Add gitignore. Store key in file and mount in Dockerfile

bf7f902b · Eric Schoville · 1acdd8f5 · bf7f902b · bf7f902b · bf7f902b
Commit bf7f902b authored 5 years ago by Eric Schoville
--- a/.gitignore
+++ b/.gitignore
+agent_token.txt
--- a/Dockerfile
+++ b/Dockerfile
+# syntax = docker/dockerfile:1.0-experimental
 FROM ubuntu:18.04
-# Read the README.md for more details on the image configuration.
-# You can use different baseline image or linux distribution
-# but you will likely need to change supporting tools installation and  environment settings

-MAINTAINER Jaroslav Brazda <jaroslav.brazda@gmail.com>
+# From https://github.com/jbrazda/ic-sagent-docker

-# Defines where to download agent from (this might be different for your org)
-# This URL will have following pattern for latest IICS Orgs
-# ARG AGENT_URL=https://<pod>.<region>.informaticacloud.com/saas/download/linux64/installer/agent64_install_ng_ext.bin
-# Default is location for na1.dm-us.informaticacloud.com/
+MAINTAINER Eric Schoville <>
+
+# These are build time arguments that must be set in order to build this image.
+# We need the Informatica user name and IICS token in order to build this image.
+# POD and REGION can be inferred from the web URL of your Informatica Cloud site.
+# The values for POD and REGION probably need changing for you.

-ARG WORK_DIR=/home/agent/infaagent/apps/agentcore
 ARG USER
-ARG TOKEN
 ARG POD=usw3
 ARG REGION=dm-us
+
+# You should be able to download the Secure Agent binary from the following URL without authentication:
+
 ARG AGENT_URL="https://${POD}.${REGION}.informaticacloud.com/saas/download/linux64/installer/agent64_install_ng_ext.bin"
+ARG WORK_DIR=/home/agent/infaagent/apps/agentcore

+# Use shell parameter expansion to require arguments for build
+# https://stackoverflow.com/questions/38438933/how-to-make-a-build-arg-mandatory-during-docker-build
+
+# Use buildkit build secrets to pass in the token, so it doesn't get stored in the metadata
+# https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information
+RUN : "${USER:?Build argument needs to be set and non-empty.}" && \
 # install system tools
-RUN apt-get update && apt-get install -y \
+apt-get update && apt-get install -y \
 curl \
 less \
 locales \
 locales-all \
 sudo \
-inotify-tools \
 unzip

 # Set the locale, Locale defaults are necessary for agent to operate correctly
 RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
-    locale-gen
+locale-gen
 ENV LANG en_US.UTF-8
 ENV LANGUAGE en_US:en
 ENV LC_ALL en_US.UTF-8
@@ -44,9 +51,9 @@ USER agent
 # 3. Install using silent install and the default location
 # 4. Cleanup
 RUN curl -o /tmp/agent64_install.bin $AGENT_URL && \
-    chmod +x /tmp/agent64_install.bin && \
-    /tmp/agent64_install.bin -i silent && \
-    rm -rf /tmp/agent64_install.bin
+chmod +x /tmp/agent64_install.bin && \
+/tmp/agent64_install.bin -i silent && \
+rm -rf /tmp/agent64_install.bin

 WORKDIR $WORK_DIR
 ## Define Volumes for Shared Data Staging area
@@ -58,10 +65,21 @@ VOLUME [ "/data" ]
 EXPOSE 7080 7443 5432

 COPY run_agent.sh .
-COPY wait_for_agent.sh .
-RUN ./infaagent startup && \
+
+# Start the agent, sleep for 10 (probably should refactor to use inotify tools or somesuch),
+# and then try to configure the agent with the user and the token that is read from the secrets
+# file.
+
+RUN --mount='type=secret,id=agent_token,required,uid=1000' \
+./infaagent startup && \
+sleep 10 && \
+# echo $USER && \
+# cat /run/secrets/agent_token && \
+# echo "$(cat /run/secrets/agent_token)"
+./consoleAgentManager.sh configureToken $USER "$(cat /run/secrets/agent_token)" && \
+export EXIT="$(grep -c 'Token is invalid' agentcore.log)" && \
+./infaagent shutdown && \
 sleep 10 && \
-./consoleAgentManager.sh configureToken $USER $TOKEN && \
-./infaagent shutdown
+exit $EXIT

 CMD [ "./run_agent.sh" ]
--- a/README.md
+++ b/README.md
@@ -45,9 +45,8 @@ Full containerization of Secure agent is non trivial as it requires custom confi
    `https://<pod>.<region>.informaticacloud.com/saas/download/linux64/installer/agent64_install_ng_ext.bin`

    ```shell
-    docker build --build-arg AGENT_URL=https://na1.dm-us.informaticacloud.com/saas/download/linux64/installer/agent64_install_ng_ext.bin -t ic-secure-agent:1.0 .
+    DOCKER_BUILDKIT=1 docker build --secret id=agent_token,src=agent_token.txt --progress=plain --build-arg AGENT_URL=https://na1.dm-us.informaticacloud.com/saas/download/linux64/installer/agent64_install_ng_ext.bin -t ic-secure-agent:1.0 .
    ```
-
 ## 3. Create and run a Container using your Docker Image

 Execute following command `run -d -h <hostname> --name <agent_name> <image_name:image_tag>`

--- a/images/IC_SA_Token.png
+++ b/images/IC_SA_Token.png