Skip to content

Try ubi8-minimal base image#993

Closed
parametalol wants to merge 3 commits intomasterfrom
michael/use-ubi8-minimal
Closed

Try ubi8-minimal base image#993
parametalol wants to merge 3 commits intomasterfrom
michael/use-ubi8-minimal

Conversation

@parametalol
Copy link
Copy Markdown
Contributor

@parametalol parametalol commented Mar 18, 2022

No description provided.

@ghost
Copy link
Copy Markdown

ghost commented Mar 18, 2022
edited by ghost
Loading

Tag for build #347342 is 3.69.x-138-gb3a54d2942.

💻 For deploying this image using the dev scripts, run the following first:

export MAIN_IMAGE_TAG='3.69.x-138-gb3a54d2942'

📦 You can also generate an installation bundle with:

docker run -i --rm stackrox/main:3.69.x-138-gb3a54d2942 central generate interactive > bundle.zip

🕹️ A roxctl binary artifact can be downloaded from CircleCI.

@parametalol parametalol mentioned this pull request Mar 18, 2022
Closed
5 tasks
msugakov
msugakov reviewed Mar 18, 2022
View reviewed changes
image/rhel/Dockerfile
dnf install -y lz4 bzip2 /tmp/snappy.rpm && \
dnf clean all && \
microdnf upgrade && \
rpm -i /tmp/snappy.rpm && \
Copy link
Copy Markdown
Contributor

@msugakov msugakov Mar 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you missing lz4 and bzip2 now?

Suggested change
rpm -i /tmp/snappy.rpm && \
microdnf install -y lz4 bzip2 && \
rpm -i /tmp/snappy.rpm && \

Copy link
Copy Markdown
Contributor Author

@parametalol parametalol Mar 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I wasn't sure we need them.

@msugakov
Copy link
Copy Markdown
Contributor

msugakov commented Mar 18, 2022

Not sure if it's a flake, but maybe the failing nongroovy test is due to missing dependency package

=== CONT  TestCASetup/https://untrusted-root.badssl.com
    ca_setup_test.go:82: 
        	Error Trace:	ca_setup_test.go:82
        	Error:      	Not equal: 
        	            	expected: 4
        	            	actual  : 1
        	Test:       	TestCASetup/https://untrusted-root.badssl.com
        	Messages:   	received resp: result:CERT_SIGNED_BY_UNKNOWN_AUTHORITY details:"Get \"https://untrusted-root.badssl.com\": x509: certificate signed by unknown authority" . This failure likely means that setting up trusted CAs with Central is broken. Look at the TRUSTED_CA_FILE being exported in the deploy scripts

I think we're quite lucky that it's just one failing test.

Check out our downstream Dockerfile https://code.engineering.redhat.com/gerrit/gitweb?p=rhacs.git;a=blob_plain;f=distgit/containers/rhacs-main/Dockerfile.in;hb=refs/heads/rhacs-1.0-rhel-8

It might be one packages in this command microdnf install -y ca-certificates findutils snappy zstd that would make us happy.

@parametalol
Copy link
Copy Markdown
Contributor Author

parametalol commented Mar 18, 2022

Not sure if it's a flake, but maybe the failing nongroovy test is due to missing dependency package

Not a flake, but apparently 3rd party certificate expiration. We saw that before: chromium/badssl.com#477

@msugakov
Copy link
Copy Markdown
Contributor

msugakov commented Mar 18, 2022

3rd party certificate expiration

I don't think it is that. The cert for https://untrusted-root.badssl.com/ is valid till Sat, 10 Feb 2024 02:30:33 GMT and CA is valid till Wed, 02 Jul 2036 06:31:35 GMT.
The test has failed where it was supposed to pass. The failure message says:

x509: certificate signed by unknown authority [...] This failure likely means that setting up trusted CAs with Central is broken.

Central was supposed to install CA for https://untrusted-root.badssl.com/ and the connection was expected to succeed.
I think that ca-certificates package adds tools allowing to install thirdparty CAs.

@janisz janisz force-pushed the michael/use-ubi8-minimal branch from 3c220d4 to 6c004dc Compare March 23, 2022 15:46
parametalol
parametalol commented Mar 24, 2022
View reviewed changes
@parametalol
Copy link
Copy Markdown
Contributor Author

parametalol commented Mar 31, 2022

Closing in favor of #1054.

@janisz janisz deleted the michael/use-ubi8-minimal branch September 16, 2025 09:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msugakov msugakov msugakov left review comments

Assignees

No one assigned

Labels

area/helm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@parametalol @msugakov