[bitnami/geode] Release 1.15.0-debian-11-r17 (#2733)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2026-03-29 16:27:49 +08:00 · 2022-08-11 14:15:44 +02:00
parent 13debc6483
commit eff836510c
5 changed files with 24 additions and 15 deletions
--- a/bitnami/geode/1/debian-11/Dockerfile
+++ b/bitnami/geode/1/debian-11/Dockerfile
@@ -7,6 +7,7 @@ ENV HOME="/" \
 ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
      org.opencontainers.image.description="Application packaged by Bitnami" \
+      org.opencontainers.image.ref.name="1.15.0-debian-11-r17" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/geode" \
      org.opencontainers.image.title="geode" \
      org.opencontainers.image.vendor="VMware, Inc." \
@@ -18,7 +19,7 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN install_packages acl ca-certificates curl gzip jq libc6 libgcc-s1 ncurses-bin procps tar
 RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "java" "1.8.345-1" --checksum 4d90bf2066c8d6605ac771e9b97c1188f4491d458fcb56956eeead6a18f70ac4
 RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.14.0-153" --checksum d3ae0109be24e8bc56f97359b8290b91243454de946dd60bd8520a0896a88449
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "geode" "1.15.0-2" --checksum a39449178ef405cf8770b6c7c3f4ffc687f1e569f379c8b797c6714e74da7f20
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "geode" "1.15.0-4" --checksum df401bcd2bbf589c517973f7ed152e15c7d14f54faadcf6d07a4509743754f91
 RUN apt-get update && apt-get upgrade -y && \
    rm -r /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
--- a/bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -1,10 +1,10 @@
 {
    "geode": {
        "arch": "amd64",
-        "digest": "a39449178ef405cf8770b6c7c3f4ffc687f1e569f379c8b797c6714e74da7f20",
+        "digest": "df401bcd2bbf589c517973f7ed152e15c7d14f54faadcf6d07a4509743754f91",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "1.15.0-2"
+        "version": "1.15.0-4"
    },
    "gosu": {
        "arch": "amd64",
--- a/bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/geode-env.sh
+++ b/bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/geode-env.sh
@@ -112,9 +112,9 @@ export GEODE_SECURITY_TLS_COMPONENTS="${GEODE_SECURITY_TLS_COMPONENTS:-}"
 export GEODE_SECURITY_TLS_PROTOCOLS="${GEODE_SECURITY_TLS_PROTOCOLS:-any}"
 export GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION="${GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION:-no}"
 export GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED="${GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED:-no}"
-export GEODE_SECURITY_TLS_KEYSTORE_FILE="${GEODE_SECURITY_TLS_KEYSTORE_FILE:-${GEODE_MOUNTED_CONF_DIR}/certs/geode.keystore.jks}"
+export GEODE_SECURITY_TLS_KEYSTORE_FILE="${GEODE_SECURITY_TLS_KEYSTORE_FILE:-${GEODE_CONF_DIR}/certs/geode.keystore.jks}"
 export GEODE_SECURITY_TLS_KEYSTORE_PASSWORD="${GEODE_SECURITY_TLS_KEYSTORE_PASSWORD:-}"
-export GEODE_SECURITY_TLS_TRUSTSTORE_FILE="${GEODE_SECURITY_TLS_TRUSTSTORE_FILE:-${GEODE_MOUNTED_CONF_DIR}/certs/geode.truststore.jks}"
+export GEODE_SECURITY_TLS_TRUSTSTORE_FILE="${GEODE_SECURITY_TLS_TRUSTSTORE_FILE:-${GEODE_CONF_DIR}/certs/geode.truststore.jks}"
 export GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD="${GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD:-}"

 # Apache Geode Cache servers configuration
--- a/bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/libgeode.sh
+++ b/bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/libgeode.sh
@@ -107,7 +107,7 @@ geode_validate() {
        if ! is_empty_value "$GEODE_SECURITY_TLS_COMPONENTS"; then
            check_empty_value "GEODE_SECURITY_TLS_PROTOCOLS"
            if [[ ! -f "$GEODE_SECURITY_TLS_KEYSTORE_FILE" || ! -f "$GEODE_SECURITY_TLS_TRUSTSTORE_FILE" ]]; then
-                print_validation_error "In order to configure the TLS encryption for Apache Geode with JKS certs you must mount your geode.keystore.jks and geode.truststore.jks certs to the ${GEODE_MOUNTED_CONF_DIR}/certs directory."
+                print_validation_error "In order to configure the TLS encryption for Apache Geode with JKS certs you must mount your geode.keystore.jks and geode.truststore.jks certs to the ${GEODE_CONF_DIR}/certs directory."
            fi
        else
            # Security is enabled but TLS is not. Therefore, authentication using Security Manager is mandatory
@@ -283,10 +283,10 @@ geode_configure_security_tls() {
    geode_conf_set "ssl-enabled-components" "$GEODE_SECURITY_TLS_COMPONENTS" "$GEODE_SEC_CONF_FILE"
    geode_conf_set "ssl-endpoint-identification-enabled" "$(is_boolean_yes "$GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED" && echo "true" || echo "false")" "$GEODE_SEC_CONF_FILE"
    geode_conf_set "ssl-require-authentication" "$(is_boolean_yes "$GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION" && echo "true" || echo "false")" "$GEODE_SEC_CONF_FILE"
-    geode_conf_set "ssl-keystore" "$GEODE_SECURITY_TLS_KEYSTORE_FILE" "$GEODE_SEC_CONF_FILE"
    ! is_empty_value "$GEODE_SECURITY_TLS_KEYSTORE_PASSWORD" && geode_conf_set "ssl-keystore-password" "$GEODE_SECURITY_TLS_KEYSTORE_PASSWORD" "$GEODE_SEC_CONF_FILE"
-    geode_conf_set "ssl-truststore" "$GEODE_SECURITY_TLS_TRUSTSTORE_FILE" "$GEODE_SEC_CONF_FILE"
    ! is_empty_value "$GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD" && geode_conf_set "ssl-truststore-password" "$GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD" "$GEODE_SEC_CONF_FILE"
+    geode_conf_set "ssl-keystore" "$GEODE_SECURITY_TLS_KEYSTORE_FILE" "$GEODE_SEC_CONF_FILE"
+    geode_conf_set "ssl-truststore" "$GEODE_SECURITY_TLS_TRUSTSTORE_FILE" "$GEODE_SEC_CONF_FILE"
 }

 ########################
@@ -302,6 +302,7 @@ geode_wait_for_locator_connection() {
    local -r locator="${1:?missing locator host}"
    local -r user="${2:-}"
    local -r pass="${3:-}"
+    local -r sleep_min=2

    check_locator_connection() {
        local -a connet_flags=("--locator=${locator}")
@@ -319,7 +320,7 @@ geode_wait_for_locator_connection() {
        debug_execute gfsh -e "connect ${connet_flags[*]}" -e "status cluster-config-service"
    }
    # We use a random sleep time between retries to avoid colissions
-    if ! retry_while "check_locator_connection" "12" "$(generate_random_string --type numeric --count 1)"; then
+    if ! retry_while "check_locator_connection" "12" "$((sleep_min + $(generate_random_string --type numeric --count 1)))"; then
        error "Could not connect to the locator"
        return 1
    fi
@@ -368,6 +369,7 @@ geode_initialize_cache_server() {
            # This configuration is not persisted. Therefore, we also need to generate it
            # during container recreations
            geode_configure_sample_security_manager
+            ! is_empty_value "$GEODE_SECURITY_TLS_COMPONENTS" && geode_configure_security_tls
        fi
        info "Trying to connect to locators"
        read -r -a locators <<< "$(tr ',;' ' ' <<< "${GEODE_LOCATORS/%,/}")"
--- a/bitnami/geode/README.md
+++ b/bitnami/geode/README.md
@@ -41,7 +41,7 @@ Non-root container images add an extra layer of security and are generally recom
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).


-* [`1`, `1-debian-11`, `1.15.0`, `1.15.0-debian-11-r16`, `latest` (1/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/geode/1/debian-11/Dockerfile)
+* [`1`, `1-debian-11`, `1.15.0`, `1.15.0-debian-11-r17`, `latest` (1/debian-11/Dockerfile)](https://github.com/bitnami/containers/blob/main/bitnami/geode/1/debian-11/Dockerfile)

 Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers).

@@ -198,9 +198,9 @@ Available environment variables:
 * `GEODE_SECURITY_TLS_PROTOCOLS`: Comma-separated list of valid protocols versions for TCP/IP connections with TLS encryption enabled. Default: **any**
 * `GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION`: Enable two-way authentication via TLS. Default: **no**
 * `GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED`: Enable server hostname validation using server certificates. Default: **no**
-* `GEODE_SECURITY_TLS_KEYSTORE_FILE`: Path to the key store file. Default: **/bitnami/geode/config/certs/geode.keystore.jks**
+* `GEODE_SECURITY_TLS_KEYSTORE_FILE`: Path to the key store file. Default: **/opt/bitnami/geode/config/certs/geode.keystore.jks**
 * `GEODE_SECURITY_TLS_KEYSTORE_PASSWORD`: Key store file. No defaults.
-* `GEODE_SECURITY_TLS_TRUSTSTORE_FILE`: Path to the trust store file. Default: **/bitnami/geode/config/certs/geode.truststore.jks**
+* `GEODE_SECURITY_TLS_TRUSTSTORE_FILE`: Path to the trust store file. Default: **/opt/bitnami/geode/config/certs/geode.truststore.jks**
 * `GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD`: Trust store password. No defaults.

 #### Apache Geode cluster configuration
@@ -244,7 +244,7 @@ You can also configure TLS for authentication between members and to protect you

 > Note: TLS authentication can be alone or in conjunction with the authentication provided by the Security Manager

-To configure TLS, you must use your own certificates. You can drop your Java Key Stores into `/bitnami/geode/config/certs`. If the JKS certs are password protected (recommended), you will need to provide them also setting `GEODE_SECURITY_TLS_KEYSTORE_PASSWORD` and `GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD`.
+To configure TLS, you must use your own certificates. You can mount your Java Key Stores into `/opt/bitnami/geode/config/certs`. If the JKS certs are password protected (recommended), you will need to provide them also setting `GEODE_SECURITY_TLS_KEYSTORE_PASSWORD` and `GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD`.

 > If your Java Key Stores are mounted in a different location than `/opt/bitnami/geode/config/certs/geode.keystore.jks` and `/opt/bitnami/geode/config/certs/geode.truststore.jks`, set the environment variables `GEODE_SECURITY_TLS_KEYSTORE_FILE` and `GEODE_SECURITY_TLS_TRUSTSTORE_FILE` with the name of the path where you mounted your key store and trust store files, respectively.

@@ -278,8 +278,8 @@ services:
      - GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD=pass123

    volumes:
-      - './geode.keystore.jks:/bitnami/geode/config/certs/geode.keystore.jks:ro'
-      - './geode.truststore.jks:/bitnami/geode/config/certs/geode.truststore.jks:ro'
+      - './geode.keystore.jks:/opt/bitnami/geode/config/certs/geode.keystore.jks:ro'
+      - './geode.truststore.jks:/opt/bitnami/geode/config/certs/geode.truststore.jks:ro'
 ```

 ### Setting up an Apache Geode Cluster
@@ -519,6 +519,12 @@ Or using Docker Compose:
 $ docker-compose up geode
 ```

+## Notable Changes
+
+### 1.15.0-debian-11-r16
+
+* Default value for `GEODE_SECURITY_TLS_KEYSTORE_FILE` and `GEODE_SECURITY_TLS_TRUSTSTORE_FILE` updated to **/opt/bitnami/geode/config/certs/geode.keystore.jks** and **/opt/bitnami/geode/config/certs/geode.truststore.jks** respectively
+
 ## Contributing

 We'd love for you to contribute to this Docker image. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues), or submit a [pull request](https://github.com/bitnami/containers/pulls) with your contribution.