diff --git a/allinone/Dockerfile b/allinone/Dockerfile index ce52a1ab..4fe6e00f 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -35,7 +35,7 @@ RUN set -ex \ WORKDIR /opt/jumpserver RUN set -ex \ - && wget -q https://github.com/wojiushixiaobai/jumpserver-patch/raw/master/core/Dockerfile-ce \ + && wget https://github.com/jumpserver-dev/jumpserver-patch/raw/master/core/Dockerfile-ce \ && echo > /opt/jumpserver/config.yml \ && cd utils \ && bash -ixeu build.sh @@ -88,15 +88,15 @@ WORKDIR /opt ARG RUST_VERSION=1.71.1 RUN set -ex \ && \ - if [ "${TARGETARCH}" == "s390x" ] || [ "${TARGETARCH}" == "ppc64le" ] || [ "${TARGETARCH}" == "loong64" ]; then \ + if [ "${TARGETARCH}" = "s390x" ] || [ "${TARGETARCH}" = "ppc64le" ] || [ "${TARGETARCH}" = "loong64" ]; then \ rustUrl="https://static.rust-lang.org/dist"; \ rustArch="${TARGETARCH}"; \ mkdir -p /opt/rust-install; \ - if [ "${TARGETARCH}" == "loong64" ]; then \ + if [ "${TARGETARCH}" = "loong64" ]; then \ rustUrl="download.jumpserver.org/rust/dist"; \ rustArch="loongarch64"; \ fi; \ - if [ "${TARGETARCH}" == "ppc64le" ]; then \ + if [ "${TARGETARCH}" = "ppc64le" ]; then \ rustArch="powerpc64le"; \ fi; \ wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}-unknown-linux-gnu.tar.xz"; \ @@ -170,12 +170,12 @@ RUN set -ex \ && case "$dpkgArch" in \ amd64|arm64) \ echo "deb https://nginx.org/packages/debian/ buster nginx" > /etc/apt/sources.list.d/nginx.list \ - && wget -qO - https://nginx.org/keys/nginx_signing.key | apt-key add - \ + && wget -O - https://nginx.org/keys/nginx_signing.key | apt-key add - \ && apt-get update \ ;; \ loongarch64) \ echo "deb https://download.jumpserver.org/nginx/packages/debian buster nginx" > /etc/apt/sources.list.d/nginx.list \ - && wget -qO - https://download.jumpserver.org/nginx/packages/keys/nginx_signing.key | apt-key add - \ + && wget -O - https://download.jumpserver.org/nginx/packages/keys/nginx_signing.key | apt-key add - \ && apt-get update \ ;; \ *) \ @@ -206,7 +206,7 @@ RUN set -ex \ && \ case "${TARGETARCH}" in \ amd64) \ - wget -q https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ + wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ @@ -214,7 +214,7 @@ RUN set -ex \ && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ ;; \ arm64|s390x|ppc64le) \ - wget -q https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ + wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ @@ -230,23 +230,18 @@ ARG HELM_VERSION=v3.12.2 ARG KUBECTL_VERSION=v1.27.4 RUN set -ex \ && \ - if [ "${TARGETARCH}" == "loong64" ]; then \ - wget -q https://download.jumpserver.org/public/kubectl-linux-${TARGETARCH}.tar.gz; \ + if [ "${TARGETARCH}" = "loong64" ]; then \ + wget https://download.jumpserver.org/public/kubectl-linux-${TARGETARCH}.tar.gz; \ tar -xf kubectl-linux-${TARGETARCH}.tar.gz; \ mv kubectl /usr/local/bin/rawkubectl; \ else \ - wget -q -O /usr/local/bin/rawkubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl; \ + wget -O /usr/local/bin/rawkubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl; \ fi \ - && wget -q http://download.jumpserver.org/public/kubectl_aliases.tar.gz \ + && wget http://download.jumpserver.org/public/kubectl_aliases.tar.gz \ && mkdir /opt/kubectl-aliases/ \ && tar -xf kubectl_aliases.tar.gz -C /opt/kubectl-aliases/ \ && chown -R root:root /opt/kubectl-aliases/ \ - && \ - if [ "${TARGETARCH}" == "loong64" ]; then \ - wget -q https://github.com/wojiushixiaobai/helm-loongarch64/releases/download/${HELM_VERSION}/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz; \ - else \ - wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz; \ - fi \ + && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt --strip-components=1 linux-${TARGETARCH}/helm \ && mv helm /usr/local/bin/rawhelm \ && chmod 755 /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \ @@ -255,7 +250,7 @@ RUN set -ex \ ARG WISP_VERSION=v0.1.16 RUN set -ex \ - && wget -q https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ && chown root:root /usr/local/bin/wisp \ && chmod 755 /usr/local/bin/wisp \ @@ -293,7 +288,7 @@ WORKDIR /opt RUN set -ex \ && mkdir -p /opt/koko \ - && wget -q https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf koko-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/ --strip-components=1 \ && mv /opt/koko/kubectl /usr/local/bin/ \ && mv /opt/koko/helm /usr/local/bin/ \ @@ -303,14 +298,14 @@ RUN set -ex \ RUN set -ex \ && mkdir -p /opt/lion \ - && wget -q https://github.com/jumpserver/lion-release/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver/lion-release/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf lion-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/lion --strip-components=1 \ && chown -R root:root /opt/lion \ && rm -f /opt/*.tar.gz RUN set -ex \ && mkdir -p /opt/magnus \ - && wget -q https://github.com/jumpserver/magnus-release/releases/download/${VERSION}/magnus-${VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver/magnus-release/releases/download/${VERSION}/magnus-${VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf magnus-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/magnus --strip-components=1 \ && chmod 755 /opt/magnus/magnus \ && chown -R root:root /opt/magnus \ @@ -318,7 +313,7 @@ RUN set -ex \ RUN set -ex \ && mkdir -p /opt/kael \ - && wget -q https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf kael-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/kael --strip-components=1 \ && chmod 755 /opt/kael/kael \ && chown -R root:root /opt/kael \ @@ -326,28 +321,28 @@ RUN set -ex \ RUN set -ex \ && mkdir -p /opt/chen \ - && wget -q https://github.com/jumpserver/chen-release/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ + && wget https://github.com/jumpserver/chen-release/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \ && chown -R root:root /opt/chen \ && rm -f /opt/*.tar.gz RUN set -ex \ && mkdir -p /opt/lina \ - && wget -q https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ + && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ && chown -R root:root /opt/lina \ && rm -f /opt/*.tar.gz RUN set -ex \ && mkdir -p /opt/luna \ - && wget -q https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ + && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ && chown -R root:root /opt/luna \ && rm -f /opt/*.tar.gz RUN set -ex \ && cd /opt/download/applets \ - && wget -q https://github.com/jumpserver/applets/releases/download/${VERSION}/pip_packages.zip + && wget https://github.com/jumpserver/applets/releases/download/${VERSION}/pip_packages.zip COPY readme.txt readme.txt COPY entrypoint.sh . diff --git a/chen/Dockerfile b/chen/Dockerfile index dae1c159..3b907020 100644 --- a/chen/Dockerfile +++ b/chen/Dockerfile @@ -1,41 +1,29 @@ -FROM jumpserver/openjdk:17-slim-buster as openjdk -FROM debian:buster-slim +FROM jumpserver/openjdk:17-slim-bullseye as stage-1 +FROM debian:bullseye-slim as stage-2 ARG TARGETARCH -ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ ca-certificates \ - curl \ - p11-kit \ wget" -RUN set -ex \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* - -ENV JAVA_HOME /usr/local/openjdk-17 -ENV PATH $JAVA_HOME/bin:$PATH + && apt-get -y install --no-install-recommends ${DEPENDENCIES} -COPY --from=openjdk $JAVA_HOME $JAVA_HOME -COPY --from=openjdk /etc/ld.so.conf.d/docker-openjdk.conf /etc/ld.so.conf.d/docker-openjdk.conf -COPY --from=openjdk /etc/ca-certificates/update.d/docker-openjdk /etc/ca-certificates/update.d/docker-openjdk +WORKDIR /opt +ARG CHECK_VERSION=v1.0.1 RUN set -ex \ - && chmod +x /etc/ca-certificates/update.d/docker-openjdk \ - && /etc/ca-certificates/update.d/docker-openjdk \ - && ldconfig \ - && java -Xshare:dump \ - && rm -rf ~/.java \ - && javac --version \ - && java --version - -WORKDIR /opt + && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz ARG WISP_VERSION=v0.1.16 RUN set -ex \ @@ -60,6 +48,47 @@ RUN set -ex \ COPY chen/entrypoint.sh . RUN chmod 755 ./entrypoint.sh +FROM debian:bullseye-slim +ENV LANG=en_US.UTF-8 + +ARG DEPENDENCIES=" \ + ca-certificates \ + p11-kit" + +RUN set -ex \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && sed -i "s@# export @export @g" ~/.bashrc \ + && sed -i "s@# alias @alias @g" ~/.bashrc \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +ENV JAVA_HOME /usr/local/openjdk-17 +ENV PATH $JAVA_HOME/bin:$PATH + +COPY --from=stage-1 $JAVA_HOME $JAVA_HOME +COPY --from=stage-1 /etc/ld.so.conf.d/docker-openjdk.conf /etc/ld.so.conf.d/docker-openjdk.conf +COPY --from=stage-1 /etc/ca-certificates/update.d/docker-openjdk /etc/ca-certificates/update.d/docker-openjdk + +RUN set -ex \ + && chmod +x /etc/ca-certificates/update.d/docker-openjdk \ + && /etc/ca-certificates/update.d/docker-openjdk \ + && ldconfig \ + && java -Xshare:dump \ + && rm -rf ~/.java \ + && javac --version \ + && java --version + +COPY --from=stage-2 /usr/local/bin /usr/local/bin +COPY --from=stage-2 /opt/chen /opt/chen + +WORKDIR /opt/chen + +ARG VERSION=v3.10.1 +ENV VERSION=${VERSION} + VOLUME /opt/chen/data EXPOSE 8082 diff --git a/chen/entrypoint.sh b/chen/entrypoint.sh index 30bd8a56..441d7b5a 100644 --- a/chen/entrypoint.sh +++ b/chen/entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -while [ "$(curl -I -m 10 -L -k -o /dev/null -s -w %{http_code} ${CORE_HOST}/api/health/)" != "200" ] -do +until /usr/local/bin/check ${CORE_HOST}/api/health/; do echo "wait for jms_core ${CORE_HOST} ready" sleep 2 done diff --git a/core/Dockerfile b/core/Dockerfile index 46967719..c493326b 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -1,4 +1,4 @@ -FROM jumpserver/python:3.11-slim-buster as stage-1 +FROM python:3.11-slim-bullseye as stage-1 ARG TARGETARCH ARG DEPENDENCIES=" \ @@ -13,11 +13,19 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash + && apt-get -y install --no-install-recommends ${DEPENDENCIES} WORKDIR /opt +ARG CHECK_VERSION=v1.0.1 +RUN set -ex \ + && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + ARG VERSION=v3.10.1 ENV VERSION=$VERSION @@ -31,12 +39,12 @@ RUN set -ex \ WORKDIR /opt/jumpserver RUN set -ex \ - && wget -q https://github.com/wojiushixiaobai/jumpserver-patch/raw/master/core/Dockerfile-ce \ + && wget https://github.com/jumpserver-dev/jumpserver-patch/raw/master/core/Dockerfile-ce \ && echo > /opt/jumpserver/config.yml \ && cd utils \ && bash -ixeu build.sh -FROM jumpserver/python:3.11-slim-buster as stage-2 +FROM python:3.11-slim-bullseye as stage-2 ARG TARGETARCH ARG BUILD_DEPENDENCIES=" \ @@ -77,31 +85,31 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ && apt-get update \ && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && echo "no" | dpkg-reconfigure dash + && apt-get -y install --no-install-recommends ${TOOLS} WORKDIR /opt ARG RUST_VERSION=1.71.1 RUN set -ex \ && \ - if [ "${TARGETARCH}" == "s390x" ] || [ "${TARGETARCH}" == "ppc64le" ] || [ "${TARGETARCH}" == "loong64" ]; then \ + if [ "${TARGETARCH}" = "s390x" ] || [ "${TARGETARCH}" = "ppc64le" ] || [ "${TARGETARCH}" = "loong64" ]; then \ rustUrl="https://static.rust-lang.org/dist"; \ rustArch="${TARGETARCH}"; \ mkdir -p /opt/rust-install; \ - if [ "${TARGETARCH}" == "loong64" ]; then \ + if [ "${TARGETARCH}" = "loong64" ]; then \ rustUrl="download.jumpserver.org/rust/dist"; \ rustArch="loongarch64"; \ fi; \ - if [ "${TARGETARCH}" == "ppc64le" ]; then \ + if [ "${TARGETARCH}" = "ppc64le" ]; then \ rustArch="powerpc64le"; \ fi; \ + if [ "${TARGETARCH}" = "riscv64" ]; then \ + rustArch="riscv64gc-unknown-linux-gnu"; \ + fi; \ wget -O /opt/rust.tar.gz "${rustUrl}/rust-${RUST_VERSION}-${rustArch}-unknown-linux-gnu.tar.xz"; \ tar -xf /opt/rust.tar.gz -C /opt/rust-install --strip-components=1; \ cd /opt/rust-install && ./install.sh; \ cd /opt && rm -rf /opt/rust-install /opt/rust.tar.gz; \ - mkdir -p ${CARGO_HOME:-$HOME/.cargo}; \ - echo -e '[source.crates-io]\nreplace-with = "ustc"\n\n[source.ustc]\nregistry = "sparse+https://mirrors.tuna.tsinghua.edu.cn/crates.io-index/"' > ${CARGO_HOME:-$HOME/.cargo}/config; \ fi COPY --from=stage-1 /opt/jumpserver/poetry.lock /opt/jumpserver/pyproject.toml /opt/jumpserver/ @@ -122,27 +130,23 @@ RUN --mount=type=cache,target=/root/.cache \ && . /opt/py3/bin/activate \ && poetry install --only=main -FROM jumpserver/python:3.11-slim-buster -ARG TARGETARCH +FROM python:3.11-slim-bullseye ENV LANG=en_US.UTF-8 \ PATH=/opt/py3/bin:$PATH ARG DEPENDENCIES=" \ - freerdp2-dev \ libjpeg-dev \ + libldap2-dev \ libx11-dev \ libxmlsec1-openssl" ARG TOOLS=" \ ca-certificates \ - curl \ default-libmysqlclient-dev \ openssh-client \ - sshpass \ - wget" + sshpass" RUN set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ @@ -156,6 +160,7 @@ RUN set -ex \ && rm -rf /var/lib/apt/lists/* COPY --from=stage-2 /opt/py3 /opt/py3 +COPY --from=stage-1 /usr/local/bin /usr/local/bin COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver WORKDIR /opt/jumpserver diff --git a/docker-compose-build.yml b/docker-compose-build.yml index 125d64ee..0f295b5c 100644 --- a/docker-compose-build.yml +++ b/docker-compose-build.yml @@ -7,7 +7,7 @@ services: args: VERSION: ${VERSION} TARGETARCH: ${TARGETARCH} - image: jumpserver/core-ce:${VERSION} + image: jumpserver/jms_core:${VERSION} container_name: jms_core restart: always command: start web @@ -29,19 +29,18 @@ services: MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} DOMAIN: ${DOMAIN:-} healthcheck: - test: "curl -fsL http://localhost:8080/api/health/ > /dev/null" + test: "check http://localhost:8080/api/health/" interval: 10s timeout: 5s retries: 3 start_period: 60s volumes: - ${VOLUME_DIR}/core/data:/opt/jumpserver/data - - ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs networks: - net celery: - image: jumpserver/core:${VERSION} + image: jumpserver/jms_core:${VERSION} container_name: jms_celery restart: always command: start task @@ -72,7 +71,6 @@ services: start_period: 30s volumes: - ${VOLUME_DIR}/core/data:/opt/jumpserver/data - - ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs networks: - net @@ -83,7 +81,7 @@ services: args: VERSION: ${VERSION} TARGETARCH: ${TARGETARCH} - image: jumpserver/koko:${VERSION} + image: jumpserver/jms_koko:${VERSION} container_name: jms_koko restart: always privileged: true @@ -96,7 +94,7 @@ services: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost:5000/koko/health/ > /dev/null" + test: "check http://localhost:5000/koko/health/" interval: 10s timeout: 5s retries: 3 @@ -115,7 +113,7 @@ services: args: VERSION: ${VERSION} TARGETARCH: ${TARGETARCH} - image: jumpserver/lion:${VERSION} + image: jumpserver/jms_lion:${VERSION} container_name: jms_lion restart: always environment: @@ -126,7 +124,7 @@ services: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost:8081/lion/health/ > /dev/null" + test: "check http://localhost:8081/lion/health/" interval: 10s timeout: 5s retries: 3 @@ -143,7 +141,7 @@ services: args: VERSION: ${VERSION} TARGETARCH: ${TARGETARCH} - image: jumpserver/magnus:${VERSION} + image: jumpserver/jms_magnus:${VERSION} container_name: jms_magnus restart: always environment: @@ -157,7 +155,7 @@ services: core: condition: service_healthy healthcheck: - test: "nc -z 127.0.0.1 33061 || exit 1" + test: "check tcp://127.0.0.1:$$MAGNUS_MYSQL_PORT" interval: 10s timeout: 5s retries: 3 @@ -178,22 +176,22 @@ services: args: VERSION: ${VERSION} TARGETARCH: ${TARGETARCH} - image: jumpserver/chen:${VERSION} + image: jumpserver/jms_chen:${VERSION} container_name: jms_chen ulimits: core: 0 restart: always environment: - - CORE_HOST: http://core:8080 - - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - - LOG_LEVEL: $LOG_LEVEL + CORE_HOST: http://core:8080 + BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN + LOG_LEVEL: $LOG_LEVEL volumes: - ${VOLUME_DIR}/chen/data:/opt/chen/data depends_on: core: condition: service_healthy healthcheck: - test: "curl -f 127.0.0.1:8082/chen" + test: "check http://localhost:8082/chen/" interval: 10s timeout: 5s retries: 3 @@ -208,22 +206,22 @@ services: args: VERSION: ${VERSION} TARGETARCH: ${TARGETARCH} - image: jumpserver/kael:${VERSION} + image: jumpserver/jms_kael:${VERSION} container_name: jms_kael ulimits: core: 0 restart: always environment: - - CORE_HOST: http://core:8080 - - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - - LOG_LEVEL: $LOG_LEVEL + CORE_HOST: http://core:8080 + BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN + LOG_LEVEL: $LOG_LEVEL volumes: - ${VOLUME_DIR}/kael/data:/opt/kael/data depends_on: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost:8083/kael/health/ > /dev/null" + test: "check http://localhost:8083/kael/health/" interval: 10s timeout: 5s retries: 3 @@ -238,14 +236,16 @@ services: args: VERSION: ${VERSION} TARGETARCH: ${TARGETARCH} - image: jumpserver/web:${VERSION} + image: jumpserver/jms_web:${VERSION} container_name: jms_web restart: always + environment: + CORE_HOST: http://core:8080 depends_on: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost/ > /dev/null" + test: "check http://localhost/api/health/ " interval: 10s timeout: 5s retries: 3 diff --git a/docker-compose-init-db.yml b/docker-compose-init-db.yml index 6b92ae42..56297769 100644 --- a/docker-compose-init-db.yml +++ b/docker-compose-init-db.yml @@ -2,7 +2,7 @@ version: '2.4' services: core: - image: jumpserver/core-ce:${VERSION} + image: jumpserver/jms_core:${VERSION} container_name: jms_core command: sleep environment: @@ -20,6 +20,5 @@ services: REDIS_PASSWORD: $REDIS_PASSWORD volumes: - ${VOLUME_DIR}/core/data:/opt/jumpserver/data - - ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs networks: - net diff --git a/docker-compose-redis.yml b/docker-compose-redis.yml index d9a107e3..beecacaf 100644 --- a/docker-compose-redis.yml +++ b/docker-compose-redis.yml @@ -6,7 +6,7 @@ services: condition: service_healthy redis: - image: jumpserver/redis:6.2 + image: jumpserver/redis:7.0 container_name: jms_redis restart: always command: redis-server --requirepass $REDIS_PASSWORD --loglevel warning --maxmemory-policy allkeys-lru diff --git a/docker-compose-xpack.yml b/docker-compose-xpack.yml deleted file mode 100644 index ccb7f11c..00000000 --- a/docker-compose-xpack.yml +++ /dev/null @@ -1,108 +0,0 @@ -version: '2.4' - -services: - core: - image: registry.fit2cloud.com/jumpserver/core-ee:${VERSION} - - celery: - image: registry.fit2cloud.com/jumpserver/core-ee:${VERSION} - - koko: - image: registry.fit2cloud.com/jumpserver/koko:${VERSION} - - lion: - image: registry.fit2cloud.com/jumpserver/lion:${VERSION} - - magnus: - image: registry.fit2cloud.com/jumpserver/magnus:${VERSION} - ports: - - ${MAGNUS_POSTGRESQL_PORT:-54320}:54320 - - ${MAGNUS_ORACLE_PORTS:-30000-30030}:${MAGNUS_ORACLE_PORTS:-30000-30030} - - chen: - image: registry.fit2cloud.com/jumpserver/chen:${VERSION} - - kael: - image: registry.fit2cloud.com/jumpserver/kael:${VERSION} - - web: - image: registry.fit2cloud.com/jumpserver/web:${VERSION} - - razor: - image: registry.fit2cloud.com/jumpserver/razor:${VERSION} - container_name: jms_razor - hostname: jms_razor - ulimits: - core: 0 - restart: always - environment: - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - ports: - - ${RDP_PORT}:3389 - volumes: - - ${VOLUME_DIR}/razor/data:/opt/razor/data - - ${CONFIG_DIR}/nginx/cert:/opt/razor/cert - depends_on: - core: - condition: service_healthy - healthcheck: - test: "ps axu | grep -v 'grep' | grep 'razor'" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - networks: - - net - - xrdp: - image: registry.fit2cloud.com/jumpserver/xrdp:${VERSION} - container_name: jms_xrdp - hostname: jms_xrdp - ulimits: - core: 0 - restart: always - environment: - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - ports: - - ${XRDP_PORT:-3390}:3390 - volumes: - - ${VOLUME_DIR}/xrdp/data:/opt/xrdp/data - - ${CONFIG_DIR}/nginx/cert:/opt/xrdp/cert - depends_on: - core: - condition: service_healthy - healthcheck: - test: "nc -z 127.0.0.1 3390 || exit 1" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - networks: - - net - - video: - image: registry.fit2cloud.com/jumpserver/video-worker:${VERSION} - container_name: jms_video - hostname: jms_video - cpus: 1 - ulimits: - core: 0 - restart: always - environment: - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - volumes: - - ${VOLUME_DIR}/video/data:/opt/video-worker/data - healthcheck: - test: "curl -fsL http://localhost:9000/video-worker/health/ > /dev/null" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - networks: - - net \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 88da8747..094179f8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '2.4' services: core: - image: jumpserver/core-ce:${VERSION} + image: jumpserver/jms_core:${VERSION} container_name: jms_core ulimits: core: 0 @@ -23,7 +23,7 @@ services: MAGNUS_PORT: ${MAGNUS_PORT:-30000-30020} DOMAINS: ${DOMAINS:-} healthcheck: - test: "curl -fsL http://localhost:8080/api/health/ > /dev/null" + test: "check http://localhost:8080/api/health/" interval: 10s timeout: 5s retries: 3 @@ -34,7 +34,7 @@ services: - net celery: - image: jumpserver/core-ce:${VERSION} + image: jumpserver/jms_core:${VERSION} container_name: jms_celery ulimits: core: 0 @@ -70,7 +70,7 @@ services: - net koko: - image: jumpserver/koko:${VERSION} + image: jumpserver/jms_koko:${VERSION} container_name: jms_koko ulimits: core: 0 @@ -85,7 +85,7 @@ services: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost:5000/koko/health/ > /dev/null" + test: "check http://localhost:5000/koko/health/" interval: 10s timeout: 5s retries: 3 @@ -98,7 +98,7 @@ services: - net lion: - image: jumpserver/lion:${VERSION} + image: jumpserver/jms_lion:${VERSION} container_name: jms_lion ulimits: core: 0 @@ -111,7 +111,7 @@ services: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost:8081/lion/health/ > /dev/null" + test: "check http://localhost:8081/lion/health/" interval: 10s timeout: 5s retries: 3 @@ -122,7 +122,7 @@ services: - net magnus: - image: jumpserver/magnus:${VERSION} + image: jumpserver/jms_magnus:${VERSION} container_name: jms_magnus ulimits: core: 0 @@ -138,7 +138,7 @@ services: core: condition: service_healthy healthcheck: - test: "nc -z 127.0.0.1 33061 || exit 1" + test: "check tcp://localhost:$$MAGNUS_MYSQL_PORT" interval: 10s timeout: 5s retries: 3 @@ -153,7 +153,7 @@ services: - net chen: - image: jumpserver/chen:${VERSION} + image: jumpserver/jms_chen:${VERSION} container_name: jms_chen ulimits: core: 0 @@ -168,7 +168,7 @@ services: core: condition: service_healthy healthcheck: - test: "curl -f 127.0.0.1:8082/chen" + test: "check http://localhost:8082/chen/" interval: 10s timeout: 5s retries: 3 @@ -177,7 +177,7 @@ services: - net kael: - image: jumpserver/kael:${VERSION} + image: jumpserver/jms_kael:${VERSION} container_name: jms_kael ulimits: core: 0 @@ -192,7 +192,7 @@ services: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost:8083/kael/health/ > /dev/null" + test: "check http://localhost:8083/kael/health/" interval: 10s timeout: 5s retries: 3 @@ -201,14 +201,14 @@ services: - net web: - image: jumpserver/web:${VERSION} + image: jumpserver/jms_web:${VERSION} container_name: jms_web restart: always depends_on: core: condition: service_healthy healthcheck: - test: "curl -fsL http://localhost/ > /dev/null" + test: "check http://localhost:51980/api/health/" interval: 10s timeout: 5s retries: 3 diff --git a/kael/Dockerfile b/kael/Dockerfile index a803c4eb..dfff6075 100644 --- a/kael/Dockerfile +++ b/kael/Dockerfile @@ -1,27 +1,29 @@ -FROM debian:buster-slim +FROM debian:bullseye-slim as stage-1 ARG TARGETARCH -ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ ca-certificates \ - curl \ wget" -ARG APT_MIRROR=http://mirrors.ustc.edu.cn - -RUN set -ex \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && apt-get update \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* + && apt-get -y install --no-install-recommends ${DEPENDENCIES} WORKDIR /opt +ARG CHECK_VERSION=v1.0.1 +RUN set -ex \ + && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + ARG WISP_VERSION=v0.1.16 RUN set -ex \ && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -39,13 +41,38 @@ RUN set -ex \ && cd /opt \ && wget https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf kael-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/kael --strip-components=1 \ - && chmod 755 /opt/kael/magnus \ + && chmod 755 /opt/kael/kael \ && chown -R root:root /opt/kael \ && rm -f /opt/*.tar.gz COPY kael/entrypoint.sh . RUN chmod 755 ./entrypoint.sh +FROM debian:bullseye-slim +ENV LANG=en_US.UTF-8 + +ARG DEPENDENCIES=" \ + ca-certificates" + +RUN set -ex \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ + && apt-get update \ + && echo "no" | dpkg-reconfigure dash \ + && sed -i "s@# export @export @g" ~/.bashrc \ + && sed -i "s@# alias @alias @g" ~/.bashrc \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=stage-1 /usr/local/bin /usr/local/bin +COPY --from=stage-1 /opt/kael /opt/kael + +WORKDIR /opt/kael + +ARG VERSION=v3.10.1 +ENV VERSION=${VERSION} + VOLUME /opt/kael/data EXPOSE 8083 diff --git a/kael/entrypoint.sh b/kael/entrypoint.sh index a048e4ed..c540a6de 100644 --- a/kael/entrypoint.sh +++ b/kael/entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -while [ "$(curl -I -m 10 -L -k -o /dev/null -s -w %{http_code} ${CORE_HOST}/api/health/)" != "200" ] -do +until /usr/local/bin/check ${CORE_HOST}/api/health/; do echo "wait for jms_core ${CORE_HOST} ready" sleep 2 done diff --git a/koko/Dockerfile b/koko/Dockerfile index 215d877c..d397cdf6 100644 --- a/koko/Dockerfile +++ b/koko/Dockerfile @@ -1,71 +1,72 @@ -FROM jumpserver/redis:7.0-buster as redis - -FROM debian:buster-slim +FROM redis:7.0-bullseye as stage-1 +FROM debian:bullseye-slim as stage-2 ARG TARGETARCH -ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ ca-certificates \ - curl \ - libssl-dev \ - mariadb-client \ - openssh-client \ - postgresql-client \ wget" -RUN set -ex \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* + && apt-get -y install --no-install-recommends ${DEPENDENCIES} WORKDIR /opt -ARG MONGOSH_VERSION=1.10.6 +ARG CHECK_VERSION=v1.0.1 +RUN set -ex \ + && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + +ARG MONGOSH_VERSION=2.1.1 RUN set -ex \ && \ case "${TARGETARCH}" in \ - amd64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/* /usr/local/bin/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ + 'amd64') \ + ARCH=x64; \ ;; \ - arm64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* /usr/local/bin/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ + 'arm64') \ + ARCH=arm64; \ + ;; \ + 's390x') \ + ARCH=s390x; \ + ;; \ + 'ppc64le') \ + ARCH=ppc64le; \ ;; \ *) \ - echo "Unsupported architecture: ${TARGETARCH}" \ + echo "Unsupported architecture: ${TARGETARCH}"; \ ;; \ - esac - -COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli - -ARG HELM_VERSION=v3.12.1 + esac \ + && \ + if [ -n "${ARCH}" ]; then \ + wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${ARCH}.tgz \ + && tar -xf mongosh-${MONGOSH_VERSION}-linux-${ARCH}.tgz \ + && chown root:root mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/* \ + && mv mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/mongosh /usr/local/bin/ \ + && mv mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ + && rm -rf mongosh-${MONGOSH_VERSION}-linux-${ARCH}* \ + ; \ + fi +ARG HELM_VERSION=v3.13.3 +ARG KUBECTL_VERSION=v1.29.0 RUN set -ex \ - && wget https://download.jumpserver.org/public/kubectl-linux-${TARGETARCH}.tar.gz \ - && tar -xf kubectl-linux-${TARGETARCH}.tar.gz \ + && wget -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ + && tar -xf kubectl.tar.gz --strip-components=3 -C /opt kubernetes/client/bin/kubectl \ && mv kubectl /usr/local/bin/rawkubectl \ - && wget http://download.jumpserver.org/public/kubectl_aliases.tar.gz \ && mkdir /opt/kubectl-aliases/ \ - && tar -xf kubectl_aliases.tar.gz -C /opt/kubectl-aliases/ \ + && wget https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \ + && mv .kubectl_aliases /opt/kubectl-aliases/ \ && chown -R root:root /opt/kubectl-aliases/ \ - && \ - if [ "${TARGETARCH}" == "loong64" ]; then \ - wget https://github.com/wojiushixiaobai/helm-loongarch64/releases/download/${HELM_VERSION}/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz; \ - else \ - wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz; \ - fi \ + && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 linux-${TARGETARCH}/helm \ && mv helm /usr/local/bin/rawhelm \ && chmod 755 /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \ @@ -90,6 +91,36 @@ RUN set -ex \ COPY koko/entrypoint.sh . RUN chmod 755 ./entrypoint.sh +FROM debian:bullseye-slim +ENV LANG=en_US.UTF-8 + +ARG DEPENDENCIES=" \ + ca-certificates \ + libssl-dev \ + mariadb-client \ + openssh-client \ + postgresql-client" + +RUN set -ex \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && sed -i "s@# export @export @g" ~/.bashrc \ + && sed -i "s@# alias @alias @g" ~/.bashrc \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=stage-1 /usr/local/bin/redis-cli /usr/local/bin/redis-cli +COPY --from=stage-2 /usr/local/bin /usr/local/bin +COPY --from=stage-2 /opt/koko /opt/koko +COPY --from=stage-2 /opt/kubectl-aliases /opt/kubectl-aliases + +WORKDIR /opt/koko + +ARG VERSION=v3.10.1 +ENV VERSION=${VERSION} + VOLUME /opt/koko/data EXPOSE 2222 5000 diff --git a/koko/entrypoint.sh b/koko/entrypoint.sh index b15e68aa..3b130b7a 100644 --- a/koko/entrypoint.sh +++ b/koko/entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -while [ "$(curl -I -m 10 -L -k -o /dev/null -s -w %{http_code} ${CORE_HOST}/api/health/)" != "200" ] -do +until /usr/local/bin/check ${CORE_HOST}/api/health/; do echo "wait for jms_core ${CORE_HOST} ready" sleep 2 done diff --git a/lion/Dockerfile b/lion/Dockerfile index 06eed1ee..6593b494 100644 --- a/lion/Dockerfile +++ b/lion/Dockerfile @@ -1,24 +1,28 @@ -FROM jumpserver/guacd:1.5.3-buster +FROM debian:bullseye-slim as stage-1 ARG TARGETARCH -ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ ca-certificates \ - curl \ - supervisor \ wget" -USER root - -RUN set -ex \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* + && apt-get -y install --no-install-recommends ${DEPENDENCIES} + +WORKDIR /opt + +ARG CHECK_VERSION=v1.0.1 +RUN set -ex \ + && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz WORKDIR /opt/lion @@ -31,11 +35,37 @@ RUN set -ex \ && chown -R root:root /opt/lion \ && rm -f /opt/*.tar.gz -COPY lion/supervisord.conf /etc/supervisor/conf.d/lion.conf - COPY lion/entrypoint.sh . RUN chmod 755 ./entrypoint.sh +FROM jumpserver/guacd:1.5.3-bullseye +ENV LANG=en_US.UTF-8 + +ARG DEPENDENCIES=" \ + ca-certificates \ + supervisor" + +USER root + +RUN set -ex \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && sed -i "s@# export @export @g" ~/.bashrc \ + && sed -i "s@# alias @alias @g" ~/.bashrc \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=stage-1 /usr/local/bin /usr/local/bin +COPY --from=stage-1 /opt/lion /opt/lion +COPY lion/supervisord.conf /etc/supervisor/conf.d/lion.conf + +WORKDIR /opt/lion + +ARG VERSION=v3.10.1 +ENV VERSION=${VERSION} + VOLUME /opt/lion/data EXPOSE 8081 diff --git a/lion/entrypoint.sh b/lion/entrypoint.sh index f69ff525..98c9bd85 100644 --- a/lion/entrypoint.sh +++ b/lion/entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -while [ "$(curl -I -m 10 -L -k -o /dev/null -s -w %{http_code} ${CORE_HOST}/api/health/)" != "200" ] -do +until /usr/local/bin/check ${CORE_HOST}/api/health/; do echo "wait for jms_core ${CORE_HOST} ready" sleep 2 done @@ -34,4 +33,9 @@ case $LOG_LEVEL in ;; esac +if [ ! -d "/opt/lion/data/logs" ]; then + mkdir -p /opt/lion/data/logs + touch /opt/lion/data/logs/guacd.log +fi + supervisord diff --git a/magnus/Dockerfile b/magnus/Dockerfile index 0a86b7f3..e3207b2f 100644 --- a/magnus/Dockerfile +++ b/magnus/Dockerfile @@ -1,25 +1,29 @@ -FROM debian:buster-slim +FROM debian:bullseye-slim as stage-1 ARG TARGETARCH -ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ ca-certificates \ - curl \ - netcat \ wget" -RUN set -ex \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* + && apt-get -y install --no-install-recommends ${DEPENDENCIES} WORKDIR /opt +ARG CHECK_VERSION=v1.0.1 +RUN set -ex \ + && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + ARG WISP_VERSION=v0.1.16 RUN set -ex \ && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -44,6 +48,30 @@ RUN set -ex \ COPY magnus/entrypoint.sh . RUN chmod 755 ./entrypoint.sh +FROM debian:bullseye-slim +ENV LANG=en_US.UTF-8 + +ARG DEPENDENCIES=" \ + ca-certificates" + +RUN set -ex \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && sed -i "s@# export @export @g" ~/.bashrc \ + && sed -i "s@# alias @alias @g" ~/.bashrc \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=stage-1 /usr/local/bin /usr/local/bin +COPY --from=stage-1 /opt/magnus /opt/magnus + +WORKDIR /opt/magnus + +ARG VERSION=v3.10.1 +ENV VERSION=${VERSION} + VOLUME /opt/magnus/data EXPOSE 33061 33062 63790 diff --git a/magnus/entrypoint.sh b/magnus/entrypoint.sh index b22aacee..95f444df 100644 --- a/magnus/entrypoint.sh +++ b/magnus/entrypoint.sh @@ -1,8 +1,7 @@ #!/bin/bash # -while [ "$(curl -I -m 10 -L -k -o /dev/null -s -w %{http_code} ${CORE_HOST}/api/health/)" != "200" ] -do +until /usr/local/bin/check ${CORE_HOST}/api/health/; do echo "wait for jms_core ${CORE_HOST} ready" sleep 2 done diff --git a/web/Dockerfile b/web/Dockerfile index 0524580f..05d0cd0c 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,28 +1,30 @@ -FROM jumpserver/web-static:v1.0.5 as static -FROM nginx:1.24-buster +FROM jumpserver/web-static:v1.0.5 as stage-1 +FROM debian:bullseye-slim as stage-2 ARG TARGETARCH -ENV LANG=en_US.UTF-8 ARG DEPENDENCIES=" \ ca-certificates \ - curl \ - logrotate \ wget" -RUN set -ex \ +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* - -COPY --from=static /opt/download /opt/download + && apt-get -y install --no-install-recommends ${DEPENDENCIES} WORKDIR /opt +ARG CHECK_VERSION=v1.0.1 +RUN set -ex \ + && wget https://github.com/jumpserver-dev/healthch/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ + && mv check /usr/local/bin/ \ + && chown root:root /usr/local/bin/check \ + && chmod 755 /usr/local/bin/check \ + && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + ARG VERSION=v3.10.1 ENV VERSION=${VERSION} @@ -32,12 +34,40 @@ RUN set -ex \ && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ - && cd /opt/download/applets \ - && wget https://github.com/jumpserver/applets/releases/download/${VERSION}/pip_packages.zip \ + && mkdir -p /opt/download/applets \ + && wget -O /opt/download/applets/pip_packages.zip https://github.com/jumpserver/applets/releases/download/${VERSION}/pip_packages.zip \ && rm -f /opt/*.tar.gz -COPY web/nginx.conf /etc/nginx/ COPY web/entrypoint.sh . RUN chmod 755 ./entrypoint.sh +FROM nginx:1.24-bullseye +ENV LANG=en_US.UTF-8 + +ARG DEPENDENCIES=" \ + ca-certificates \ + logrotate" + +RUN set -ex \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ + && echo "no" | dpkg-reconfigure dash \ + && sed -i "s@# export @export @g" ~/.bashrc \ + && sed -i "s@# alias @alias @g" ~/.bashrc \ + && apt-get clean all \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=stage-1 /opt/download /opt/download +COPY --from=stage-2 /usr/local/bin /usr/local/bin +COPY --from=stage-2 /opt /opt +COPY web/nginx.conf /etc/nginx/ + +WORKDIR /opt + +ARG VERSION=v3.10.1 +ENV VERSION=${VERSION} + +VOLUME /var/log/nginx + CMD [ "./entrypoint.sh" ] diff --git a/web/entrypoint.sh b/web/entrypoint.sh index 465cce72..85d613ab 100644 --- a/web/entrypoint.sh +++ b/web/entrypoint.sh @@ -5,4 +5,9 @@ if [ -f "/etc/init.d/cron" ]; then /etc/init.d/cron start fi +until /usr/local/bin/check ${CORE_HOST}/api/health/; do + echo "wait for jms_core ${CORE_HOST} ready" + sleep 2 +done + nginx -g "daemon off;"