Switch from using Debian packages to using binary releases

The end result should be ~the same (the Debian packages were "Arch: all" anyways), but give us more control over the Java version (since Debian Buster doesn't even have Java 8 anymore and Cassandra doesn't support anything newer until the unreleased 4.0).

Author: tianon

.travis.yml

@@ -3,13 +3,9 @@ services: docker
 
 env:
   - VERSION=3.11
-  - VERSION=3.11 ARCH=i386
   - VERSION=3.0
-  - VERSION=3.0 ARCH=i386
   - VERSION=2.2
-  - VERSION=2.2 ARCH=i386
   - VERSION=2.1
-  - VERSION=2.1 ARCH=i386
 
 install:
   - git clone https://github.com/docker-library/official-images.git ~/official-images

2.1/Dockerfile

@@ -1,48 +1,54 @@
-# vim:set ft=dockerfile:
-FROM debian:buster-slim
+FROM adoptopenjdk:8-jre-hotspot-bionic
 
 # explicitly set user/group IDs
-RUN groupadd -r cassandra --gid=999 && useradd -r -g cassandra --uid=999 cassandra
+RUN set -eux; \
+	groupadd -r cassandra --gid=999; \
+	useradd -r -g cassandra --uid=999 cassandra
 
 RUN set -eux; \
 	apt-get update; \
 	apt-get install -y --no-install-recommends \
-		gnupg dirmngr \
 # solves warning: "jemalloc shared library could not be preloaded to speed up memory allocations"
-		libjemalloc2 \
-# free is used by cassandra-env.sh
+		libjemalloc1 \
+# "free" is used by cassandra-env.sh
 		procps \
+# "cqlsh" needs a python interpreter
+		python \
 # "ip" is not required by Cassandra itself, but is commonly used in scripting Cassandra's configuration (since it is so fixated on explicit IP addresses)
 		iproute2 \
 # Cassandra will automatically use numactl if available
 #   https://github.com/apache/cassandra/blob/18bcda2d4c2eba7370a0b21f33eed37cb730bbb3/bin/cassandra#L90-L100
 #   https://github.com/apache/cassandra/commit/604c0e87dc67fa65f6904ef9a98a029c9f2f865a
 		numactl \
-# Cassandra's APT repository is served over https
-		ca-certificates \
 	; \
 	rm -rf /var/lib/apt/lists/*
 
 # grab gosu for easy step-down from root
-ENV GOSU_VERSION 1.10
+ENV GOSU_VERSION 1.11
 RUN set -eux; \
 	savedAptMark="$(apt-mark showmanual)"; \
 	apt-get update; \
-	apt-get install -y --no-install-recommends ca-certificates wget; \
+	apt-get install -y --no-install-recommends ca-certificates dirmngr gnupg wget; \
 	rm -rf /var/lib/apt/lists/*; \
-	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)"; \
-	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc"; \
+	dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+	wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+	wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
 	export GNUPGHOME="$(mktemp -d)"; \
 	gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
 	gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
 	gpgconf --kill all; \
 	rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
-	chmod +x /usr/local/bin/gosu; \
 	apt-mark auto '.*' > /dev/null; \
-	apt-mark manual $savedAptMark > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
 	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	chmod +x /usr/local/bin/gosu; \
+	gosu --version; \
 	gosu nobody true
 
+ENV CASSANDRA_HOME /opt/cassandra
+ENV CASSANDRA_CONF /etc/cassandra
+ENV PATH $CASSANDRA_HOME/bin:$PATH
+
 # https://cwiki.apache.org/confluence/display/CASSANDRA2/DebianPackaging#DebianPackaging-AddingRepositoryKeys
 ENV GPG_KEYS \
 # gpg: key 0353B12C: public key "T Jake Luciani <jake@apache.org>" imported
@@ -51,118 +57,93 @@ ENV GPG_KEYS \
 	A26E528B271F19B9E5D8E19EA278B781FE4B2BDA \
 # gpg: key E91335D77E3E87CB: public key "Michael Semb Wever <mick@thelastpickle.com>" imported
 	A4C465FEA0C552561A392A61E91335D77E3E87CB
-RUN set -eux; \
-	export GNUPGHOME="$(mktemp -d)"; \
-	for key in $GPG_KEYS; do \
-		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
-	done; \
-	gpg --batch --export $GPG_KEYS > /etc/apt/trusted.gpg.d/cassandra.gpg; \
-	command -v gpgconf && gpgconf --kill all || :; \
-	rm -rf "$GNUPGHOME"; \
-	apt-key list
 
 ENV CASSANDRA_VERSION 2.1.21
+ENV CASSANDRA_SHA512 ea2c35f3f9ce2be8eb96df603927c6867613f3e2215132145da2c3015dd1ddf1370d7196ef4485002e7a54fe22c32abd9c659102057f9297b69113bf83d96d0b
 
 RUN set -eux; \
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends ca-certificates dirmngr gnupg wget; \
+	rm -rf /var/lib/apt/lists/*; \
 	\
-# https://bugs.debian.org/877677
-# update-alternatives: error: error creating symbolic link '/usr/share/man/man1/rmid.1.gz.dpkg-tmp': No such file or directory
-	mkdir -p /usr/share/man/man1/; \
+	ddist() { \
+		local f="$1"; shift; \
+		local distFile="$1"; shift; \
+		local success=; \
+		local distUrl=; \
+		for distUrl in \
+# https://issues.apache.org/jira/browse/INFRA-8753?focusedCommentId=14735394#comment-14735394
+			'https://www.apache.org/dyn/closer.cgi?action=download&filename=' \
+# if the version is outdated (or we're grabbing the .asc file), we might have to pull from the dist/archive :/
+			https://www-us.apache.org/dist/ \
+			https://www.apache.org/dist/ \
+			https://archive.apache.org/dist/ \
+		; do \
+			if wget --progress=dot:giga -O "$f" "$distUrl$distFile" && [ -s "$f" ]; then \
+				success=1; \
+				break; \
+			fi; \
+		done; \
+		[ -n "$success" ]; \
+	}; \
 	\
-	dpkgArch="$(dpkg --print-architecture)"; \
-	case "$dpkgArch" in \
-		amd64|i386) \
-# arches officialy included in upstream's repo metadata
-			echo 'deb https://downloads.apache.org/cassandra/debian 21x main' > /etc/apt/sources.list.d/cassandra.list; \
-			apt-get update; \
-			;; \
-		*) \
-# we're on an architecture upstream doesn't include in their repo Architectures
-# but their provided packages are "Architecture: all" so we can download them directly instead
-			\
-# save a list of installed packages so build deps can be removed cleanly
-			savedAptMark="$(apt-mark showmanual)"; \
-			\
-# fetch a few build dependencies
-			apt-get update; \
-			apt-get install -y --no-install-recommends \
-				wget ca-certificates \
-				dpkg-dev \
-			; \
-# we don't remove APT lists here because they get re-downloaded and removed later
-			\
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-# (which is done after we install the built packages so we don't have to redownload any overlapping dependencies)
-			apt-mark showmanual | xargs apt-mark auto > /dev/null; \
-			apt-mark manual $savedAptMark; \
-			\
-# download the two "arch: all" packages we need
-			tempDir="$(mktemp -d)"; \
-			for pkg in cassandra cassandra-tools; do \
-				deb="${pkg}_${CASSANDRA_VERSION}_all.deb"; \
-				wget -O "$tempDir/$deb" "https://downloads.apache.org/cassandra/debian/pool/main/c/cassandra/$deb"; \
-			done; \
-			\
-# create a temporary local APT repo to install from (so that dependency resolution can be handled by APT, as it should be)
-			ls -lAFh "$tempDir"; \
-			( cd "$tempDir" && dpkg-scanpackages . > Packages ); \
-			grep '^Package: ' "$tempDir/Packages"; \
-			echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; \
-# work around the following APT issue by using "Acquire::GzipIndexes=false" (overriding "/etc/apt/apt.conf.d/docker-gzip-indexes")
-#   Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
-#   ...
-#   E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages  Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
-			apt-get -o Acquire::GzipIndexes=false update; \
-			;; \
-	esac; \
+	ddist 'cassandra-bin.tgz' "cassandra/$CASSANDRA_VERSION/apache-cassandra-$CASSANDRA_VERSION-bin.tar.gz"; \
+	echo "$CASSANDRA_SHA512 *cassandra-bin.tgz" | sha512sum --check --strict -; \
 	\
-	apt-get install -y \
-		cassandra="$CASSANDRA_VERSION" \
-		cassandra-tools="$CASSANDRA_VERSION" \
-	; \
+	ddist 'cassandra-bin.tgz.asc' "cassandra/$CASSANDRA_VERSION/apache-cassandra-$CASSANDRA_VERSION-bin.tar.gz.asc"; \
+	export GNUPGHOME="$(mktemp -d)"; \
+	for key in $GPG_KEYS; do \
+		gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+	done; \
+	gpg --batch --verify cassandra-bin.tgz.asc cassandra-bin.tgz; \
+	rm -rf "$GNUPGHOME"; \
 	\
-	rm -rf /var/lib/apt/lists/*; \
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
 	\
-	if [ -n "${tempDir:-}" ]; then \
-# if we have leftovers from building, let's purge them (including extra, unnecessary build deps)
-		apt-get purge -y --auto-remove; \
-		rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; \
-	fi
-
-ENV CASSANDRA_CONFIG /etc/cassandra
-
-RUN set -eux; \
+	mkdir -p "$CASSANDRA_HOME"; \
+	tar --extract --file cassandra-bin.tgz --directory "$CASSANDRA_HOME" --strip-components 1; \
+	rm cassandra-bin.tgz*; \
+	\
+	[ ! -e "$CASSANDRA_CONF" ]; \
+	mv "$CASSANDRA_HOME/conf" "$CASSANDRA_CONF"; \
+	ln -sT "$CASSANDRA_CONF" "$CASSANDRA_HOME/conf"; \
 	\
 	dpkgArch="$(dpkg --print-architecture)"; \
 	case "$dpkgArch" in \
 		ppc64el) \
 # https://issues.apache.org/jira/browse/CASSANDRA-13345
 # "The stack size specified is too small, Specify at least 328k"
-			if grep -q -- '^-Xss' "$CASSANDRA_CONFIG/jvm.options"; then \
+			if grep -q -- '^-Xss' "$CASSANDRA_CONF/jvm.options"; then \
 # 3.11+ (jvm.options)
-				grep -- '^-Xss256k$' "$CASSANDRA_CONFIG/jvm.options"; \
-				sed -ri 's/^-Xss256k$/-Xss512k/' "$CASSANDRA_CONFIG/jvm.options"; \
-				grep -- '^-Xss512k$' "$CASSANDRA_CONFIG/jvm.options"; \
-			elif grep -q -- '-Xss256k' "$CASSANDRA_CONFIG/cassandra-env.sh"; then \
+				grep -- '^-Xss256k$' "$CASSANDRA_CONF/jvm.options"; \
+				sed -ri 's/^-Xss256k$/-Xss512k/' "$CASSANDRA_CONF/jvm.options"; \
+				grep -- '^-Xss512k$' "$CASSANDRA_CONF/jvm.options"; \
+			elif grep -q -- '-Xss256k' "$CASSANDRA_CONF/cassandra-env.sh"; then \
 # 3.0 (cassandra-env.sh)
-				sed -ri 's/-Xss256k/-Xss512k/g' "$CASSANDRA_CONFIG/cassandra-env.sh"; \
-				grep -- '-Xss512k' "$CASSANDRA_CONFIG/cassandra-env.sh"; \
+				sed -ri 's/-Xss256k/-Xss512k/g' "$CASSANDRA_CONF/cassandra-env.sh"; \
+				grep -- '-Xss512k' "$CASSANDRA_CONF/cassandra-env.sh"; \
 			fi; \
 			;; \
 	esac; \
 	\
-# https://issues.apache.org/jira/browse/CASSANDRA-11661
-	sed -ri 's/^(JVM_PATCH_VERSION)=.*/\1=25/' "$CASSANDRA_CONFIG/cassandra-env.sh"
+	mkdir -p "$CASSANDRA_CONF" /var/lib/cassandra /var/log/cassandra; \
+	chown -R cassandra:cassandra "$CASSANDRA_CONF" /var/lib/cassandra /var/log/cassandra; \
+	chmod 777 "$CASSANDRA_CONF" /var/lib/cassandra /var/log/cassandra; \
+	ln -sT /var/lib/cassandra "$CASSANDRA_HOME/data"; \
+	ln -sT /var/log/cassandra "$CASSANDRA_HOME/logs"; \
+	\
+# smoke test
+	cassandra -v
+
+VOLUME /var/lib/cassandra
 
 COPY docker-entrypoint.sh /usr/local/bin/
 RUN ln -s usr/local/bin/docker-entrypoint.sh /docker-entrypoint.sh # backwards compat
 ENTRYPOINT ["docker-entrypoint.sh"]
 
-RUN mkdir -p /var/lib/cassandra "$CASSANDRA_CONFIG" \
-	&& chown -R cassandra:cassandra /var/lib/cassandra "$CASSANDRA_CONFIG" \
-	&& chmod 777 /var/lib/cassandra "$CASSANDRA_CONFIG"
-VOLUME /var/lib/cassandra
-
 # 7000: intra-node communication
 # 7001: TLS intra-node communication
 # 7199: JMX

2.1/docker-entrypoint.sh

@@ -9,7 +9,7 @@ fi
 
 # allow the container to be started with `--user`
 if [ "$1" = 'cassandra' -a "$(id -u)" = '0' ]; then
-	find /var/lib/cassandra /var/log/cassandra "$CASSANDRA_CONFIG" \
+	find "$CASSANDRA_CONF" /var/lib/cassandra /var/log/cassandra \
 		\! -user cassandra -exec chown cassandra '{}' +
 	exec gosu cassandra "$BASH_SOURCE" "$@"
 fi
@@ -56,7 +56,7 @@ if [ "$1" = 'cassandra' ]; then
 	fi
 	: ${CASSANDRA_SEEDS:="$CASSANDRA_BROADCAST_ADDRESS"}
 
-	_sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+	_sed-in-place "$CASSANDRA_CONF/cassandra.yaml" \
 		-r 's/(- seeds:).*/\1 "'"$CASSANDRA_SEEDS"'"/'
 
 	for yaml in \
@@ -72,7 +72,7 @@ if [ "$1" = 'cassandra' ]; then
 		var="CASSANDRA_${yaml^^}"
 		val="${!var}"
 		if [ "$val" ]; then
-			_sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
+			_sed-in-place "$CASSANDRA_CONF/cassandra.yaml" \
 				-r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
 		fi
 	done
@@ -81,7 +81,7 @@ if [ "$1" = 'cassandra' ]; then
 		var="CASSANDRA_${rackdc^^}"
 		val="${!var}"
 		if [ "$val" ]; then
-			_sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
+			_sed-in-place "$CASSANDRA_CONF/cassandra-rackdc.properties" \
 				-r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
 		fi
 	done