You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
string(name: 'emailList', defaultValue: emailList, description: 'List of email for build notification', trim: true)
360
-
string(name: 'dockerVersion', defaultValue: '2.0.1', description: 'ML Docker version. This version along with ML rpm package version will be the image tag as {ML_Version}_{dockerVersion}', trim: true)
361
-
choice(name: 'dockerImageType', choices: 'ubi-rootless\nubi\nubi-rootless-hardened\nubi9-rootless\nubi9\nubi9-rootless-hardened\ncentos', description: 'Platform type for Docker image. Will be made part of the docker image tag')
358
+
string(name: 'dockerVersion', defaultValue: '2.1.0', description: 'ML Docker version. This version along with ML rpm package version will be the image tag as {ML_Version}_{dockerVersion}', trim: true)
359
+
choice(name: 'dockerImageType', choices: 'ubi-rootless\nubi\nubi9-rootless\nubi9', description: 'Platform type for Docker image. Will be made part of the docker image tag')
362
360
string(name: 'upgradeDockerImage', defaultValue: '', description: 'Docker image for testing upgrades. Defaults to ubi image if left blank.\n Currently upgrading to ubi-rotless is not supported hence the test is skipped when ubi-rootless image is provided.', trim: true)
363
361
choice(name: 'marklogicVersion', choices: '11\n12\n10', description: 'MarkLogic Server Branch. used to pick appropriate rpm')
364
362
string(name: 'ML_RPM', defaultValue: '', description: 'URL for RPM to be used for Image creation. \n If left blank nightly ML rpm will be used.\n Please provide Jenkins accessible path e.g. /project/engineering or /project/qa', trim: true)
Copy file name to clipboardExpand all lines: README.md
+9-20
Original file line number
Diff line number
Diff line change
@@ -46,7 +46,7 @@ Docker images are maintained by MarkLogic. Send feedback to the MarkLogic Docker
46
46
47
47
Supported Docker architectures: x86_64
48
48
49
-
Base OS: UBI, UBI-rootless and CentOS
49
+
Base OS: UBIand UBI9 with rootless variants.
50
50
51
51
Published image artifact details: https://github.com/marklogic/marklogic-docker, https://hub.docker.com/r/progressofficial/marklogic-db
52
52
@@ -205,8 +205,6 @@ The following environment variables are only useful when building and extending
205
205
| MARKLOGIC_PID_FILE | /var/run/MarkLogic.pid | no| n/a | The process ID file |
206
206
| MARKLOGIC_UMASK | 022 | no | n/a | The permissions granted to MarkLogic through umask |
207
207
208
-
**IMPORTANT:** The use of [Docker secrets](https://docs.docker.com/engine/swarm/secrets/) is supported in the MarkLogic Docker image progressofficial/marklogic-db:10.0-7.3-centos-1.0.0-ea onwards and will not work with older versions of the Docker EA image. The Docker compose examples that follow use secrets. If you want to use these examples with an older version of the image, you need to update the examples to use environment variables instead of secrets.
209
-
210
208
## Configuring swap space
211
209
212
210
MarkLogic recommends that swap space be configured for production deployments to reduce the possibility of ‘out of memory’ errors. For more details, see [MarkLogic recommendations for swap space](https://help.marklogic.com/knowledgebase/article/View/21/19/swap-space-requirements) and [configuring "swappiness"](https://help.marklogic.com/Knowledgebase/Article/View/linux-swappiness).
@@ -986,9 +984,10 @@ The `marklogic` image tags allow the user to pin their applications to images fo
986
984
987
985
This tag points to the exact version of MarkLogic Server and the base OS. This allows an application to pin to a very specific version of the image and base OS (platform).
988
986
989
-
Platform can be `centos`, `ubi` (RedHat Universal Base Image) or `ubi-rootless` (RedHat Universal Base Image for rootless containers). When `latest` tag is used, the platform will default to `ubi-rootless`.
987
+
Platform can be `ubi`/`ubi9` (RedHat Universal Base Image) or `ubi-rootless`/`ubi9-rootless` (RedHat Universal Base Image for rootless containers). When `latest` tag is used, the platform will default to `ubi-rootless`.
988
+
990
989
991
-
e.g. `11.2.0-centos` is the MarkLogic Server 11.2.0 release and CentOS base OS.
990
+
e.g. `11.2.0-ubi9` is the MarkLogic Server 11.2.0 release and UBI9 base OS.
992
991
993
992
## `latest-xx.x`
994
993
@@ -1045,24 +1044,14 @@ Where is calculated as described in the [Configuring HugePages](https://github.c
1045
1044
1046
1045
# Known Issues and Limitations
1047
1046
1048
-
## CentOS base docker image
1049
-
1050
-
1. The image must be run in privileged mode. At the moment if the image isn't run as privileged many calls that use `sudo` during the supporting script will fail due to lack of required permissions as the image will not be able to create a user with the required permissions.
1051
-
2. Using the "leave" button in the Admin interface to remove a node from a cluster may not succeed, depending on your network configuration. Use the Management API to remove a node from a cluster. See: [https://docs.marklogic.com/REST/DELETE/admin/v1/host-config](https://docs.marklogic.com/REST/DELETE/admin/v1/host-config).
1052
-
3. Rejoining a node to a cluster, that had previously left that cluster, may not succeed.
1053
-
4. MarkLogic Server will default to the UTC timezone.
1054
-
5. The latest released version of CentOS 7 has known security vulnerabilities with respect to glib2 (CVE-2015-8387, CVE-2015-8390, CVE-2015-8394), glibc (CVE-2019-1010022), pcre (CVE-2015-8380, CVE-2015-8387, CVE-2015-8390, CVE-2015-8393, CVE-2015-8394), SQLite (CVE-2019-5827), nss (CVE-2014-3566), and bind-license (CVE-2023-6516, CVE-2023-5679, CVE-2023-5517, CVE-2023-50868, CVE-2023-50387, CVE-2023-4408). These libraries are included in the CentOS base image but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required.
1055
-
1056
1047
## RedHat UBI base docker image
1057
1048
1058
1049
1. The image must be run in privileged mode. If the image isn't run as privileged, the calls that use `sudo` in the startup script will fail due to lack of required permissions as the image will not be able to create a user with the required permissions. To run in non-privileged mode, use one of the “rootless” image options.
1059
1050
2. Using the "leave" button in the Admin interface to remove a node from a cluster may not succeed, depending on your network configuration. Use the Management API to remove a node from a cluster. See: [https://docs.marklogic.com/REST/DELETE/admin/v1/host-config](https://docs.marklogic.com/REST/DELETE/admin/v1/host-config).
1060
1051
3. Rejoining a node to a cluster, that had previously left that cluster, may not succeed.
1061
1052
4. MarkLogic Server will default to the UTC timezone.
1062
-
5. The latest released version of RedHat UBI 8 has known security vulnerabilities :
1063
-
- glibc (CVE-2019-1010022) for which RedHat does not consider to be a vulnerability.
1064
-
- kernel-headers (CVE-2023-6546).
1065
-
- pip (GHSA-gpvv-69j7-gwj8) and setuptools (GHSA-r9hx-vwmv-q579).
1066
-
- less (CVE-2024-32487).
1067
-
1068
-
These libraries are included in the RedHat UBI 8 base image but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required.
1053
+
5. The latest released version of RedHat UBI images have known security vulnerabilities.
These libraries are included in the RedHat UBI base images but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required.
1057
+
6. As part of the hardening process, the following packages are removed from the image: `vim-minimal`, `cups-client`, `cups-libs`, `tar`, `python3-pip-wheel`, `platform-python`, `python3-libs`, `platform-python-setuptools`, `avahi-libs`, `binutils`, `expat`, `libarchive`, `python3`, `python3-libs`, `python-unversioned-command`. These packages are not required for the operation of MarkLogic Server and are removed to reduce the attack surface of the image. If you require any of these packages, you can install them in your own Dockerfile.
0 commit comments