From 9a4501c94ca45dc96a871b504d32a997db090707 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= Date: Wed, 29 May 2024 19:33:22 +0200 Subject: [PATCH] Add HAProxy 3.1 --- 3.1/Dockerfile | 111 ++++++++++++++++++++++++++++++++ 3.1/alpine/Dockerfile | 103 +++++++++++++++++++++++++++++ 3.1/alpine/docker-entrypoint.sh | 17 +++++ 3.1/docker-entrypoint.sh | 17 +++++ versions.json | 7 ++ 5 files changed, 255 insertions(+) create mode 100644 3.1/Dockerfile create mode 100644 3.1/alpine/Dockerfile create mode 100755 3.1/alpine/docker-entrypoint.sh create mode 100755 3.1/docker-entrypoint.sh diff --git a/3.1/Dockerfile b/3.1/Dockerfile new file mode 100644 index 00000000..c013bc04 --- /dev/null +++ b/3.1/Dockerfile @@ -0,0 +1,111 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM debian:bookworm-slim + +# runtime dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# @system-ca: https://github.com/docker-library/haproxy/pull/216 + ca-certificates \ + ; \ + rm -rf /var/lib/apt/lists/* + +# roughly, https://salsa.debian.org/haproxy-team/haproxy/-/blob/732b97ae286906dea19ab5744cf9cf97c364ac1d/debian/haproxy.postinst#L5-6 +RUN set -eux; \ + groupadd --gid 99 --system haproxy; \ + useradd \ + --gid haproxy \ + --home-dir /var/lib/haproxy \ + --no-create-home \ + --system \ + --uid 99 \ + haproxy \ + ; \ + mkdir /var/lib/haproxy; \ + chown haproxy:haproxy /var/lib/haproxy + +ENV HAPROXY_VERSION 3.1-dev0 +ENV HAPROXY_URL https://www.haproxy.org/download/3.1/src/devel/haproxy-3.1-dev0.tar.gz +ENV HAPROXY_SHA256 726b6429dc11317b38a945b81fffdcab4e98aa51361aa678f95bd69d0bf6ea4f + +# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update && apt-get install -y --no-install-recommends \ + gcc \ + libc6-dev \ + liblua5.4-dev \ + libpcre2-dev \ + libssl-dev \ + make \ + wget \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + wget -O haproxy.tar.gz "$HAPROXY_URL"; \ + echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \ + mkdir -p /usr/src/haproxy; \ + tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \ + rm haproxy.tar.gz; \ + \ + makeOpts=' \ + TARGET=linux-glibc \ + USE_GETADDRINFO=1 \ + USE_LUA=1 LUA_INC=/usr/include/lua5.4 \ + USE_OPENSSL=1 \ + USE_PCRE2=1 USE_PCRE2_JIT=1 \ + USE_PROMEX=1 \ + \ + EXTRA_OBJS=" \ + " \ + '; \ +# https://salsa.debian.org/haproxy-team/haproxy/-/commit/53988af3d006ebcbf2c941e34121859fd6379c70 + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ + armel) makeOpts="$makeOpts ADDLIB=-latomic" ;; \ + esac; \ + \ + nproc="$(nproc)"; \ + eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \ + eval "make -C /usr/src/haproxy install-bin $makeOpts"; \ + \ + mkdir -p /usr/local/etc/haproxy; \ + cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \ + rm -rf /usr/src/haproxy; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ +# smoke test + haproxy -v + +# https://www.haproxy.org/download/1.8/doc/management.txt +# "4. Stopping and restarting HAProxy" +# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed" +# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process" +STOPSIGNAL SIGUSR1 + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +USER haproxy + +# https://github.com/docker-library/haproxy/issues/200 +WORKDIR /var/lib/haproxy + +CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] diff --git a/3.1/alpine/Dockerfile b/3.1/alpine/Dockerfile new file mode 100644 index 00000000..b43603c2 --- /dev/null +++ b/3.1/alpine/Dockerfile @@ -0,0 +1,103 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + +FROM alpine:3.20 + +# runtime dependencies +RUN set -eux; \ + apk add --no-cache \ +# @system-ca: https://github.com/docker-library/haproxy/pull/216 + ca-certificates \ + ; + +# roughly, https://git.alpinelinux.org/aports/tree/main/haproxy/haproxy.pre-install?h=3.12-stable +RUN set -eux; \ + addgroup --gid 99 --system haproxy; \ + adduser \ + --disabled-password \ + --home /var/lib/haproxy \ + --ingroup haproxy \ + --no-create-home \ + --system \ + --uid 99 \ + haproxy \ + ; \ + mkdir /var/lib/haproxy; \ + chown haproxy:haproxy /var/lib/haproxy + +ENV HAPROXY_VERSION 3.1-dev0 +ENV HAPROXY_URL https://www.haproxy.org/download/3.1/src/devel/haproxy-3.1-dev0.tar.gz +ENV HAPROXY_SHA256 726b6429dc11317b38a945b81fffdcab4e98aa51361aa678f95bd69d0bf6ea4f + +# see https://sources.debian.net/src/haproxy/jessie/debian/rules/ for some helpful navigation of the possible "make" arguments +RUN set -eux; \ + \ + apk add --no-cache --virtual .build-deps \ + gcc \ + libc-dev \ + linux-headers \ + lua5.4-dev \ + make \ + openssl \ + openssl-dev \ + pcre2-dev \ + readline-dev \ + tar \ + ; \ + \ + wget -O haproxy.tar.gz "$HAPROXY_URL"; \ + echo "$HAPROXY_SHA256 *haproxy.tar.gz" | sha256sum -c; \ + mkdir -p /usr/src/haproxy; \ + tar -xzf haproxy.tar.gz -C /usr/src/haproxy --strip-components=1; \ + rm haproxy.tar.gz; \ + \ + makeOpts=' \ + TARGET=linux-musl \ + USE_GETADDRINFO=1 \ + USE_LUA=1 LUA_INC=/usr/include/lua5.4 LUA_LIB=/usr/lib/lua5.4 \ + USE_OPENSSL=1 \ + USE_PCRE2=1 USE_PCRE2_JIT=1 \ + USE_PROMEX=1 \ + \ + EXTRA_OBJS=" \ + " \ + '; \ + \ + nproc="$(getconf _NPROCESSORS_ONLN)"; \ + eval "make -C /usr/src/haproxy -j '$nproc' all $makeOpts"; \ + eval "make -C /usr/src/haproxy install-bin $makeOpts"; \ + \ + mkdir -p /usr/local/etc/haproxy; \ + cp -R /usr/src/haproxy/examples/errorfiles /usr/local/etc/haproxy/errors; \ + rm -rf /usr/src/haproxy; \ + \ + runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-network --virtual .haproxy-rundeps $runDeps; \ + apk del --no-network .build-deps; \ + \ +# smoke test + haproxy -v + +# https://www.haproxy.org/download/1.8/doc/management.txt +# "4. Stopping and restarting HAProxy" +# "when the SIGTERM signal is sent to the haproxy process, it immediately quits and all established connections are closed" +# "graceful stop is triggered when the SIGUSR1 signal is sent to the haproxy process" +STOPSIGNAL SIGUSR1 + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +USER haproxy + +# https://github.com/docker-library/haproxy/issues/200 +WORKDIR /var/lib/haproxy + +CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"] diff --git a/3.1/alpine/docker-entrypoint.sh b/3.1/alpine/docker-entrypoint.sh new file mode 100755 index 00000000..8b2093b0 --- /dev/null +++ b/3.1/alpine/docker-entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- haproxy "$@" +fi + +if [ "$1" = 'haproxy' ]; then + shift # "haproxy" + # if the user wants "haproxy", let's add a couple useful flags + # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") + # -db -- disables background mode + set -- haproxy -W -db "$@" +fi + +exec "$@" diff --git a/3.1/docker-entrypoint.sh b/3.1/docker-entrypoint.sh new file mode 100755 index 00000000..8b2093b0 --- /dev/null +++ b/3.1/docker-entrypoint.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- haproxy "$@" +fi + +if [ "$1" = 'haproxy' ]; then + shift # "haproxy" + # if the user wants "haproxy", let's add a couple useful flags + # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") + # -db -- disables background mode + set -- haproxy -W -db "$@" +fi + +exec "$@" diff --git a/versions.json b/versions.json index 4acc12ea..0f8a4a60 100644 --- a/versions.json +++ b/versions.json @@ -45,5 +45,12 @@ "sha256": "5aad97416216d2cd9dd212eb674839c40cd387f60fbc4b13d7ea3f1e5664a814", "url": "https://www.haproxy.org/download/3.0/src/haproxy-3.0.0.tar.gz", "version": "3.0.0" + }, + "3.1": { + "alpine": "3.20", + "debian": "bookworm-slim", + "sha256": "726b6429dc11317b38a945b81fffdcab4e98aa51361aa678f95bd69d0bf6ea4f", + "url": "https://www.haproxy.org/download/3.1/src/devel/haproxy-3.1-dev0.tar.gz", + "version": "3.1-dev0" } }