[info=f55074f276c04f7d4cbd02bf74ab24fe]

OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/rmt-server-image?expand=0&rev=182

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

Dockerfile

@@ -0,0 +1,47 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+
+#!BuildTag: opensuse/rmt-server:%%rmt_version%%
+#!BuildTag: opensuse/rmt-server:%%rmt_version%%-%RELEASE%
+#!BuildTag: opensuse/rmt-server:latest
+
+FROM opensuse/tumbleweed:latest
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=org.opensuse.application.rmt-server
+LABEL org.opencontainers.image.authors="openSUSE (https://www.opensuse.org/)"
+LABEL org.opencontainers.image.title="openSUSE Tumbleweed SUSE RMT server"
+LABEL org.opencontainers.image.description="SUSE RMT server container based on the openSUSE Tumbleweed Base Container Image."
+LABEL org.opencontainers.image.version="%%rmt_version%%"
+LABEL org.opencontainers.image.url="https://www.opensuse.org"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="openSUSE Project"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL org.opensuse.reference="registry.opensuse.org/opensuse/rmt-server:%%rmt_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"
+LABEL org.opensuse.release-stage="released"
+# endlabelprefix
+LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/rmt-server-image/README.md"
+
+RUN set -euo pipefail; zypper -n in --no-recommends rmt-server catatonit; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2}
+ENV RAILS_ENV="production"
+ENV LANG="en"
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+CMD ["/usr/share/rmt/bin/rails", "server", "-e", "production"]
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN set -euo pipefail; chmod +x /usr/local/bin/entrypoint.sh

README.md

@@ -0,0 +1,117 @@
+# The {self.title} container image
+![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green)
+
+# Purpose
+
+This chart deploys a SUSE Repository Mirroring Tool (RMT) server on Kubernetes.
+It is tested on K3s but should work on any Kubernetes distribution.
+
+## Overview
+
+To deploy SUSE RMT on top of Kubernetes, each component of the stack is deployed in a dedicated container using a
+Helm chart.
+### Repository Mirroring Tool (SUSE RMT) server
+
+A containerized version of the SUSE RMT application that can pass its configuration via Helm values. Because persistent storage resides on a persistent volume, you need to adjust the volume size according to the number of repositories you need to mirror.
+
+### MariaDB
+
+The database back-end for SUSE RMT.
+If needed, RMT creates the database and tables at startup, so no specific
+post-installation task is required for it to be usable. Passwords are
+self-generated, unless explicitly specified in the values file.
+
+### NGINX
+
+The web server with appropriate configuration for RMT routes. Having a correctly
+configured web server right from the start allows you to target your ingress traffic
+(for RMT) to directly to the server. You don't have to configure ingress for RMT specific
+paths handling, as NGINX is configured to do that.
+
+## Prerequisites
+
+- a running Kubernetes cluster
+- helm command configured to interact with the cluster
+
+The Helm chart can be obtained using the following command:
+
+`helm pull oci://registry.suse.com/suse/rmt-helm`
+
+## Custom mandatory values
+
+Certain values of the chart do not have any defaults:
+- SCC mirroring credentials (refer to [more information](https://documentation.suse.com/sles/html/SLES-all/cha-rmt-mirroring.html#sec-rmt-mirroring-credentials) for more information)
+- list of products to mirror
+- list of products not to mirror
+- DNS name used to reach the RMT server
+- configured [storage](https://kubernetes.io/docs/concepts/storage/)
+
+Before deploying the chart, you must fill a custom values file.
+
+The following example enables ingress with TLS. The `create-certs.sh` script
+supplied with the Helm chart can be used
+to create self-signed certificates and add them to Kubernetes as a usable TLS
+secret.
+
+```
+cat << EOF > myvalues.yaml
+---
+app:
+  storage:
+    class: my-storage-class
+  scc:
+    username: UXXXXXXX
+    password: PASSXXXX
+    products_enable:
+      - SLES/15.3/x86_64
+      - sle-module-python2/15.3/x86_64
+    products_disable:
+      - sle-module-legacy/15.3/x86_64
+      - sle-module-cap-tools/15.3/x86_64
+ingress:
+  enabled: true
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: "/"
+          pathType: Prefix
+  tls:
+  - secretName: rmt-cert
+    hosts:
+    - chart-example.local
+db:
+  storage:
+    class: my-storage-class
+EOF
+```
+
+The required values in the custom value file are as follows:
+
+- `app.scc.password` SUSE Customer Center proxy password. The password string must be in quotes. If the quote character `"` is part of the string, it has to be escaped with `\`.
+- `app.scc.username` SUSE Customer Center proxy user name. The user name string must be quotes. If the quote character `"` is part of the string, it has to be escaped with `\`.
+- `app.scc.products_enable` List of products to enable for mirroring.
+- `app.scc.products_disable` list of products to exclude from mirroring.
+- `app.storage.class` Kubernetes storageclass.
+- `db.storage.class` Kubernetes storageclass.
+- `ingress.enabled` Enable or disable ingress.
+- `ingress.hosts[0]` DNS name at which the RMT service is be accessible from clients.
+- `ingress.tls[0].hosts[0]` DNS name at which the RMT service is be accessible from clients.
+- `ingress.tls[0].secretName` TLS ingress certificate.
+
+## Deploying
+
+`helm install rmt ./helm -f myvalues.yaml`
+
+## Further info
+
+For more information on using RMT, refer to the [RMT Guide](https://documentation.suse.com/sles/html/SLES-all/book-rmt.html).
+
+## Licensing
+
+`SPDX-License-Identifier: MIT`
+
+This documentation and the build recipe are licensed as MIT.
+The container itself contains various software components under various open source licenses listed in the associated
+Software Bill of Materials (SBOM).
+
+This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/).

_service

@@ -0,0 +1,10 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%rmt_version%%</param>
+    <param name="package">rmt-server</param>
+    <param name="parse-version">minor</param>
+  </service>
+</services>

entrypoint.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+set -e
+
+# PV could be empty, make sure the directories exist
+mkdir -p /var/lib/rmt/public/repo
+mkdir -p /var/lib/rmt/public/suma
+mkdir -p /var/lib/rmt/regsharing
+mkdir -p /var/lib/rmt/tmp
+# Set permissions
+chown -R _rmt:nginx /var/lib/rmt
+
+if [ -z "${MYSQL_HOST}" ]; then
+	echo "MYSQL_HOST not set!"
+	exit 1
+fi
+if [ -z "${MYSQL_PASSWORD}" ]; then
+        echo "MYSQL_PASSWORD not set!"
+        exit 1
+fi
+
+MYSQL_DATABASE="${MYSQL_DATABASE:-rmt}"
+MYSQL_USER="${MYSQL_USER:-rmt}"
+SCC_SYNC="${SCC_SYNC:-true}"
+
+# Create adjusted /etc/rmt.conf
+echo -e "database:\n  host: ${MYSQL_HOST}\n  database: ${MYSQL_DATABASE}\n  username: ${MYSQL_USER}\n  password: ${MYSQL_PASSWORD}" > /etc/rmt.conf
+echo -e "  adapter: mysql2\n  encoding: utf8\n  timeout: 5000\n  pool: 5\n" >> /etc/rmt.conf
+echo -e "scc:\n  username: ${SCC_USERNAME}\n  password:  ${SCC_PASSWORD}\n  sync_systems: true\n scc_sync: ${SCC_SYNC}\n" >> /etc/rmt.conf
+echo -e "log_level:\n  rails: debug" >> /etc/rmt.conf
+
+if [ $# -eq 0 ]; then
+	set -- /usr/share/rmt/bin/rails server -e production
+fi
+
+if [ "$1" == "/usr/share/rmt/bin/rails" -a "$2" == "server" ]; then
+  echo "Create/migrate SUSE RMT database"
+  pushd /usr/share/rmt > /dev/null
+	/usr/share/rmt/bin/rails db:create db:migrate RAILS_ENV=production
+  popd > /dev/null
+  if [ ${SCC_SYNC} == "true" ]; then
+    echo "Syncing product list"
+    rmt-cli sync
+    for PRODUCT in $SCC_PRODUCT_ENABLE
+    do
+      rmt-cli products enable $PRODUCT
+    done
+    for PRODUCT in $SCC_PRODUCT_DISABLE
+    do
+      rmt-cli products disable $PRODUCT
+    done
+    rmt-cli repos clean
+  fi
+  echo "Executing: catatonit -- $@"
+  exec catatonit -- "$@"
+else
+	echo "Executing: $@"
+	exec "$@"
+fi

rmt-server-image.changes

@@ -0,0 +1,119 @@
+-------------------------------------------------------------------
+Thu Aug  8 16:52:23 UTC 2024 - Natnael Getahun <natnael.getahun@suse.com>
+
+- update rmt.conf to store airgap state in a separate config var.
+
+-------------------------------------------------------------------
+Thu Aug  8 16:43:43 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- remove oci reference annotation again
+
+-------------------------------------------------------------------
+Mon Aug  5 11:38:13 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- add OCI reference annotation
+
+-------------------------------------------------------------------
+Sat Aug  3 08:56:51 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- set OCI.authors attribute instead of deprecated MAINTAINER
+
+-------------------------------------------------------------------
+Wed Jul 31 12:06:45 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- set specific lifecycle url for openSUSE BCI
+
+-------------------------------------------------------------------
+Tue Jul 30 06:41:22 UTC 2024 - Natnael Getahun <natnael.getahun@suse.com>
+
+- implement airgapped mode for rmt-server
+
+-------------------------------------------------------------------
+Mon Jul  8 08:57:27 UTC 2024 - Dmitri Popov <dmitri.popov@suse.com>
+
+- README update to include helm chart instructions
+
+-------------------------------------------------------------------
+Tue Jun 18 17:24:16 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- use sentence style capitalization in READMEs
+
+-------------------------------------------------------------------
+Mon Jun 10 15:11:25 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- update README; reduce unnecessary newlines
+
+-------------------------------------------------------------------
+Wed Jun  5 15:13:27 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- Don't add artifacthub labels into labelprefix section
+
+-------------------------------------------------------------------
+Tue Jun  4 12:35:15 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
+
+- Fix grammar mistake in licensing footer
+
+-------------------------------------------------------------------
+Fri May 17 07:41:58 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- README updates from doc team
+
+-------------------------------------------------------------------
+Thu May 16 13:40:35 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- Update README from upstream
+
+-------------------------------------------------------------------
+Tue May  7 19:07:24 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- extend READMEs; correct eula for application images
+
+-------------------------------------------------------------------
+Fri Apr 12 12:03:53 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- Don't wipe everything in /var/log, only remove log files (this omits directories owned by packages)
+
+-------------------------------------------------------------------
+Wed Jan 17 14:29:14 UTC 2024 - Dan Čermák <dcermak@suse.com>
+
+- Add initial README stub
+
+-------------------------------------------------------------------
+Tue Jan  2 08:26:58 UTC 2024 - Dirk Mueller <dmueller@suse.com>
+
+- update year to 2024
+
+-------------------------------------------------------------------
+Thu Sep 28 14:29:10 UTC 2023 - Dirk Mueller <dmueller@suse.com>
+
+- add copyright and description header
+
+-------------------------------------------------------------------
+Fri Jun 23 15:33:33 UTC 2023 - Dirk Mueller <dmueller@suse.com>
+
+- label capitalization and related cleanups
+
+-------------------------------------------------------------------
+Tue May 30 06:52:56 UTC 2023 - Dan Čermák <dcermak@suse.com>
+
+- Add release stage and lifecycle url
+
+-------------------------------------------------------------------
+Fri Mar  3 07:24:36 UTC 2023 - Dan Čermák <dcermak@suse.com>
+
+- Add org.opencontainers.image.source label set to %SOURCEURL%
+
+-------------------------------------------------------------------
+Wed Dec 21 14:05:30 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- BuildTag sorting and consistency fixes
+
+-------------------------------------------------------------------
+Fri Jul 15 11:06:34 UTC 2022 - Dan Čermák <dcermak@suse.com>
+
+- Increase compatibility with openSUSE
+
+-------------------------------------------------------------------
+Tue May  3 09:03:35 UTC 2022 - Dan Čermák <dcermak@suse.com>
+
+- Use set -euo pipefail in every RUN command, use ; instead of && to prevent masking failures