \
+  net-tools \
+  procps-ng \
+  ncurses
+
+COPY --from=base /data/licenses /licenses/
+COPY --from=base /data/scripts /opt/scripts
+
+RUN curl --fail -L -o ops_manager.tar.gz ${om_download_url} \
+  && tar -xzf ops_manager.tar.gz \
+  && rm ops_manager.tar.gz \
+  && mv mongodb-mms* "${MMS_HOME}"
+
+# permissions
+RUN chmod -R 0777 "${MMS_LOG_DIR}" \
+  && chmod -R 0777 "${MMS_TMP_DIR}" \
+  && chmod -R 0775 "${MMS_HOME}/conf" \
+  && chmod -R 0775 "${MMS_HOME}/jdk" \
+  && mkdir "${MMS_HOME}/mongodb-releases/" \
+  && chmod -R 0775 "${MMS_HOME}/mongodb-releases" \
+  && chmod -R 0777 "${MMS_CONF_FILE}" \
+  && chmod -R 0777 "${MMS_PROP_FILE}"
+
+# The "${MMS_HOME}/conf" will be populated by the docker-entry-point.sh.
+# For now we need to move into the templates directory.
+RUN cp -r "${MMS_HOME}/conf" "${MMS_HOME}/conf-template"
+
+USER 2000
+
+# operator to change the entrypoint to: /mongodb-ops-manager/bin/mongodb-mms start_mms (or a wrapper around this)
+ENTRYPOINT [ "sleep infinity" ]