From b353f0142fef87a2c91bcfb2ef8c826daa9b828f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Tue, 18 Jun 2024 08:24:26 +0800 Subject: [PATCH 1/5] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E9=9B=86?= =?UTF-8?q?=E7=BE=A4=E9=83=A8=E7=BD=B2=E8=AF=B4=E6=98=8E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 139 +++++++++++++++++++++--- README_EN.md | 143 ++++++++++++++++++++++--- allinone/Dockerfile | 20 ++-- allinone/entrypoint.sh | 11 +- config_example.conf | 13 ++- core/entrypoint.sh | 21 +++- docker-compose-build.yml | 85 ++------------- docker-compose-init-db.yml | 28 +++-- docker-compose-mariadb.yml | 5 - docker-compose-network.yml | 2 +- docker-compose-redis.yml | 5 - docker-compose.yml | 212 ++++++++++++++++++++----------------- 12 files changed, 430 insertions(+), 254 deletions(-) diff --git a/README.md b/README.md index bfd7f2a..8cccaaf 100644 --- a/README.md +++ b/README.md @@ -12,22 +12,23 @@ -------------------------- -环境要求 +## 环境要求 - MariaDB Server >= 10.6 - Redis Server >= 6.0 -快速部署 +## 快速部署 ```sh # 测试环境可以使用,生产环境推荐外置数据 git clone --depth=1 https://github.com/jumpserver/Dockerfile.git cd Dockerfile cp config_example.conf .env docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d + +docker rm jms_init_db ``` -标准部署 +## 标准部署 > 请先自行创建 数据库 和 Redis, 版本要求参考上面环境要求说明 @@ -56,38 +57,46 @@ vi .env ``` ```vim # 版本号可以自己根据项目的版本修改 -VERSION=v3.10.7 +VERSION=v3.10.10 -# 构建参数, 支持 amd64/arm64/loong64 +# 构建参数, 支持 amd64, arm64, ppc64le, s390x TARGETARCH=amd64 -# Compose +# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay COMPOSE_PROJECT_NAME=jms # COMPOSE_HTTP_TIMEOUT=3600 # DOCKER_CLIENT_TIMEOUT=3600 DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=overlay # 持久化存储 VOLUME_DIR=/opt/jumpserver -# MySQL, 修改为你的外置 **数据库** 地址 +# 时区 +TZ=Asia/Shanghai + +# MySQL DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G DB_NAME=jumpserver -# Redis, 修改为你的外置 **Redis** 地址 +# Redis REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj -# Core, 修改 SECRET_KEY 和 BOOTSTRAP_TOKEN +# Core SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO LOG_LEVEL=ERROR DOMAINS= +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + # Web HTTP_PORT=80 SSH_PORT=2222 @@ -97,15 +106,119 @@ MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、lion、magnus 等。 +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... ``` ```sh docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose.yml up -d + +docker rm jms_init_db +``` + +## 集群部署 + +- Docker Swarm 集群环境 +- 自行创建 MySQL 和 Redis, 参考上面环境要求说明 +- 自行创建持久化共享存储目录 ( 例如 NFS, GlusterFS, Ceph 等 ) + +```sh +# 在所有 Docker Swarm Worker 节点挂载 NFS 或者其他共享存储, 例如 /data/jumpserver +# 注意: 需要手动创建所有需要挂载的持久化目录, Docker Swarm 模式不会自动创建所需的目录 +mkdir -p /data/jumpserver/core/data +mkdir -p /data/jumpserver/chen/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/kael/data +mkdir -p /data/jumpserver/koko/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/magnus/data +mkdir -p /data/jumpserver/web/data/logs +mkdir -p /data/jumpserver/web/download +``` +```sh +git clone --depth=1 https://github.com/jumpserver/Dockerfile.git +cd Dockerfile +cp config_example.conf .env +vi .env +``` +```vim +# 版本号可以自己根据项目的版本修改 +VERSION=v3.10.10 + +# 构建参数, 支持 amd64, arm64, ppc64le, s390x +TARGETARCH=amd64 + +# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay +COMPOSE_PROJECT_NAME=jms +# COMPOSE_HTTP_TIMEOUT=3600 +# DOCKER_CLIENT_TIMEOUT=3600 +DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=overlay + +# 持久化存储 +VOLUME_DIR=/opt/jumpserver + +# 时区 +TZ=Asia/Shanghai + +# MySQL +DB_HOST=mysql +DB_PORT=3306 +DB_USER=root +DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G +DB_NAME=jumpserver + +# Redis +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj + +# Core +SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy +BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO +LOG_LEVEL=ERROR +DOMAINS= + +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + +# Web +HTTP_PORT=80 +SSH_PORT=2222 +MAGNUS_MYSQL_PORT=33061 +MAGNUS_MARIADB_PORT=33062 +MAGNUS_REDIS_PORT=63790 + +## +# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... +``` +```sh +# 生成 docker stack 部署所需文件 +docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml +docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml +``` +```sh +# 初始化数据库 +docker stack deploy -c docker-stack-init-db.yml jumpserver +docker service ls +docker service ps jumpserver_init_db + +# 根据查到的 Worker 节点, 到对应节点查看初始化日志 +``` +```sh +# 启动 JumpServer 应用 +docker stack deploy -c docker-stack.yml jumpserver +docker service ls +``` +```sh +# 扩容缩容 +docker service update --replicas=2 jumpserver_koko # 扩容 koko 到 2 个副本 +docker service update --replicas=4 jumpserver_lion # 扩容 lion 到 2 个副本 +# ... ``` -build +## Build ```sh # 如果希望手动构建镜像, 可以使用下面的命令 cd Dockerfile diff --git a/README_EN.md b/README_EN.md index cc286a3..256fc4c 100644 --- a/README_EN.md +++ b/README_EN.md @@ -12,22 +12,23 @@ -------------------------- -Environment Requirements +## Environment Requirements - MariaDB Server >= 10.6 - Redis Server >= 6.0 -Quick Deployment +## Quick Deployment ```sh # Suitable for testing environment, for production environment, it is recommended to use external data git clone --depth=1 https://github.com/jumpserver/Dockerfile.git cd Dockerfile cp config_example.conf .env docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d + +docker rm jms_init_db ``` -Standard Deployment +## Standard Deployment > Please create the database and Redis yourself first, the version requirements refer to the above environment requirements @@ -55,39 +56,47 @@ cp config_example.conf .env vi .env ``` ```vim -# You can modify the version number according to the project version -VERSION=v3.10.7 +# The version number can be modified according to the version of the project +VERSION=v3.10.10 -# Build parameters, support amd64/arm64/loong64 +# Build parameters, support amd64, arm64, ppc64le, s390x TARGETARCH=amd64 -# Compose +# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay COMPOSE_PROJECT_NAME=jms # COMPOSE_HTTP_TIMEOUT=3600 # DOCKER_CLIENT_TIMEOUT=3600 DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=bridge # Persistent storage VOLUME_DIR=/opt/jumpserver -# MySQL, modify to your external **database** address +# Time zone +TZ=Asia/Shanghai + +# MySQL DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G DB_NAME=jumpserver -# Redis, modify to your external **Redis** address +# Redis REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj -# Core, modify SECRET_KEY and BOOTSTRAP_TOKEN +# Core SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO LOG_LEVEL=ERROR DOMAINS= +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + # Web HTTP_PORT=80 SSH_PORT=2222 @@ -96,16 +105,120 @@ MAGNUS_MARIADB_PORT=33062 MAGNUS_REDIS_PORT=63790 ## -# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it during the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. -# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. Components refer to koko, lion, magnus, etc. +# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. +# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ... ``` ```sh docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose.yml up -d + +docker rm jms_init_db +``` + +## Cluster Deployment + +- Docker Swarm cluster environment +- Create MySQL and Redis yourself, refer to the above environment requirements +- Create a persistent shared storage directory yourself (such as NFS, GlusterFS, Ceph, etc.) + +```sh +# Mount NFS or other shared storage on all Docker Swarm Worker nodes, such as /data/jumpserver +# Note: You need to manually create all the persistent directories that need to be mounted, Docker Swarm mode will not automatically create the required directories +mkdir -p /data/jumpserver/core/data +mkdir -p /data/jumpserver/chen/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/kael/data +mkdir -p /data/jumpserver/koko/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/magnus/data +mkdir -p /data/jumpserver/web/data/logs +mkdir -p /data/jumpserver/web/download +``` +```sh +git clone --depth=1 https://github.com/jumpserver/Dockerfile.git +cd Dockerfile +cp config_example.conf .env +vi .env +``` +```vim +# The version number can be modified according to the version of the project +VERSION=v3.10.10 + +# Build parameters, support amd64, arm64, ppc64le, s390x +TARGETARCH=amd64 + +# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay +COMPOSE_PROJECT_NAME=jms +# COMPOSE_HTTP_TIMEOUT=3600 +# DOCKER_CLIENT_TIMEOUT=3600 +DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=overlay + +# Persistent storage +VOLUME_DIR=/opt/jumpserver + +# Time zone +TZ=Asia/Shanghai + +# MySQL +DB_HOST=mysql +DB_PORT=3306 +DB_USER=root +DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G +DB_NAME=jumpserver + +# Redis +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj + +# Core +SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy +BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO +LOG_LEVEL=ERROR +DOMAINS= + +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + +# Web +HTTP_PORT=80 +SSH_PORT=2222 +MAGNUS_MYSQL_PORT=33061 +MAGNUS_MARIADB_PORT=33062 +MAGNUS_REDIS_PORT=63790 + +## +# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. +# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ... +``` +```sh +# Generate files required for docker stack deployment +docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml +docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml +``` +```sh +# Initialize the database +docker stack deploy -c docker-stack-init-db.yml jumpserver +docker service ls +docker service ps jumpserver_init_db + +# According to the found Worker node, check the initialization log on the corresponding node +``` +```sh +# Start JumpServer application +docker stack deploy -c docker-stack.yml jumpserver +docker service ls +``` +```sh +# Scale up and down +docker service update --replicas=2 jumpserver_koko # Scale up koko to 2 replicas +docker service update --replicas=4 jumpserver_lion # Scale up lion to 2 replicas +# ... ``` -Build +## Build ```vim # Build parameters, support amd64/arm64 TARGETARCH=amd64 diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 8f08cb1..52b2deb 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -72,18 +72,11 @@ RUN set -ex \ ARG PREFIX_DIR=/opt/guacamole ENV LD_LIBRARY_PATH=${PREFIX_DIR}/lib -ARG RUNTIME_DEPENDENCIES=" \ - fonts-dejavu \ - fonts-liberation \ - ghostscript \ - netcat-openbsd \ - xfonts-terminus" COPY --from=guacd ${PREFIX_DIR} ${PREFIX_DIR} RUN set -ex \ && apt-get update \ - && apt-get install -y --no-install-recommends $RUNTIME_DEPENDENCIES \ && apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES) \ && apt-get clean all \ && rm -rf /var/lib/apt/lists/* @@ -136,6 +129,12 @@ RUN set -ex \ && chown -R root:root /opt/luna \ && rm -f /opt/*.tar.gz +RUN set -ex \ + && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ + && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ + && chown root:root /opt/prepare.sh \ + && chmod 755 /opt/prepare.sh + COPY readme.txt readme.txt COPY entrypoint.sh . COPY nginx.conf /etc/nginx/nginx.conf @@ -145,12 +144,6 @@ RUN chmod +x ./entrypoint.sh ENV TERMINAL_MAGNUS_ENABLED=False \ TERMINAL_KOKO_SSH_ENABLED=False -RUN set -ex \ - && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ - && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ - && chown root:root /opt/prepare.sh \ - && chmod 755 /opt/prepare.sh - VOLUME /opt/jumpserver/data VOLUME /opt/koko/data VOLUME /opt/lion/data @@ -160,4 +153,5 @@ VOLUME /opt/download VOLUME /var/log/nginx EXPOSE 80 2222 + ENTRYPOINT ["./entrypoint.sh"] \ No newline at end of file diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index 90b659b..5bdb3f8 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -14,14 +14,12 @@ if [ ! "${DB_HOST}" ] || [ ! "${DB_PORT}" ] || [ ! "${REDIS_HOST}" ] || [ ! "${R exit 1 fi -while ! nc -z "${DB_HOST}" "${DB_PORT}"; -do +until check tcp://${DB_HOST}:${DB_PORT}; do echo "wait for jms_mysql ${DB_HOST} ready" sleep 2s done -while ! nc -z "${REDIS_HOST}" "${REDIS_PORT}"; -do +until check tcp://${REDIS_HOST}:${REDIS_PORT}; do echo "wait for jms_redis ${REDIS_HOST} ready" sleep 2s done @@ -40,10 +38,6 @@ if [ ! -d "/opt/jumpserver/data/static" ]; then chmod 755 -R /opt/jumpserver/data/static fi -if [ -f "/opt/readme.txt" ]; then - sed -i "s@VERSION:.*@VERSION: ${VERSION}@g" /opt/readme.txt -fi - rm -f /opt/jumpserver/tmp/*.pid if [ ! "${LOG_LEVEL}" ]; then @@ -71,6 +65,7 @@ cd /opt/jumpserver || exit 1 echo echo "Time: $(date "+%Y-%m-%d %H:%M:%S")" if [ -f "/opt/readme.txt" ]; then + sed -i "s@VERSION:.*@VERSION: ${VERSION}@g" /opt/readme.txt cat /opt/readme.txt rm -f /opt/readme.txt fi diff --git a/config_example.conf b/config_example.conf index 0937345..125dd22 100644 --- a/config_example.conf +++ b/config_example.conf @@ -1,14 +1,15 @@ # 版本号可以自己根据项目的版本修改 -VERSION=v3.10.9 +VERSION=v3.10.10 -# 构建参数, 支持 amd64 +# 构建参数, 支持 amd64, arm64, ppc64le, s390x TARGETARCH=amd64 -# Compose +# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay COMPOSE_PROJECT_NAME=jms # COMPOSE_HTTP_TIMEOUT=3600 # DOCKER_CLIENT_TIMEOUT=3600 DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=bridge # 持久化存储 VOLUME_DIR=/opt/jumpserver @@ -34,6 +35,10 @@ BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO LOG_LEVEL=ERROR DOMAINS= +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + # Web HTTP_PORT=80 SSH_PORT=2222 @@ -43,4 +48,4 @@ MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... \ No newline at end of file diff --git a/core/entrypoint.sh b/core/entrypoint.sh index 985b7b6..a1ed257 100755 --- a/core/entrypoint.sh +++ b/core/entrypoint.sh @@ -1,10 +1,25 @@ #!/bin/bash # +until check tcp://${DB_HOST}:${DB_PORT}; do + echo "wait for jms_mysql ${DB_HOST} ready" + sleep 2s +done + +until check tcp://${REDIS_HOST}:${REDIS_PORT}; do + echo "wait for jms_redis ${REDIS_HOST} ready" + sleep 2s +done + rm -f /opt/jumpserver/tmp/*.pid -if [ "$1" = "start" ]; then - set -- /opt/jumpserver/jms "$@" -fi +case "$1" in + start|init_db|upgrade_db) + set -- /opt/jumpserver/jms "$@" + ;; + *) + exec "$@" + ;; +esac exec "$@" \ No newline at end of file diff --git a/docker-compose-build.yml b/docker-compose-build.yml index fe08df2..6a6e567 100644 --- a/docker-compose-build.yml +++ b/docker-compose-build.yml @@ -10,23 +10,7 @@ services: container_name: jms_core restart: always command: start web - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} - DOMAIN: ${DOMAIN:-} + env_file: .env healthcheck: test: "check http://localhost:8080/api/health/" interval: 10s @@ -43,22 +27,7 @@ services: container_name: jms_celery restart: always command: start task - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} + env_file: .env depends_on: core: condition: service_healthy @@ -84,12 +53,7 @@ services: container_name: jms_koko restart: always privileged: true - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - SSHD_PORT: ${SSH_PORT:-2222} + env_file: .env depends_on: core: condition: service_healthy @@ -129,13 +93,7 @@ services: image: jumpserver/jms_lion:${VERSION} container_name: jms_lion restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - GUA_HOST: ${GUA_HOST:-guacd} - GUA_PORT: ${GUA_PORT:-4822} + env_file: .env depends_on: core: condition: service_healthy @@ -160,14 +118,7 @@ services: image: jumpserver/jms_magnus:${VERSION} container_name: jms_magnus restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} + env_file: .env depends_on: core: condition: service_healthy @@ -196,11 +147,7 @@ services: image: jumpserver/jms_chen:${VERSION} container_name: jms_chen restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + env_file: .env volumes: - ${VOLUME_DIR}/chen/data:/opt/chen/data depends_on: @@ -225,11 +172,7 @@ services: image: jumpserver/jms_kael:${VERSION} container_name: jms_kael restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + env_file: .env volumes: - ${VOLUME_DIR}/kael/data:/opt/kael/data depends_on: @@ -254,9 +197,7 @@ services: image: jumpserver/jms_web:${VERSION} container_name: jms_web restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 + env_file: .env depends_on: core: condition: service_healthy @@ -273,12 +214,4 @@ services: ports: - ${HTTP_PORT:-80}:80 networks: - - net - -networks: - net: - driver: bridge - ipam: - driver: default - config: - - subnet: $DOCKER_SUBNET \ No newline at end of file + - net \ No newline at end of file diff --git a/docker-compose-init-db.yml b/docker-compose-init-db.yml index 9051594..7f86385 100644 --- a/docker-compose-init-db.yml +++ b/docker-compose-init-db.yml @@ -1,21 +1,17 @@ services: - core: + init_db: image: jumpserver/jms_core:${VERSION} - container_name: jms_core - command: "tail -f /dev/null" - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD + container_name: jms_init_db + command: upgrade_db + deploy: + mode: replicated-job + replicas: 1 + restart_policy: + condition: none + placement: + constraints: + - "node.role==worker" + env_file: .env volumes: - ${VOLUME_DIR}/core/data:/opt/jumpserver/data networks: diff --git a/docker-compose-mariadb.yml b/docker-compose-mariadb.yml index 78c8534..f5ddf56 100644 --- a/docker-compose-mariadb.yml +++ b/docker-compose-mariadb.yml @@ -1,9 +1,4 @@ services: - core: - depends_on: - mysql: - condition: service_healthy - mysql: image: mariadb:10.6 container_name: jms_mysql diff --git a/docker-compose-network.yml b/docker-compose-network.yml index 390ea81..53c3b91 100644 --- a/docker-compose-network.yml +++ b/docker-compose-network.yml @@ -1,6 +1,6 @@ networks: net: - driver: bridge + driver: ${NETWORK_DRIVER:-bridge} ipam: driver: default config: diff --git a/docker-compose-redis.yml b/docker-compose-redis.yml index f01bf71..f4688e8 100644 --- a/docker-compose-redis.yml +++ b/docker-compose-redis.yml @@ -1,9 +1,4 @@ services: - core: - depends_on: - mysql: - condition: service_healthy - redis: image: redis:7.0 container_name: jms_redis diff --git a/docker-compose.yml b/docker-compose.yml index 25f4ef0..7ece409 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,23 +2,20 @@ services: core: image: jumpserver/jms_core:${VERSION} container_name: jms_core - restart: always command: start web - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_PORT: ${MAGNUS_PORT:-30000-30020} - DOMAINS: ${DOMAINS:-} + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "1" + # memory: 1536M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:8080/api/health/" interval: 10s @@ -33,26 +30,20 @@ services: celery: image: jumpserver/jms_core:${VERSION} container_name: jms_celery - restart: always command: start task - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_PORT: ${MAGNUS_PORT:-30000-30020} - DOMAINS: ${DOMAINS:-} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.2" + # memory: 1024M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "bash /opt/jumpserver/utils/check_celery.sh" interval: 10s @@ -67,17 +58,20 @@ services: koko: image: jumpserver/jms_koko:${VERSION} container_name: jms_koko - restart: always privileged: true - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - SSHD_PORT: ${SSH_PORT:-2222} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:5000/koko/health/" interval: 10s @@ -87,7 +81,7 @@ services: volumes: - ${VOLUME_DIR}/koko/data:/opt/koko/data ports: - - ${SSH_PORT:-2222}:${SSH_PORT} + - ${SSH_PORT:-2222}:${SSH_PORT:-2222} networks: - net @@ -95,7 +89,18 @@ services: image: jumpserver/guacd:1.5.5-bookworm container_name: jms_guacd user: root - restart: always + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" environment: TZ: ${TZ:-Asia/Shanghai} GUACD_LOG_LEVEL: ${GUACD_LOG_LEVEL:-error} @@ -107,17 +112,19 @@ services: lion: image: jumpserver/jms_lion:${VERSION} container_name: jms_lion - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - GUA_HOST: ${GUA_HOST:-guacd} - GUA_PORT: ${GUA_PORT:-4822} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:8081/lion/health/" interval: 10s @@ -132,18 +139,19 @@ services: magnus: image: jumpserver/jms_magnus:${VERSION} container_name: jms_magnus - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:8088/health" interval: 10s @@ -162,17 +170,21 @@ services: chen: image: jumpserver/jms_chen:${VERSION} container_name: jms_chen - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env volumes: - ${VOLUME_DIR}/chen/data:/opt/chen/data - depends_on: - core: - condition: service_healthy healthcheck: test: "check http://localhost:8082/chen" interval: 10s @@ -185,17 +197,21 @@ services: kael: image: jumpserver/jms_kael:${VERSION} container_name: jms_kael - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env volumes: - ${VOLUME_DIR}/kael/data:/opt/kael/data - depends_on: - core: - condition: service_healthy healthcheck: test: "check http://localhost:8083/kael/health/" interval: 10s @@ -208,13 +224,19 @@ services: web: image: jumpserver/jms_web:${VERSION} container_name: jms_web - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost/api/health/" interval: 10s From 3e3b6408bc14dac0ba82eba3a80db463613b1760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Tue, 2 Jul 2024 09:47:49 +0800 Subject: [PATCH 2/5] =?UTF-8?q?feat:=20=E6=9B=B4=E6=96=B0=E4=BE=9D?= =?UTF-8?q?=E8=B5=96=E7=89=88=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- allinone/Dockerfile | 9 ++++----- allinone/entrypoint.sh | 6 ++---- chen/Dockerfile | 4 ++-- core/Dockerfile | 2 +- kael/Dockerfile | 4 ++-- koko/Dockerfile | 10 +++++----- lion/Dockerfile | 4 ++-- magnus/Dockerfile | 4 ++-- web/Dockerfile | 2 +- 9 files changed, 21 insertions(+), 24 deletions(-) diff --git a/allinone/Dockerfile b/allinone/Dockerfile index c0a406e..e195b7e 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -22,7 +22,7 @@ RUN set -ex \ WORKDIR /opt -ARG MONGOSH_VERSION=1.10.6 +ARG MONGOSH_VERSION=2.2.10 RUN set -ex \ && \ case "${TARGETARCH}" in \ @@ -47,8 +47,8 @@ RUN set -ex \ ;; \ esac -ARG HELM_VERSION=v3.12.2 -ARG KUBECTL_VERSION=v1.27.4 +ARG HELM_VERSION=v3.15.2 +ARG KUBECTL_VERSION=v1.30.2 RUN set -ex \ && wget -O /usr/local/bin/rawkubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \ && wget http://download.jumpserver.org/public/kubectl_aliases.tar.gz \ @@ -62,7 +62,7 @@ RUN set -ex \ && chown root:root /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \ && rm -f /opt/*.tar.gz -ARG WISP_VERSION=v0.1.20 +ARG WISP_VERSION=v0.1.21 RUN set -ex \ && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ @@ -76,7 +76,6 @@ ARG RUNTIME_DEPENDENCIES=" \ fonts-dejavu \ fonts-liberation \ ghostscript \ - netcat-openbsd \ xfonts-terminus" COPY --from=guacd ${PREFIX_DIR} ${PREFIX_DIR} diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index 90b659b..a683c20 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -14,14 +14,12 @@ if [ ! "${DB_HOST}" ] || [ ! "${DB_PORT}" ] || [ ! "${REDIS_HOST}" ] || [ ! "${R exit 1 fi -while ! nc -z "${DB_HOST}" "${DB_PORT}"; -do +until check tcp://${DB_HOST}:${DB_PORT}; do echo "wait for jms_mysql ${DB_HOST} ready" sleep 2s done -while ! nc -z "${REDIS_HOST}" "${REDIS_PORT}"; -do +until check tcp://${REDIS_HOST}:${REDIS_PORT}; do echo "wait for jms_redis ${REDIS_HOST} ready" sleep 2s done diff --git a/chen/Dockerfile b/chen/Dockerfile index 62ec6c8..d87b207 100644 --- a/chen/Dockerfile +++ b/chen/Dockerfile @@ -16,7 +16,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ WORKDIR /opt -ARG CHECK_VERSION=v1.0.2 +ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -25,7 +25,7 @@ RUN set -e \ && chmod 755 /usr/local/bin/check \ && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -ARG WISP_VERSION=v0.1.20 +ARG WISP_VERSION=v0.1.21 RUN set -e \ && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ diff --git a/core/Dockerfile b/core/Dockerfile index 11833cb..3c32f2e 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ WORKDIR /opt -ARG CHECK_VERSION=v1.0.2 +ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ diff --git a/kael/Dockerfile b/kael/Dockerfile index b3f04c5..2edcfed 100644 --- a/kael/Dockerfile +++ b/kael/Dockerfile @@ -16,7 +16,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ WORKDIR /opt -ARG CHECK_VERSION=v1.0.2 +ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -25,7 +25,7 @@ RUN set -e \ && chmod 755 /usr/local/bin/check \ && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -ARG WISP_VERSION=v0.1.20 +ARG WISP_VERSION=v0.1.21 RUN set -e \ && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ diff --git a/koko/Dockerfile b/koko/Dockerfile index 6adb88e..b75a0a3 100644 --- a/koko/Dockerfile +++ b/koko/Dockerfile @@ -17,7 +17,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ WORKDIR /opt -ARG CHECK_VERSION=v1.0.2 +ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -26,7 +26,7 @@ RUN set -e \ && chmod 755 /usr/local/bin/check \ && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -ARG WISP_VERSION=v0.1.20 +ARG WISP_VERSION=v0.1.21 RUN set -e \ && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ @@ -34,7 +34,7 @@ RUN set -e \ && chmod 755 /usr/local/bin/wisp \ && rm -f /opt/*.tar.gz -ARG MONGOSH_VERSION=2.1.1 +ARG MONGOSH_VERSION=2.2.10 RUN set -e \ && \ case "${TARGETARCH}" in \ @@ -65,8 +65,8 @@ RUN set -e \ ; \ fi -ARG HELM_VERSION=v3.14.3 -ARG KUBECTL_VERSION=v1.29.3 +ARG HELM_VERSION=v3.15.2 +ARG KUBECTL_VERSION=v1.30.2 RUN set -e \ && wget --quiet -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ && tar -xf kubectl.tar.gz --strip-components=3 -C /opt kubernetes/client/bin/kubectl \ diff --git a/lion/Dockerfile b/lion/Dockerfile index 3fdab43..0ea9ba8 100644 --- a/lion/Dockerfile +++ b/lion/Dockerfile @@ -16,7 +16,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ WORKDIR /opt -ARG CHECK_VERSION=v1.0.2 +ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -25,7 +25,7 @@ RUN set -e \ && chmod 755 /usr/local/bin/check \ && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -ARG WISP_VERSION=v0.1.20 +ARG WISP_VERSION=v0.1.21 RUN set -e \ && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ diff --git a/magnus/Dockerfile b/magnus/Dockerfile index 4c115c3..8e99646 100644 --- a/magnus/Dockerfile +++ b/magnus/Dockerfile @@ -16,7 +16,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ WORKDIR /opt -ARG CHECK_VERSION=v1.0.2 +ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -25,7 +25,7 @@ RUN set -e \ && chmod 755 /usr/local/bin/check \ && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -ARG WISP_VERSION=v0.1.20 +ARG WISP_VERSION=v0.1.21 RUN set -e \ && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ diff --git a/web/Dockerfile b/web/Dockerfile index 02ca84d..7e2bebc 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -17,7 +17,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ WORKDIR /opt -ARG CHECK_VERSION=v1.0.2 +ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ From fc054c79a641c6c9a0c0594fe720f2f985ed6e10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Wed, 3 Jul 2024 10:11:29 +0800 Subject: [PATCH 3/5] perf: add bubblewrap --- core/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/core/Dockerfile b/core/Dockerfile index 3c32f2e..1591a32 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -118,6 +118,7 @@ ARG DEPENDENCIES=" \ libxmlsec1-openssl" ARG TOOLS=" \ + bubblewrap \ ca-certificates \ default-libmysqlclient-dev \ openssh-client \ From f6f87a797b27df8aa225a5702b57b07b6b771df8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Wed, 3 Jul 2024 14:47:57 +0800 Subject: [PATCH 4/5] =?UTF-8?q?feat:=20=E6=9B=B4=E6=96=B0=E7=BB=84?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- allinone/Dockerfile | 4 ++-- chen/Dockerfile | 2 +- lion/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/allinone/Dockerfile b/allinone/Dockerfile index e195b7e..60f0f06 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -101,7 +101,7 @@ RUN set -ex \ RUN set -ex \ && mkdir -p /opt/lion \ - && wget https://github.com/jumpserver/lion-release/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget https://github.com/jumpserver/lion/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf lion-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/lion --strip-components=1 \ && chown -R root:root /opt/lion \ && rm -f /opt/*.tar.gz @@ -116,7 +116,7 @@ RUN set -ex \ RUN set -ex \ && mkdir -p /opt/chen \ - && wget https://github.com/jumpserver/chen-release/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ + && wget https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \ && chown -R root:root /opt/chen \ && rm -f /opt/*.tar.gz diff --git a/chen/Dockerfile b/chen/Dockerfile index d87b207..1ed87b5 100644 --- a/chen/Dockerfile +++ b/chen/Dockerfile @@ -40,7 +40,7 @@ ENV VERSION=${VERSION} RUN set -e \ && cd /opt \ - && wget --quiet https://github.com/jumpserver/chen-release/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ + && wget --quiet https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \ && chown -R root:root /opt/chen \ && rm -f /opt/*.tar.gz diff --git a/lion/Dockerfile b/lion/Dockerfile index 0ea9ba8..2a39ebe 100644 --- a/lion/Dockerfile +++ b/lion/Dockerfile @@ -40,7 +40,7 @@ ENV VERSION=${VERSION} RUN set -e \ && cd /opt \ - && wget --quiet https://github.com/jumpserver/lion-release/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ + && wget --quiet https://github.com/jumpserver/lion/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ && tar -xf lion-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/lion --strip-components=1 \ && chown -R root:root /opt/lion \ && rm -f /opt/*.tar.gz From 125759ab46c8ee8e8fb642ce542fea2ad379bc71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Wed, 3 Jul 2024 15:26:07 +0800 Subject: [PATCH 5/5] =?UTF-8?q?feat:=20=E9=80=82=E9=85=8D=20v4.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 6 --- README_EN.md | 6 --- allinone/Dockerfile | 64 +++++++---------------------- chen/Dockerfile | 5 +-- config_example.conf | 10 ++--- core/Dockerfile | 31 ++++++++------ docker-compose-build.yml | 54 ------------------------- docker-compose.yml | 58 --------------------------- kael/Dockerfile | 87 ---------------------------------------- kael/entrypoint.sh | 20 --------- koko/Dockerfile | 40 ++++-------------- lion/Dockerfile | 5 +-- magnus/Dockerfile | 84 -------------------------------------- magnus/entrypoint.sh | 20 --------- web/Dockerfile | 5 +-- 15 files changed, 51 insertions(+), 444 deletions(-) delete mode 100644 kael/Dockerfile delete mode 100755 kael/entrypoint.sh delete mode 100644 magnus/Dockerfile delete mode 100755 magnus/entrypoint.sh diff --git a/README.md b/README.md index 3519649..3c3da5f 100644 --- a/README.md +++ b/README.md @@ -100,9 +100,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 @@ -185,9 +182,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 diff --git a/README_EN.md b/README_EN.md index 7f3ebb9..6a10807 100644 --- a/README_EN.md +++ b/README_EN.md @@ -100,9 +100,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. @@ -185,9 +182,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. diff --git a/allinone/Dockerfile b/allinone/Dockerfile index e7ed6a0..9816cb4 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -22,31 +22,6 @@ RUN set -ex \ WORKDIR /opt -ARG MONGOSH_VERSION=2.2.10 -RUN set -ex \ - && \ - case "${TARGETARCH}" in \ - amd64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ - ;; \ - arm64|s390x|ppc64le) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ - ;; \ - *) \ - echo "Unsupported architecture: ${TARGETARCH}" \ - ;; \ - esac - ARG HELM_VERSION=v3.15.2 ARG KUBECTL_VERSION=v1.30.2 RUN set -ex \ @@ -88,6 +63,20 @@ RUN set -ex \ COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli +RUN set -ex \ + && mkdir -p /opt/lina \ + && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ + && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ + && chown -R root:root /opt/lina \ + && rm -f /opt/*.tar.gz + +RUN set -ex \ + && mkdir -p /opt/luna \ + && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ + && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ + && chown -R root:root /opt/luna \ + && rm -f /opt/*.tar.gz + RUN set -ex \ && mkdir -p /opt/koko \ && wget https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -105,14 +94,6 @@ RUN set -ex \ && chown -R root:root /opt/lion \ && rm -f /opt/*.tar.gz -RUN set -ex \ - && mkdir -p /opt/kael \ - && wget https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf kael-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/kael --strip-components=1 \ - && chmod 755 /opt/kael/kael \ - && chown -R root:root /opt/kael \ - && rm -f /opt/*.tar.gz - RUN set -ex \ && mkdir -p /opt/chen \ && wget https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ @@ -120,20 +101,6 @@ RUN set -ex \ && chown -R root:root /opt/chen \ && rm -f /opt/*.tar.gz -RUN set -ex \ - && mkdir -p /opt/lina \ - && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ - && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ - && chown -R root:root /opt/lina \ - && rm -f /opt/*.tar.gz - -RUN set -ex \ - && mkdir -p /opt/luna \ - && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ - && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ - && chown -R root:root /opt/luna \ - && rm -f /opt/*.tar.gz - RUN set -ex \ && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ @@ -146,9 +113,6 @@ COPY nginx.conf /etc/nginx/nginx.conf COPY supervisord.conf /etc/supervisor/conf.d/ RUN chmod +x ./entrypoint.sh -ENV TERMINAL_MAGNUS_ENABLED=False \ - TERMINAL_KOKO_SSH_ENABLED=False - VOLUME /opt/jumpserver/data VOLUME /opt/koko/data VOLUME /opt/lion/data diff --git a/chen/Dockerfile b/chen/Dockerfile index 1ed87b5..0c57440 100644 --- a/chen/Dockerfile +++ b/chen/Dockerfile @@ -19,11 +19,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG WISP_VERSION=v0.1.21 RUN set -e \ diff --git a/config_example.conf b/config_example.conf index 7ed1e23..c33470b 100644 --- a/config_example.conf +++ b/config_example.conf @@ -17,14 +17,15 @@ VOLUME_DIR=/opt/jumpserver # 时区 TZ=Asia/Shanghai -# MySQL +# DB, 支持 MySQL, PostgreSQL +DB_ENGINE=mysql DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G DB_NAME=jumpserver -# Redis +# Redis, 支持 Sentinel REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj @@ -42,10 +43,7 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... \ No newline at end of file +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, chen ... \ No newline at end of file diff --git a/core/Dockerfile b/core/Dockerfile index 1591a32..66d698c 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -4,7 +4,6 @@ ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ git \ - git-lfs \ wget" RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ @@ -21,27 +20,27 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG VERSION=v3.10.11 ENV VERSION=$VERSION RUN set -e \ - && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver \ - && sed -i "s@VERSION = .*@VERSION = \"${VERSION}\"@g" /opt/jumpserver/apps/jumpserver/const.py \ - && chmod +x /opt/jumpserver/entrypoint.sh \ - && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github + && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver WORKDIR /opt/jumpserver RUN set -e \ && echo > /opt/jumpserver/config.yml \ - && cd utils \ - && bash -ixeu build.sh + && \ + if [ -n "${VERSION}" ]; then \ + sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \ + fi \ + && chmod +x /opt/jumpserver/entrypoint.sh \ + && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github FROM python:3.11-slim-bookworm as stage-2 ARG TARGETARCH @@ -107,6 +106,14 @@ RUN --mount=type=cache,target=/root/.cache,sharing=locked \ && . /opt/py3/bin/activate \ && poetry install --only=main +COPY --from=stage-1 /opt/jumpserver /opt/jumpserver + +RUN set -e \ + && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \ + && . /opt/py3/bin/activate \ + && cd apps \ + && python manage.py compilemessages + FROM python:3.11-slim-bookworm ENV LANG=en_US.UTF-8 \ PATH=/opt/py3/bin:$PATH @@ -139,9 +146,9 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ && sed -i "s@# export @export @g" ~/.bashrc \ && sed -i "s@# alias @alias @g" ~/.bashrc -COPY --from=stage-2 /opt/py3 /opt/py3 +COPY --from=stage-2 /opt /opt COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver +COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/ WORKDIR /opt/jumpserver diff --git a/docker-compose-build.yml b/docker-compose-build.yml index 6a6e567..db3a8a2 100644 --- a/docker-compose-build.yml +++ b/docker-compose-build.yml @@ -108,35 +108,6 @@ services: networks: - net - magnus: - build: - context: . - dockerfile: magnus/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_magnus:${VERSION} - container_name: jms_magnus - restart: always - env_file: .env - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check tcp://127.0.0.1:$$MAGNUS_MYSQL_PORT" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR}/magnus/data:/opt/magnus/data - ports: - - ${MAGNUS_MYSQL_PORT:-33061}:33061 - - ${MAGNUS_MARIADB_PORT:-33062}:33062 - - ${MAGNUS_REDIS_PORT:-63790}:63790 - networks: - - net - chen: build: context: . @@ -162,31 +133,6 @@ services: networks: - net - kael: - build: - context: . - dockerfile: kael/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_kael:${VERSION} - container_name: jms_kael - restart: always - env_file: .env - volumes: - - ${VOLUME_DIR}/kael/data:/opt/kael/data - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check http://localhost:8083/kael/health/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 60s - networks: - - net - web: build: context: . diff --git a/docker-compose.yml b/docker-compose.yml index 7ece409..254a25e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -136,37 +136,6 @@ services: networks: - net - magnus: - image: jumpserver/jms_magnus:${VERSION} - container_name: jms_magnus - deploy: - mode: replicated - replicas: 1 - # resources: - # limits: - # cpus: "0.1" - # memory: 128M - restart_policy: - condition: on-failure - placement: - constraints: - - "node.role==worker" - env_file: .env - healthcheck: - test: "check http://localhost:8088/health" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR}/magnus/data:/opt/magnus/data - ports: - - ${MAGNUS_MYSQL_PORT:-33061}:33061 - - ${MAGNUS_MARIADB_PORT:-33062}:33062 - - ${MAGNUS_REDIS_PORT:-63790}:63790 - networks: - - net - chen: image: jumpserver/jms_chen:${VERSION} container_name: jms_chen @@ -194,33 +163,6 @@ services: networks: - net - kael: - image: jumpserver/jms_kael:${VERSION} - container_name: jms_kael - deploy: - mode: replicated - replicas: 1 - # resources: - # limits: - # cpus: "0.1" - # memory: 128M - restart_policy: - condition: on-failure - placement: - constraints: - - "node.role==worker" - env_file: .env - volumes: - - ${VOLUME_DIR}/kael/data:/opt/kael/data - healthcheck: - test: "check http://localhost:8083/kael/health/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 60s - networks: - - net - web: image: jumpserver/jms_web:${VERSION} container_name: jms_web diff --git a/kael/Dockerfile b/kael/Dockerfile deleted file mode 100644 index 2edcfed..0000000 --- a/kael/Dockerfile +++ /dev/null @@ -1,87 +0,0 @@ -FROM debian:bookworm-slim as stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz - -ARG WISP_VERSION=v0.1.21 -RUN set -e \ - && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -WORKDIR /opt/kael - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -RUN set -e \ - && cd /opt \ - && wget --quiet https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf kael-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/kael --strip-components=1 \ - && chmod 755 /opt/kael/kael \ - && chown -R root:root /opt/kael \ - && rm -f /opt/*.tar.gz - -COPY kael/entrypoint.sh . -RUN chmod 755 ./entrypoint.sh - -FROM debian:bookworm-slim -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/kael /opt/kael - -WORKDIR /opt/kael - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -VOLUME /opt/kael/data - -COPY kael/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 8083 - -STOPSIGNAL SIGQUIT - -CMD [ "wisp" ] \ No newline at end of file diff --git a/kael/entrypoint.sh b/kael/entrypoint.sh deleted file mode 100755 index b2ab55c..0000000 --- a/kael/entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -export WORK_DIR=/opt/kael -export COMPONENT_NAME=kael -export WISP_TRACE_PROCESS=1 -export EXECUTE_PROGRAM=/opt/kael/kael - -if [ ! "$LOG_LEVEL" ]; then - export LOG_LEVEL=ERROR -fi - -exec "$@" \ No newline at end of file diff --git a/koko/Dockerfile b/koko/Dockerfile index b75a0a3..6632a3b 100644 --- a/koko/Dockerfile +++ b/koko/Dockerfile @@ -20,11 +20,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG WISP_VERSION=v0.1.21 RUN set -e \ @@ -34,36 +33,13 @@ RUN set -e \ && chmod 755 /usr/local/bin/wisp \ && rm -f /opt/*.tar.gz -ARG MONGOSH_VERSION=2.2.10 +ARG USQL_VERSION=v0.0.1 RUN set -e \ - && \ - case "${TARGETARCH}" in \ - 'amd64') \ - ARCH=x64; \ - ;; \ - 'arm64') \ - ARCH=arm64; \ - ;; \ - 's390x') \ - ARCH=s390x; \ - ;; \ - 'ppc64le') \ - ARCH=ppc64le; \ - ;; \ - *) \ - echo "Unsupported architecture: ${TARGETARCH}"; \ - ;; \ - esac \ - && \ - if [ -n "${ARCH}" ]; then \ - wget --quiet https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${ARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${ARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${ARCH}* \ - ; \ - fi + && wget --quiet https://github.com/jumpserver-dev/usql/releases/download/${USQL_VERSION}/usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ + && chown root:root /usr/local/bin/usql \ + && chmod 755 /usr/local/bin/usql \ + && rm -f /opt/*.tar.gz ARG HELM_VERSION=v3.15.2 ARG KUBECTL_VERSION=v1.30.2 diff --git a/lion/Dockerfile b/lion/Dockerfile index 2a39ebe..329201a 100644 --- a/lion/Dockerfile +++ b/lion/Dockerfile @@ -19,11 +19,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG WISP_VERSION=v0.1.21 RUN set -e \ diff --git a/magnus/Dockerfile b/magnus/Dockerfile deleted file mode 100644 index 8e99646..0000000 --- a/magnus/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -FROM debian:bookworm-slim as stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz - -ARG WISP_VERSION=v0.1.21 -RUN set -e \ - && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -WORKDIR /opt/magnus - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -RUN set -e \ - && cd /opt \ - && wget --quiet https://github.com/jumpserver/magnus-release/releases/download/${VERSION}/magnus-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf magnus-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/magnus --strip-components=1 \ - && chmod 755 /opt/magnus/magnus \ - && chown -R root:root /opt/magnus \ - && rm -f /opt/*.tar.gz - -FROM debian:bookworm-slim -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/magnus /opt/magnus - -WORKDIR /opt/magnus - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -VOLUME /opt/magnus/data - -COPY magnus/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 33061 33062 63790 - -STOPSIGNAL SIGQUIT - -CMD [ "wisp" ] \ No newline at end of file diff --git a/magnus/entrypoint.sh b/magnus/entrypoint.sh deleted file mode 100755 index cbd0e73..0000000 --- a/magnus/entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -export WORK_DIR=/opt/magnus -export COMPONENT_NAME=magnus -export WISP_TRACE_PROCESS=1 -export EXECUTE_PROGRAM=/opt/magnus/magnus - -if [ ! "$LOG_LEVEL" ]; then - export LOG_LEVEL=ERROR -fi - -exec "$@" \ No newline at end of file diff --git a/web/Dockerfile b/web/Dockerfile index 7e2bebc..51dfc59 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -20,11 +20,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG VERSION=v3.10.11 ENV VERSION=${VERSION}