diff options
author | Rin Kuryloski <kuryloskip@vmware.com> | 2022-09-20 15:47:38 +0200 |
---|---|---|
committer | Rin Kuryloski <kuryloskip@vmware.com> | 2022-09-20 18:18:46 +0200 |
commit | 898d26634363e1cc737ec4968ba5e3728365dc51 (patch) | |
tree | 83b8be704215e27f83fc31f2902dd3e4286ed6d1 | |
parent | 7ad7fb26d3323b1431fde9c5315082a6fd952c8f (diff) | |
download | rabbitmq-server-git-pjk25/restore-multi-arch-oci.tar.gz |
Rework the Dockerfile for dev images to be more like the bazel buildpjk25/restore-multi-arch-oci
-rw-r--r-- | .bazelrc | 2 | ||||
-rw-r--r-- | .github/workflows/oci-base.yaml | 1 | ||||
-rw-r--r-- | .github/workflows/oci.yaml | 4 | ||||
-rw-r--r-- | packaging/docker-image/.gitignore | 1 | ||||
-rw-r--r-- | packaging/docker-image/BUILD.bazel | 13 | ||||
-rw-r--r-- | packaging/docker-image/Dockerfile | 326 | ||||
-rw-r--r-- | packaging/docker-image/Makefile | 68 | ||||
-rwxr-xr-x | packaging/docker-image/build_install_openssl.sh (renamed from packaging/docker-image/build_install_openssh.sh) | 0 | ||||
-rwxr-xr-x | packaging/docker-image/build_install_otp.sh | 3 | ||||
-rwxr-xr-x[-rw-r--r--] | packaging/docker-image/install_rabbitmq.sh | 2 |
10 files changed, 105 insertions, 315 deletions
@@ -14,7 +14,7 @@ build:buildbuddy --remote_cache=grpcs://remote.buildbuddy.io build:buildbuddy --remote_timeout=1200 build:buildbuddy --grpc_keepalive_time=360s build:buildbuddy --grpc_keepalive_timeout=360s -build:buildbuddy --remote_download_minimal +build:buildbuddy --remote_download_toplevel build:buildbuddy --build_metadata=REPO_URL=https://github.com/rabbitmq/rabbitmq-server.git build:buildbuddy --experimental_remote_cache_compression build:buildbuddy --experimental_remote_cache_async diff --git a/.github/workflows/oci-base.yaml b/.github/workflows/oci-base.yaml index 1ba8c56cb4..df3e36e805 100644 --- a/.github/workflows/oci-base.yaml +++ b/.github/workflows/oci-base.yaml @@ -19,6 +19,7 @@ jobs: platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx + id: buildx uses: docker/setup-buildx-action@v2 - name: Available platforms diff --git a/.github/workflows/oci.yaml b/.github/workflows/oci.yaml index 7cac49751b..3d9f85dd8f 100644 --- a/.github/workflows/oci.yaml +++ b/.github/workflows/oci.yaml @@ -98,6 +98,7 @@ jobs: platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx + id: buildx uses: docker/setup-buildx-action@v2 - name: Available platforms @@ -130,7 +131,8 @@ jobs: - name: Expand generic-unix-package working-directory: packaging/docker-image run: | - xzcat ${{ steps.resolve-artifact-path.outputs.ARTIFACT_PATH }} | tar xvf - + xzcat ${{ steps.resolve-artifact-path.outputs.ARTIFACT_PATH }} \ + > package-generic-unix.tar - name: Compute image tags id: compute-tags diff --git a/packaging/docker-image/.gitignore b/packaging/docker-image/.gitignore new file mode 100644 index 0000000000..bfd4973e48 --- /dev/null +++ b/packaging/docker-image/.gitignore @@ -0,0 +1 @@ +package-generic-unix.tar diff --git a/packaging/docker-image/BUILD.bazel b/packaging/docker-image/BUILD.bazel index d8516ba75d..b1c3503343 100644 --- a/packaging/docker-image/BUILD.bazel +++ b/packaging/docker-image/BUILD.bazel @@ -24,8 +24,8 @@ BUILD_DEPS_PACKAGES = [ "autoconf", "ca-certificates", "dpkg-dev", - "g++", "gcc", + "g++", "libncurses5-dev", "make", ] @@ -83,7 +83,7 @@ container_layer( "OPENSSL_VERSION": "1.1.1g", }, files = [ - "build_install_openssh.sh", + "build_install_openssl.sh", ], tags = ["manual"], tars = [ @@ -101,8 +101,8 @@ container_image( container_run_and_commit_layer( name = "openssl_layer", commands = [ - "/usr/local/src/build_install_openssh.sh", - "rm /usr/local/src/build_install_openssh.sh", + "/usr/local/src/build_install_openssl.sh", + "rm /usr/local/src/build_install_openssl.sh", ], image = ":openssl_source.tar", tags = ["manual"], @@ -191,7 +191,7 @@ container_image( "RABBITMQ_HOME": RABBITMQ_HOME, "RABBITMQ_LOGS": "-", "HOME": RABBITMQ_DATA_DIR, - "PATH": "%s/sbin:$$PATH" % RABBITMQ_HOME, + "PATH": "/opt/otp/bin:%s/sbin:$$PATH" % RABBITMQ_HOME, "LANG": C_UTF8, "LANGUAGE": C_UTF8, "LC_ALL": C_UTF8, @@ -239,6 +239,9 @@ container_image( container_image( name = "otp_install_wrapper", base = ":rabbitmq_pkgs_image", + env = { + "PATH": "/opt/otp/bin:$$PATH", + }, layers = [ ":otp_layer", ], diff --git a/packaging/docker-image/Dockerfile b/packaging/docker-image/Dockerfile index ced2a49e76..64652f1b39 100644 --- a/packaging/docker-image/Dockerfile +++ b/packaging/docker-image/Dockerfile @@ -1,51 +1,10 @@ # The official Canonical Ubuntu Bionic image is ideal from a security perspective, # especially for the enterprises that we, the RabbitMQ team, have to deal with ARG BASE=ubuntu -FROM ${BASE}:20.04 +FROM ${BASE}:20.04 as otp RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# grab gosu for easy step-down from root - gosu \ - ; \ - rm -rf /var/lib/apt/lists/*; \ -# verify that the "gosu" binary works - gosu nobody true - -# PGP key servers are too flaky for us to verify during every CI triggered build -# https://github.com/docker-library/official-images/issues/4252 -ARG SKIP_PGP_VERIFY=false -# Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally -ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net -# If you are building this image locally and are getting `gpg: keyserver receive failed: No data` errors, -# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.7 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.7/ubuntu -# For context, see https://github.com/docker-library/official-images/issues/4252 - -# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/ -ENV OPENSSL_VERSION 1.1.1g -ENV OPENSSL_SOURCE_SHA256="ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" -# https://www.openssl.org/community/omc.html -ENV OPENSSL_PGP_KEY_IDS="0x8657ABB260F056B1E5190839D9C4D26D0E604491 0x5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33 0xED230BEC4D4F2518B9D7DF41F0DB4D21C1D35231 0xC1F33DD8CE1D4CC613AF14DA9195C48241FBF7DD 0x7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C 0xE5E52560DD91C556DDBDA5D02064C53641C25E5D" - -# Use the latest stable Erlang/OTP release - make find-latest-otp - https://github.com/erlang/otp/tags -ARG OTP_VERSION -ENV OTP_VERSION ${OTP_VERSION} -# TODO add PGP checking when the feature will be added to Erlang/OTP's build system -# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html -ARG OTP_SHA256 -ENV OTP_SOURCE_SHA256=${OTP_SHA256} -ARG SKIP_OTP_VERIFY=false - -# Install dependencies required to build Erlang/OTP from source -# https://erlang.org/doc/installation_guide/INSTALL.html -# autoconf: Required to configure Erlang/OTP before compiling -# dpkg-dev: Required to set up host & build type when compiling Erlang/OTP -# gnupg: Required to verify OpenSSL artefacts -# libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli -RUN set -eux; \ \ - savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install --yes --no-install-recommends \ autoconf \ @@ -53,253 +12,128 @@ RUN set -eux; \ dpkg-dev \ gcc \ g++ \ - gnupg \ libncurses5-dev \ make \ wget \ ; \ - rm -rf /var/lib/apt/lists/*; \ + rm -rf /var/lib/apt/lists/* + +ENV OPENSSL_VERSION 1.1.1g +ENV OPENSSL_SOURCE_SHA256="ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" + +# we skip the cert check because it's broken on arm32v7, and we have a checksum anyway +# https://github.com/dotnet/runtime/issues/66310 +RUN set -eux; \ \ OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \ OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \ OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \ \ -# Required by the crypto & ssl Erlang/OTP applications - wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \ - wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz" "$OPENSSL_SOURCE_URL"; \ - export GNUPGHOME="$(mktemp -d)"; \ - for key in $OPENSSL_PGP_KEY_IDS; do \ - gpg --batch --keyserver "$PGP_KEYSERVER" --recv-keys "$key" || true; \ - done; \ - test "$SKIP_PGP_VERIFY" == "true" || gpg --batch --verify "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_PATH.tar.gz"; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ + wget \ + --no-check-certificate \ + --progress dot:giga \ + --output-document "$OPENSSL_PATH.tar.gz" \ + "$OPENSSL_SOURCE_URL"; \ echo "$OPENSSL_SOURCE_SHA256 *$OPENSSL_PATH.tar.gz" | sha256sum --check --strict -; \ mkdir -p "$OPENSSL_PATH"; \ - tar --extract --file "$OPENSSL_PATH.tar.gz" --directory "$OPENSSL_PATH" --strip-components 1; \ - \ -# Configure OpenSSL for compilation - cd "$OPENSSL_PATH"; \ -# OpenSSL's "config" script uses a lot of "uname"-based target detection... - MACHINE="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)" \ - RELEASE="4.x.y-z" \ - SYSTEM='Linux' \ - BUILD='???' \ - ./config \ - --openssldir="$OPENSSL_CONFIG_DIR" \ -# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) - -Wl,-rpath=/usr/local/lib \ - ; \ -# Compile, install OpenSSL, verify that the command-line works & development headers are present - make -j "$(getconf _NPROCESSORS_ONLN)"; \ - make install_sw install_ssldirs; \ - cd ..; \ - rm -rf "$OPENSSL_PATH"*; \ - ldconfig; \ -# use Debian's CA certificates - rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \ - ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \ -# smoke test - openssl version; \ + tar --extract --file "$OPENSSL_PATH.tar.gz" --directory "$OPENSSL_PATH" --strip-components 1 + +ADD build_install_openssl.sh /usr/local/src + +RUN set -eux; \ \ + /usr/local/src/build_install_openssl.sh; \ + rm /usr/local/src/build_install_openssl.sh + +ARG OTP_VERSION=25.0.4 +ENV OTP_VERSION ${OTP_VERSION} +# TODO add PGP checking when the feature will be added to Erlang/OTP's build system +# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html +ARG OTP_SHA256=05878cb51a64b33c86836b12a21903075c300409b609ad5e941ddb0feb8c2120 +ENV OTP_SOURCE_SHA256=${OTP_SHA256} + +RUN set -eux; \ OTP_SOURCE_URL="https://github.com/erlang/otp/archive/OTP-$OTP_VERSION.tar.gz"; \ - OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \ + OTP_PATH="/usr/local/src/otp-OTP-$OTP_VERSION"; \ \ # Download, verify & extract OTP_SOURCE mkdir -p "$OTP_PATH"; \ - wget --progress dot:giga --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \ - test "$SKIP_OTP_VERIFY" = "true" || echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum --check --strict -; \ + wget \ + --no-check-certificate \ + --progress dot:giga \ + --output-document "$OTP_PATH.tar.gz" \ + "$OTP_SOURCE_URL"; \ + echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum --check --strict -; \ tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \ - \ -# Configure Erlang/OTP for compilation, disable unused features & applications -# https://erlang.org/doc/applications.html -# ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation - cd "$OTP_PATH"; \ - export ERL_TOP="$OTP_PATH"; \ - ./otp_build autoconf; \ - CFLAGS="$(dpkg-buildflags --get CFLAGS)"; export CFLAGS; \ -# add -rpath to avoid conflicts between our OpenSSL's "libssl.so" and the libssl package by making sure /usr/local/lib is searched first (but only for Erlang/OpenSSL to avoid issues with other tools using libssl; https://github.com/docker-library/rabbitmq/issues/364) - export CFLAGS="$CFLAGS -Wl,-rpath=/usr/local/lib"; \ - hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \ - buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}"; \ - ./configure \ - --host="$hostArch" \ - --build="$buildArch" \ - --disable-dynamic-ssl-lib \ - --disable-hipe \ - --disable-sctp \ - --disable-silent-rules \ - --enable-jit \ - --enable-clock-gettime \ - --enable-hybrid-heap \ - --enable-kernel-poll \ - --enable-shared-zlib \ - --enable-smp-support \ - --enable-threads \ - --with-microstate-accounting=extra \ - --without-common_test \ - --without-debugger \ - --without-dialyzer \ - --without-diameter \ - --without-edoc \ - --without-erl_docgen \ - --without-et \ - --without-eunit \ - --without-ftp \ - --without-hipe \ - --without-jinterface \ - --without-megaco \ - --without-observer \ - --without-odbc \ - --without-reltool \ - --without-ssh \ - --without-tftp \ - --without-wx \ - ; \ -# Compile & install Erlang/OTP - make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \ - make install; \ - cd ..; \ - rm -rf \ - "$OTP_PATH"* \ - /usr/local/lib/erlang/lib/*/examples \ - /usr/local/lib/erlang/lib/*/src \ - ; \ - \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ - find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - ; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - \ -# Check that OpenSSL still works after purging build dependencies - openssl version; \ -# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly - erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' + rm "$OTP_PATH.tar.gz" -ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq -# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM -RUN set -eux; \ - groupadd --gid 999 --system rabbitmq; \ - useradd --uid 999 --system --home-dir "$RABBITMQ_DATA_DIR" --gid rabbitmq rabbitmq; \ - mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \ - chown -fR rabbitmq:rabbitmq "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \ - chmod 777 "$RABBITMQ_DATA_DIR" /etc/rabbitmq /etc/rabbitmq/conf.d /tmp/rabbitmq-ssl /var/log/rabbitmq; \ - ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie +ADD build_install_otp.sh /usr/local/src -# https://www.rabbitmq.com/signatures.html#importing-gpg -# ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA" -ENV RABBITMQ_HOME=/opt/rabbitmq +RUN set -eux; \ + \ + /usr/local/src/build_install_otp.sh; \ + rm /usr/local/src/build_install_otp.sh -# Add RabbitMQ to PATH, send all logs to TTY -ENV PATH=$RABBITMQ_HOME/sbin:$PATH \ - RABBITMQ_LOGS=- +FROM ${BASE}:20.04 as rabbitmq RUN set -eux; \ \ - savedAptMark="$(apt-mark showmanual)"; \ apt-get update; \ apt-get install --yes --no-install-recommends \ - ca-certificates \ - gnupg \ - wget \ - xz-utils \ + gosu \ + python3 \ + dstat \ + sysstat \ + htop \ + nmon \ + tmux \ + neovim \ ; \ - rm -rf /var/lib/apt/lists/*; \ - \ - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false + rm -rf /var/lib/apt/lists/* + +ARG OPENSSL_CONFIG_DIR=/usr/local/etc/ssl +COPY --from=otp ${OPENSSL_CONFIG_DIR} ${OPENSSL_CONFIG_DIR} +RUN ln -sf /etc/ssl/certs /etc/ssl/private "${OPENSSL_CONFIG_DIR}" + +ARG OTP_INSTALL_DIR=/opt/otp +COPY --from=otp ${OTP_INSTALL_DIR} ${OTP_INSTALL_DIR} + +ADD 10-default-guest-user.conf /opt +ADD docker-entrypoint.sh /opt +ADD install_rabbitmq.sh /opt -# Install RabbitMQ -ARG RABBITMQ_BUILD -COPY ${RABBITMQ_BUILD} $RABBITMQ_HOME +ARG RABBITMQ_ARCHIVE=package-generic-unix.tar +ADD ${RABBITMQ_ARCHIVE} /opt + +ENV RABBITMQ_DATA_DIR /var/lib/rabbitmq +ENV RABBITMQ_HOME /opt/rabbitmq +ENV RABBITMQ_LOGS - + +ADD install_rabbitmq.sh /usr/local/src RUN set -eux; \ -# Do not default SYS_PREFIX to RABBITMQ_HOME, leave it empty - grep -qE '^SYS_PREFIX=\$\{RABBITMQ_HOME\}$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \ - sed -i 's/^SYS_PREFIX=.*$/SYS_PREFIX=/' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \ - grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \ - chown -R rabbitmq:rabbitmq "$RABBITMQ_HOME"; \ \ -# verify assumption of no stale cookies - [ ! -e "$RABBITMQ_DATA_DIR/.erlang.cookie" ]; \ -# Ensure RabbitMQ was installed correctly by running a few commands that do not depend on a running server, as the rabbitmq user -# If they all succeed, it's safe to assume that things have been set up correctly - gosu rabbitmq rabbitmqctl help; \ - gosu rabbitmq rabbitmqctl list_ciphers; \ - gosu rabbitmq rabbitmq-plugins list; \ -# no stale cookies - rm "$RABBITMQ_DATA_DIR/.erlang.cookie" - -# Added for backwards compatibility - users can simply COPY custom plugins to /plugins -RUN ln -sf /opt/rabbitmq/plugins /plugins + /usr/local/src/install_rabbitmq.sh; \ + rm /usr/local/src/install_rabbitmq.sh -# set home so that any `--user` knows where to put the erlang cookie -ENV HOME $RABBITMQ_DATA_DIR -# Hint that the data (a.k.a. home dir) dir should be separate volume -VOLUME $RABBITMQ_DATA_DIR +ENV HOME ${RABBITMQ_DATA_DIR} +ENV PATH /opt/otp/bin:${RABBITMQ_HOME}/sbin:${PATH} +ENV LANG C.UTF-8 +ENV LANGUAGE C.UTF-8 +ENV LC_ALL C.UTF-8 -# warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell) -# Setting all environment variables that control language preferences, behaviour differs - https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html#The-LANGUAGE-variable -# https://docs.docker.com/samples/library/ubuntu/#locales -ENV LANG=C.UTF-8 LANGUAGE=C.UTF-8 LC_ALL=C.UTF-8 +VOLUME ${RABBITMQ_DATA_DIR} -COPY --chown=rabbitmq:rabbitmq 10-default-guest-user.conf /etc/rabbitmq/conf.d/ -COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] # EPMD AMQP-TLS AMQP ERLANG EXPOSE 4369 5671 5672 25672 CMD ["rabbitmq-server"] -# rabbitmq_management -RUN rabbitmq-plugins enable --offline rabbitmq_management && \ - rabbitmq-plugins is_enabled rabbitmq_management --offline -# extract "rabbitmqadmin" from inside the "rabbitmq_management-X.Y.Z.ez" plugin zipfile -# see https://github.com/docker-library/rabbitmq/issues/207 -# RabbitMQ 3.9 onwards uses uncompressed plugins by default, in which case extraction is -# unnecesary -RUN set -eux; \ - if [ -s /plugins/rabbitmq_management-*.ez ]; then \ - erl -noinput -eval ' \ - { ok, AdminBin } = zip:foldl(fun(FileInArchive, GetInfo, GetBin, Acc) -> \ - case Acc of \ - "" -> \ - case lists:suffix("/rabbitmqadmin", FileInArchive) of \ - true -> GetBin(); \ - false -> Acc \ - end; \ - _ -> Acc \ - end \ - end, "", init:get_plain_arguments()), \ - io:format("~s", [ AdminBin ]), \ - init:stop(). \ - ' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \ - else \ - cp /plugins/rabbitmq_management-*/priv/www/cli/rabbitmqadmin /usr/local/bin/rabbitmqadmin; \ - fi; \ - [ -s /usr/local/bin/rabbitmqadmin ]; \ - chmod +x /usr/local/bin/rabbitmqadmin; \ - apt-get update; apt-get install -y --no-install-recommends python3 dstat sysstat htop nmon tmux neovim; rm -rf /var/lib/apt/lists/*; \ - rabbitmqadmin --version # MANAGEMENT-TLS MANAGEMENT EXPOSE 15671 15672 - -RUN rabbitmq-plugins enable --offline rabbitmq_prometheus && \ - rabbitmq-plugins is_enabled rabbitmq_prometheus --offline # PROMETHEUS-TLS PROMETHEUS EXPOSE 15691 15692 - -RUN rabbitmq-plugins enable --all # STREAM-TLS STREAM EXPOSE 5551 5552 # MQTT-TLS MQTT diff --git a/packaging/docker-image/Makefile b/packaging/docker-image/Makefile index 6e82080b60..e8fe13ca49 100644 --- a/packaging/docker-image/Makefile +++ b/packaging/docker-image/Makefile @@ -1,69 +1,15 @@ -# PROJECT_VERSION defaults to: -# 1. the version exported by rabbitmq-server-release; -# 2. the version stored in `git-revisions.txt`, if it exists; -# 3. a version based on git-describe(1), if it is a Git clone; -# 4. 0.0.0 - -PROJECT_VERSION := $(RABBITMQ_VERSION) - -ifeq ($(PROJECT_VERSION),) -PROJECT_VERSION := $(shell \ -if test -f git-revisions.txt; then \ - head -n1 git-revisions.txt | \ - awk '{print $$$(words $(PROJECT_DESCRIPTION) version);}'; \ -else \ - (git describe --dirty --abbrev=7 --tags --always --first-parent \ - 2>/dev/null || echo rabbitmq_v0_0_0) | \ - sed -e 's/^rabbitmq_v//' -e 's/^v//' -e 's/_/./g' -e 's/-/+/' \ - -e 's/-/./g'; \ -fi) -endif - -ifeq ($(filter-out all dist push clean,$(MAKECMDGOALS)),) -GENERIC_UNIX_ARCHIVE ?= $(wildcard $(PACKAGES_DIR)/rabbitmq-server-generic-unix-$(PROJECT_VERSION).tar.xz) - -ifeq ($(GENERIC_UNIX_ARCHIVE),) -$(error Cannot find generic-unix archive; please specify GENERIC_UNIX_ARCHIVE) -endif - -VERSION ?= $(patsubst rabbitmq-server-generic-unix-%.tar.xz,%,$(notdir $(GENERIC_UNIX_ARCHIVE))) -ifeq ($(VERSION),) -$(error Cannot determine version; please specify VERSION) -endif - -IMAGE_TAG_1 ?= $(subst +,-,$(VERSION)) -endif - -OTP_VERSION ?= 25.0.4 -OTP_SHA256 ?= 05878cb51a64b33c86836b12a21903075c300409b609ad5e941ddb0feb8c2120 -REPO ?= pivotalrabbitmq/rabbitmq -SKIP_PGP_VERIFY ?= false -PGP_KEYSERVER ?= pgpkeys.eu -ALT1_PGP_KEYSERVER ?= keyserver.ubuntu.com -ALT2_PGP_KEYSERVER ?= pgpkeys.uk - all: dist -dist: - xzcat $(GENERIC_UNIX_ARCHIVE) | tar xvf - - docker build --pull \ - --build-arg SKIP_PGP_VERIFY=$(SKIP_PGP_VERIFY) \ - --build-arg PGP_KEYSERVER=$(PGP_KEYSERVER) \ - --build-arg OTP_VERSION=$(OTP_VERSION) \ - --build-arg OTP_SHA256=$(OTP_SHA256) \ - --build-arg RABBITMQ_BUILD=rabbitmq_server-$(VERSION) \ - --tag $(REPO):$(IMAGE_TAG_1) \ +dist: package-generic-unix.tar + docker buildx build --pull \ + --platform linux/arm/v7,linux/amd64 \ . -push: - docker push $(REPO):$(IMAGE_TAG_1) -ifdef IMAGE_TAG_2 - docker tag $(REPO):$(IMAGE_TAG_1) $(REPO):$(IMAGE_TAG_2) - docker push $(REPO):$(IMAGE_TAG_2) -endif - clean: - rm -rf rabbitmq_server-* + rm package-generic-unix.tar + +package-generic-unix.tar: + xzcat ../../bazel-bin/package-generic-unix.tar.xz > $@ OTP_VERSION_MATCH ?= 25[0-9.]+ define LATEST_STABLE_OTP_VERSION diff --git a/packaging/docker-image/build_install_openssh.sh b/packaging/docker-image/build_install_openssl.sh index c77fefce2d..c77fefce2d 100755 --- a/packaging/docker-image/build_install_openssh.sh +++ b/packaging/docker-image/build_install_openssl.sh diff --git a/packaging/docker-image/build_install_otp.sh b/packaging/docker-image/build_install_otp.sh index eb8a126786..7cdcfcd8c1 100755 --- a/packaging/docker-image/build_install_otp.sh +++ b/packaging/docker-image/build_install_otp.sh @@ -17,6 +17,7 @@ hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)" buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" dpkgArch="$(dpkg --print-architecture)"; dpkgArch="${dpkgArch##*-}" ./configure \ + --prefix=/opt/otp \ --host="$hostArch" \ --build="$buildArch" \ --disable-dynamic-ssl-lib \ @@ -60,4 +61,4 @@ rm -rf \ /usr/local/lib/erlang/lib/*/src # Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly -erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' +/opt/otp/bin/erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().' diff --git a/packaging/docker-image/install_rabbitmq.sh b/packaging/docker-image/install_rabbitmq.sh index 5555e639e4..05b81188f3 100644..100755 --- a/packaging/docker-image/install_rabbitmq.sh +++ b/packaging/docker-image/install_rabbitmq.sh @@ -2,6 +2,8 @@ set -euxo pipefail +export PATH="/opt/otp/bin:$PATH" + mv /opt/rabbitmq_server-* $RABBITMQ_HOME groupadd --gid 999 --system rabbitmq |