Release 2023.7.1

blackducksoftware · Sep 11, 2023 · 4b006bb · 4b006bb
1 parent 62bbbe7
commit 4b006bb
Show file tree

Hide file tree

Showing 41 changed files with 576 additions and 141 deletions.
diff --git a/README.containers.md b/README.containers.md
@@ -8,9 +8,10 @@ There are a number of containers that make up the application. Here are quick de
 3. [Binary Analysis Worker Container (bdba-worker)](#-binary-analysis-worker-container-bdba-worker)
 4. [CA Container (blackduck-cfssl)](#-ca--container-blackduck-cfssl)
 5. [Documentation Container (blackduck-documentation)](#-documentation-container-blackduck-documentation)
-6. [Job Runner Container (blackduck-jobrunner)](#-job-runner-container-blackduck-jobrunner)
+6. [Integration Container (blackduck-integration)])(#-integration-container-artifactory-integration)
+7. [Job Runner Container (blackduck-jobrunner)](#-job-runner-container-blackduck-jobrunner)
 7. [LogStash Container (blackduck-logstash)](#-logstash--container-blackduck-logstash)
-8. [MATCHENGINE Container (blackduck-matchengine)](#-matchengine-container-blackduck-matchengine)
+8. [Match Engine Container (blackduck-matchengine)](#-matchengine-container-blackduck-matchengine)
 9. [RabbitMQ Container (rabbitmq)](#-rabbitmq-container-rabbitmq)
 10. [Registration Container (blackduck-registration)](#-registration-container-blackduck-registration)
 11. [Scan Container (blackduck-scan)](#-scan-container-blackduck-scan)
@@ -127,7 +128,7 @@ The container will need to expose 8443 to other containers that will links to it
 This container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.
 This container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).
 
-# MATCHENGINE Container (blackduck-matchengine)
+# Match Engine Container (blackduck-matchengine)
 ----
 
 ## Container Description
@@ -217,6 +218,7 @@ This container will need to connect to these other containers/services:
 * registration
 * logstash
 * cfssl
+* rabbitmq
 
 This container will need to expose port 8443 to other containers that will link to it.
 
@@ -228,6 +230,7 @@ Compose or Docker Swarm use. These environment variables can be set to override
 * registration - $HUB_REGISTRATION_HOST
 * logstash - $HUB_LOGSTASH_HOST
 * cfssl - $HUB_CFSSL_HOST
+* rabbitmq - $RABBIT_MQ_HOST
 
 ## Users/Groups
 
@@ -658,3 +661,31 @@ To support any such use case, these environment variables can be set to override
 ## Users/Groups
 
 This container runs as UID 0.
+
+# Integration Container
+----
+
+## Container Description
+
+This container is only deployed in Kubernetes environments. This container is required for the Artifactory Integration feature and is unused otherwise.
+
+## Scalability
+
+There should only be a single instance of this container. It currently cannot be scaled.
+
+## Links/Ports
+
+This container will need to connect to these other containers/services:
+
+* logstash
+* cfssl
+* scan
+* bomengine
+* rabbitmq
+
+This container will need to expose port 8443 to other containers that will link to it.
+
+## Users/Groups
+
+This container runs as UID 100. If the container is started as UID 0 (root) then the user will be switched to UID 100:root before executing its main process.
+This container is also able to be started as a random UID as long as it is also started within the root group (GID/fsGroup 0).
diff --git a/README.md b/README.md
@@ -2,9 +2,9 @@
 
 This repository contains orchestration files and documentation for deploying Black Duck Docker containers.
 
-## Location of Black Duck 2023.7.0 archive:
+## Location of Black Duck 2023.7.1 archive:
 
-https://github.com/blackducksoftware/hub/archive/v2023.7.0.tar.gz
+https://github.com/blackducksoftware/hub/archive/v2023.7.1.tar.gz
 
 NOTE:
 
@@ -28,6 +28,7 @@ https://github.com/blackducksoftware/hub/releases
 * https://hub.docker.com/r/blackducksoftware/blackduck-bomengine/
 * https://hub.docker.com/r/blackducksoftware/blackduck-cfssl/
 * https://hub.docker.com/r/blackducksoftware/blackduck-documentation/
+* https://hub.docker.com/r/blackducksoftware/blackduck-integration
 * https://hub.docker.com/r/blackducksoftware/blackduck-jobrunner/
 * https://hub.docker.com/r/blackducksoftware/blackduck-logstash/
 * https://hub.docker.com/r/blackducksoftware/blackduck-nginx/

diff --git a/docker-swarm/bin/hub_add_replication_user.sh b/docker-swarm/bin/hub_add_replication_user.sh
@@ -3,7 +3,7 @@
 set -e
 
 TIMEOUT=${TIMEOUT:-10}
-HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.27}
+HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.28}
 HUB_DATABASE_IMAGE_NAME=${HUB_DATABASE_IMAGE_NAME:-postgres}
 
 function fail() {

diff --git a/docker-swarm/bin/hub_create_data_dump.sh b/docker-swarm/bin/hub_create_data_dump.sh
@@ -5,8 +5,8 @@
 #  2. The database container has been properly initialized.
 
 HUB_DATABASE_IMAGE_NAME=${HUB_DATABASE_IMAGE_NAME:-postgres}
-HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.27}
-HUB_VERSION=${HUB_VERSION:-2023.7.0}
+HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.28}
+HUB_VERSION=${HUB_VERSION:-2023.7.1}
 OPT_FORCE=
 OPT_LIVE_SYSTEM=
 OPT_MAX_CPU=${MAX_CPU:-1}

diff --git a/docker-swarm/bin/hub_db_migrate.sh b/docker-swarm/bin/hub_db_migrate.sh
@@ -14,7 +14,7 @@
 set -o errexit
 
 HUB_DATABASE_IMAGE_NAME=${HUB_DATABASE_IMAGE_NAME:-postgres}
-HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.27}
+HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.28}
 OPT_MAX_CPU=${MAX_CPU:-1}
 OPT_NO_DATABASE=${NO_DATABASE:-}
 OPT_NO_STORAGE=${NO_STORAGE:-}

diff --git a/docker-swarm/bin/hub_replication_changepassword.sh b/docker-swarm/bin/hub_replication_changepassword.sh
@@ -3,7 +3,7 @@
 set -e
 
 TIMEOUT=${TIMEOUT:-10}
-HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.27}
+HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.28}
 HUB_DATABASE_IMAGE_NAME=${HUB_DATABASE_IMAGE_NAME:-postgres}
 
 function fail() {

diff --git a/docker-swarm/bin/hub_reportdb_changepassword.sh b/docker-swarm/bin/hub_reportdb_changepassword.sh
@@ -3,7 +3,7 @@
 set -e
 
 TIMEOUT=${TIMEOUT:-10}
-HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.27}
+HUB_POSTGRES_VERSION=${HUB_POSTGRES_VERSION:-13-2.28}
 HUB_DATABASE_IMAGE_NAME=${HUB_DATABASE_IMAGE_NAME:-postgres}
 
 function fail() {

diff --git a/docker-swarm/bin/system_check.sh b/docker-swarm/bin/system_check.sh
@@ -41,7 +41,7 @@ set -o noglob
 
 readonly NOW="$(date +"%Y%m%dT%H%M%S%z")"
 readonly NOW_ZULU="$(date -u +"%Y%m%dT%H%M%SZ")"
-readonly HUB_VERSION="${HUB_VERSION:-2023.7.0}"
+readonly HUB_VERSION="${HUB_VERSION:-2023.7.1}"
 readonly OUTPUT_FILE="${SYSTEM_CHECK_OUTPUT_FILE:-system_check_${NOW}.txt}"
 readonly PROPERTIES_FILE="${SYSTEM_CHECK_PROPERTIES_FILE:-${OUTPUT_FILE%.txt}.properties}"
 readonly SUMMARY_FILE="${SYSTEM_CHECK_SUMMARY_FILE:-${OUTPUT_FILE%.txt}_summary.properties}"
@@ -100,6 +100,7 @@ declare -ar REQ_CONTAINER_SIZES_G2=(
     "hub_binaryscanner=2048 4096 4096"
     "hub_cfssl=512 640 640"
     "hub_documentation=512 512 512"
+    "hub_integration=1024 1024 1024"
     "hub_jobrunner=3584 3584 3584"
     "hub_matchengine=4608 4608 4608"
     "hub_logstash=1024 1024 1024"
@@ -123,6 +124,7 @@ declare -ar REQ_CONTAINER_SIZES_G1=(
     "hub_binaryscanner=2048 4096 4096"
     "hub_cfssl=512 640 640"
     "hub_documentation=512 512 512"
+    "hub_integration=1024 1024 1024"
     "hub_jobrunner=4608 4608 4608"
     "hub_matchengine=4608 4608 4608"
     "hub_logstash=1024 2560 2560"
@@ -146,6 +148,7 @@ declare -ar SPH_MEM_SIZES_G3=(
     "hub_authentication=1106 1475 1475 1475 1844 2765 2765"
     "hub_bomengine=4148 4148 4148 4148 4148 4148 4148"
     "hub_documentation=922 922 922 922 1383 1383 1383"
+    "hub_integration=1024 1024 1024 1024 1024 1024 1024"
     "hub_jobrunner=4240 5807 5807 5807 5807 5807 5807"
     "hub_logstash=1106 1567 1844 3687 3687 4608 4608"
     "hub_matchengine=4608 5400 12902 9216 9216 9216 9216"  # Higher ratings are smaller but have more replicas
@@ -160,6 +163,7 @@ declare -ar TS_MEM_SIZES_G2=(
     #"hub_authentication=1024 1024 1024"
     "hub_bomengine=4096 6144 12288"  # Stock docker-compose deployments are undersized
     "hub_jobrunner=3072 4608 10240"
+    "hub_integration=1024 1024 1024"
     "hub_matchengine=4096 6144 12288"
     "hub_postgres=3072 8192 12288"
     "hub_redis=1700 3482 6092"  # BLACKDUCK_REDIS_MAXMEMORY settings are not documented.
@@ -175,6 +179,7 @@ declare -ar TS_MEM_SIZES_G1=(
     "hub_authentication=1024 1024 1024"
     "hub_bomengine=4096 7168 13824"
     "hub_jobrunner=4096 7168 13824"
+    "hub_integration=1024 1024 1024"
     "hub_matchengine=4096 7168 13824"
     "hub_postgres=3072 8192 12288"
     "hub_registration=512 512 512"
@@ -223,7 +228,7 @@ readonly REQ_CPUS_PER_BDBA=1
 readonly REQ_DISK_GB=250
 readonly REQ_DISK_GB_PER_BDBA=100
 
-readonly REQ_DOCKER_VERSIONS="18.09.x 19.03.x 20.10.x"
+readonly REQ_DOCKER_VERSIONS="20.10.x"
 readonly REQ_ENTROPY=100
 
 readonly REQ_MIN_SYSCTL_KEEPALIVE_TIME=600
@@ -248,6 +253,7 @@ declare -ar REPLICABLE=(
     #"hub_bomengine=$PASS"
     "hub_cfssl=$FAIL"
     "hub_documentation=$WARN"
+    #"hub_integration=$PASS"
     #"hub_jobrunner=$PASS"
     "hub_logstash=$FAIL"
     #"hub_matchengine=$PASS"
@@ -283,7 +289,7 @@ readonly NETWORK_TESTS_SKIPPED="*** Network Tests Skipped at command line ***"
 
 # Hostnames Black Duck uses within the docker network
 readonly HUB_RESERVED_HOSTNAMES="postgres postgres-upgrader postgres-waiter authentication webapp webui scan jobrunner cfssl logstash \
-registration webserver documentation uploadcache redis bomengine rabbitmq matchengine"
+registration webserver documentation uploadcache redis bomengine rabbitmq matchengine integration"
 
 readonly CONTAINERS_WITHOUT_CURL="nginx|postgres|postgres-upgrader|postgres-waiter|alert-database|cadvisor"
 
@@ -902,7 +908,7 @@ get_cpu_info() {
 #   CPU_COUNT -- (out) CPU count
 #   CPU_COUNT_STATUS -- (out) PASS/FAIL status message
 #   REQ_CPUS -- (in) baseline minimum CPU count
-#   REQ_CPUS_POSTGRESQL -- (in) additional required CPUs for internal postgersql.
+#   REQ_CPUS_POSTGRESQL -- (in) additional required CPUs for internal postgresql.
 #   REQ_CPUS_PER_BDBA -- (in) for BDBA, the first container counts double.
 # Arguments:
 #   None
@@ -2490,8 +2496,10 @@ _get_container_size_info() {
                     service="hub_cfssl"; memvar="container_memory";;
                 (blackducksoftware/blackduck-documentation*)
                     service="hub_documentation";;
+                (blackducksoftware/blackduck-integration*)
+                    service="hub_integration";; 
                 (blackducksoftware/blackduck-jobrunner*)
-                    service="hub_jobrunner";;
+                    service="hub_jobrunner";;                                                                                                                                                                   
                 (blackducksoftware/blackduck-logstash*)
                     service="hub_logstash";;
                 (blackducksoftware/blackduck-postgres-exporter*)

diff --git a/docker-swarm/blackduck-config.env b/docker-swarm/blackduck-config.env
@@ -24,7 +24,7 @@ BLACKDUCK_CORS_ALLOW_CREDENTIALS_PROP_NAME=
 
 # Do not change
 HUB_PRODUCT_NAME=BLACK_DUCK
-HUB_VERSION=2023.7.0
+HUB_VERSION=2023.7.1
 
 # Specify any property-specific overrides here
 #

diff --git a/docker-swarm/docker-compose.dbmigrate.yml b/docker-swarm/docker-compose.dbmigrate.yml
@@ -23,7 +23,7 @@ services:
     user: 'logstash:root'
 
   postgres:
-    image: blackducksoftware/blackduck-postgres:13-2.27
+    image: blackducksoftware/blackduck-postgres:13-2.28
     volumes:
       - postgres96-data-volume:/bitnami/postgresql
       - postgres-conf-volume:/opt/bitnami/postgresql/conf
@@ -41,7 +41,7 @@ services:
         condition: on-failure
 
   postgres-upgrader:
-    image: blackducksoftware/blackduck-postgres-upgrader:13-1.14
+    image: blackducksoftware/blackduck-postgres-upgrader:13-1.15
     volumes:
       - postgres96-data-volume:/bitnami/postgresql
       - postgres-conf-volume:/opt/bitnami/postgresql/conf

diff --git a/docker-swarm/docker-compose.externaldb.ubi.yml b/docker-swarm/docker-compose.externaldb.ubi.yml
@@ -13,7 +13,7 @@ x-long-start-period: &long-start-period
 services:
   authentication:
     user: authentication:root
-    image: blackducksoftware/blackduck-authentication:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-authentication:2023.7.1_ubi8.8
     volumes:
     - authentication-volume:/opt/blackduck/hub/hub-authentication/ldap
     - {type: tmpfs, target: /opt/blackduck/hub/hub-authentication/security}
@@ -35,7 +35,7 @@ services:
       restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   webapp:
     user: webapp:root
-    image: blackducksoftware/blackduck-webapp:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-webapp:2023.7.1_ubi8.8
     volumes:
     - log-volume:/opt/blackduck/hub/logs
     - {type: tmpfs, target: /opt/blackduck/hub/hub-webapp/security}
@@ -57,7 +57,7 @@ services:
       restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   scan:
     user: scan:root
-    image: blackducksoftware/blackduck-scan:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-scan:2023.7.1_ubi8.8
     env_file: [blackduck-config.env , hub-postgres.env]
     healthcheck:
       test: [CMD, /usr/local/bin/docker-healthcheck.sh, 'https://localhost:8443/api/health-checks/liveness',
@@ -78,7 +78,7 @@ services:
       restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   storage:
     user: storage:root
-    image: blackducksoftware/blackduck-storage:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-storage:2023.7.1_ubi8.8
     env_file: [blackduck-config.env , hub-postgres.env]
     healthcheck:
       test: [CMD, /usr/local/bin/docker-healthcheck.sh, 'https://localhost:8443/api/health-checks/liveness',
@@ -100,7 +100,7 @@ services:
       restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   jobrunner:
     user: jobrunner:root
-    image: blackducksoftware/blackduck-jobrunner:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-jobrunner:2023.7.1_ubi8.8
     env_file: [blackduck-config.env , hub-postgres.env]
     healthcheck:
       test: [CMD, /usr/local/bin/docker-healthcheck.sh, 'https://localhost:8443/health-checks/liveness',
@@ -152,7 +152,7 @@ services:
       mode: replicated
       restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   registration:
-    image: blackducksoftware/blackduck-registration:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-registration:2023.7.1_ubi8.8
     volumes:
     - config-volume:/opt/blackduck/hub/hub-registration/config
     - {type: tmpfs, target: /opt/blackduck/hub/hub-registration/security}
@@ -173,7 +173,7 @@ services:
       mode: replicated
       restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   webserver:
-    image: blackducksoftware/blackduck-nginx:2.0.47_ubi8.8
+    image: blackducksoftware/blackduck-nginx:2.0.48_ubi8.8
     ports: ['443:8443']
     env_file: [hub-webserver.env, blackduck-config.env]
     environment:
@@ -191,7 +191,7 @@ services:
       mode: replicated
       restart_policy: {condition: on-failure, delay: 15s, window: 60s}
   webui:
-    image: blackducksoftware/blackduck-webui:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-webui:2023.7.1_ubi8.8
     healthcheck:
       test: [CMD, /usr/local/bin/docker-healthcheck.sh, 'https://localhost:8443/health-checks/liveness',
         /opt/blackduck/hub/hub-ui/security/root.crt]
@@ -206,7 +206,7 @@ services:
       restart_policy: {condition: on-failure, delay: 15s, window: 60s}
 
   documentation:
-    image: blackducksoftware/blackduck-documentation:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-documentation:2023.7.1_ubi8.8
     env_file: [blackduck-config.env]
     user: documentation:root
     environment:
@@ -241,7 +241,7 @@ services:
         mode: replicated
         restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   redis:
-    image: blackducksoftware/blackduck-redis:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-redis:2023.7.1_ubi8.8
     env_file: [blackduck-config.env]
     environment:
       HUB_JOBRUNNER_HOST: 'tasks.jobrunner.'
@@ -260,7 +260,7 @@ services:
     deploy:
       restart_policy: {condition: any}
   bomengine:
-    image: blackducksoftware/blackduck-bomengine:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-bomengine:2023.7.1_ubi8.8
     env_file: [blackduck-config.env , hub-postgres.env]
     environment:
       << : *pg-usage-settings
@@ -281,7 +281,7 @@ services:
         mode: replicated
         restart_policy: {condition: on-failure, delay: 5s, window: 60s}
   matchengine:
-    image: blackducksoftware/blackduck-matchengine:2023.7.0_ubi8.8
+    image: blackducksoftware/blackduck-matchengine:2023.7.1_ubi8.8
     user: matchengine:root
     healthcheck:
       test: [ CMD, /usr/local/bin/docker-healthcheck.sh, 'https://localhost:8443/api/health-checks/liveness',
@@ -302,7 +302,7 @@ services:
       HUB_JOBRUNNER_HOST: 'tasks.jobrunner.'
       SYNOPSYS_CRYPTO_PROFILE: 'SWARM'
   rabbitmq:
-    image: blackducksoftware/rabbitmq:1.2.28_ubi8.8
+    image: blackducksoftware/rabbitmq:1.2.29_ubi8.8
     hostname: rabbitmq
     volumes: 
       - rabbitmq-data-volume:/var/lib/rabbitmq