chore(Dockerfiles): Refactor images to use ubuntu-slim #96
Conversation
|
By analyzing the blame information on this pull request, we identified @jchauncey and @sstarcher to be potential reviewers |
|
influxdb version is not pinned at a specific version |
| && . /etc/lsb-release \ | ||
| && echo "deb https://repos.influxdata.com/${DISTRIB_ID,,} ${DISTRIB_CODENAME} stable" | tee /etc/apt/sources.list.d/influxdb.list \ | ||
| && apt-get update \ | ||
| && apt-get install -y influxdb \ |
There was a problem hiding this comment.
yeah im not sure i want to install influx like this. basically anytime this image builds we could get a newer version which isnt what we want here.
There was a problem hiding this comment.
Seems like the command 2 lines above pins it to a version, and then the above apt-get update adds the new repo metadata from the new source
There was a problem hiding this comment.
where is DISTRIB_ID and DISTRIB_CODENAME set?
There was a problem hiding this comment.
@arschles, @sstarcher and @jchauncey are correct. There isn't really anything pinning it to a specific version of influxdb here. What happens, as you've observed is that the official influxdb package repo gets added to apt-get's sources. We'll end up with whatever is in there.
For example:
root@e7909b499db6:/# apt-cache policy influxdb
influxdb:
Installed: (none)
Candidate: 0.13.0-1
Version table:
0.13.0-1 500
500 https://repos.influxdata.com/ubuntu xenial/stable amd64 Packages
0.10.0+dfsg1-1 500
500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
While this may seem bad, it's no different from how the majority of all our packages are installed-- we get whatever is in the official repo(s).
How badly do we want to fix this?
There was a problem hiding this comment.
bad we cant ship this with that level of uncertainty. Since we arem oving to a deb based system we can just download the deb directly from them - https://influxdata.com/downloads/#influxdb
Telegraf has the same thing. https://influxdata.com/downloads/#telegraf
There was a problem hiding this comment.
I'm fine with the latest, but I was just making sure it was the expected behavior. I tend to update my running influxdb prior to deis/monitor getting updated.
There was a problem hiding this comment.
we can do the latest which is fine but i dont want to have this thing potentially install a different version of influx just because we rebuild the image
There was a problem hiding this comment.
you can install specific debian versions sudo apt-get install influxdb=0.13.0-1
|
After some offline discussion, I'm rescinding these LGTMs and will ask for a re-review shortly. |
|
I stead of adding sources to apt-get, I am now downloading version-specific debs, installing from those, then deleting them when done. This can be re-reviewed now. |
|
i didnt manually test this but looks good now |
|
Does this fix #90? |
|
#90 looks vague. Either it refers to the high severity issues with the official Grafana image we were previously deriving ours from and/or it refers to the fact that our Alpine-based images for telegraf and influxdb weren't being scanned at all. In either of those cases, I feel this addressed #90. I've update the OP as such. |
|
Yeah for now
|
Fixes #90