From b353f0142fef87a2c91bcfb2ef8c826daa9b828f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Tue, 18 Jun 2024 08:24:26 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E9=9B=86=E7=BE=A4?= =?UTF-8?q?=E9=83=A8=E7=BD=B2=E8=AF=B4=E6=98=8E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 139 +++++++++++++++++++++--- README_EN.md | 143 ++++++++++++++++++++++--- allinone/Dockerfile | 20 ++-- allinone/entrypoint.sh | 11 +- config_example.conf | 13 ++- core/entrypoint.sh | 21 +++- docker-compose-build.yml | 85 ++------------- docker-compose-init-db.yml | 28 +++-- docker-compose-mariadb.yml | 5 - docker-compose-network.yml | 2 +- docker-compose-redis.yml | 5 - docker-compose.yml | 212 ++++++++++++++++++++----------------- 12 files changed, 430 insertions(+), 254 deletions(-) diff --git a/README.md b/README.md index bfd7f2a..8cccaaf 100644 --- a/README.md +++ b/README.md @@ -12,22 +12,23 @@ -------------------------- -环境要求 +## 环境要求 - MariaDB Server >= 10.6 - Redis Server >= 6.0 -快速部署 +## 快速部署 ```sh # 测试环境可以使用,生产环境推荐外置数据 git clone --depth=1 https://github.com/jumpserver/Dockerfile.git cd Dockerfile cp config_example.conf .env docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d + +docker rm jms_init_db ``` -标准部署 +## 标准部署 > 请先自行创建 数据库 和 Redis, 版本要求参考上面环境要求说明 @@ -56,38 +57,46 @@ vi .env ``` ```vim # 版本号可以自己根据项目的版本修改 -VERSION=v3.10.7 +VERSION=v3.10.10 -# 构建参数, 支持 amd64/arm64/loong64 +# 构建参数, 支持 amd64, arm64, ppc64le, s390x TARGETARCH=amd64 -# Compose +# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay COMPOSE_PROJECT_NAME=jms # COMPOSE_HTTP_TIMEOUT=3600 # DOCKER_CLIENT_TIMEOUT=3600 DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=overlay # 持久化存储 VOLUME_DIR=/opt/jumpserver -# MySQL, 修改为你的外置 **数据库** 地址 +# 时区 +TZ=Asia/Shanghai + +# MySQL DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G DB_NAME=jumpserver -# Redis, 修改为你的外置 **Redis** 地址 +# Redis REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj -# Core, 修改 SECRET_KEY 和 BOOTSTRAP_TOKEN +# Core SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO LOG_LEVEL=ERROR DOMAINS= +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + # Web HTTP_PORT=80 SSH_PORT=2222 @@ -97,15 +106,119 @@ MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、lion、magnus 等。 +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... ``` ```sh docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose.yml up -d + +docker rm jms_init_db +``` + +## 集群部署 + +- Docker Swarm 集群环境 +- 自行创建 MySQL 和 Redis, 参考上面环境要求说明 +- 自行创建持久化共享存储目录 ( 例如 NFS, GlusterFS, Ceph 等 ) + +```sh +# 在所有 Docker Swarm Worker 节点挂载 NFS 或者其他共享存储, 例如 /data/jumpserver +# 注意: 需要手动创建所有需要挂载的持久化目录, Docker Swarm 模式不会自动创建所需的目录 +mkdir -p /data/jumpserver/core/data +mkdir -p /data/jumpserver/chen/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/kael/data +mkdir -p /data/jumpserver/koko/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/magnus/data +mkdir -p /data/jumpserver/web/data/logs +mkdir -p /data/jumpserver/web/download +``` +```sh +git clone --depth=1 https://github.com/jumpserver/Dockerfile.git +cd Dockerfile +cp config_example.conf .env +vi .env +``` +```vim +# 版本号可以自己根据项目的版本修改 +VERSION=v3.10.10 + +# 构建参数, 支持 amd64, arm64, ppc64le, s390x +TARGETARCH=amd64 + +# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay +COMPOSE_PROJECT_NAME=jms +# COMPOSE_HTTP_TIMEOUT=3600 +# DOCKER_CLIENT_TIMEOUT=3600 +DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=overlay + +# 持久化存储 +VOLUME_DIR=/opt/jumpserver + +# 时区 +TZ=Asia/Shanghai + +# MySQL +DB_HOST=mysql +DB_PORT=3306 +DB_USER=root +DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G +DB_NAME=jumpserver + +# Redis +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj + +# Core +SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy +BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO +LOG_LEVEL=ERROR +DOMAINS= + +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + +# Web +HTTP_PORT=80 +SSH_PORT=2222 +MAGNUS_MYSQL_PORT=33061 +MAGNUS_MARIADB_PORT=33062 +MAGNUS_REDIS_PORT=63790 + +## +# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... +``` +```sh +# 生成 docker stack 部署所需文件 +docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml +docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml +``` +```sh +# 初始化数据库 +docker stack deploy -c docker-stack-init-db.yml jumpserver +docker service ls +docker service ps jumpserver_init_db + +# 根据查到的 Worker 节点, 到对应节点查看初始化日志 +``` +```sh +# 启动 JumpServer 应用 +docker stack deploy -c docker-stack.yml jumpserver +docker service ls +``` +```sh +# 扩容缩容 +docker service update --replicas=2 jumpserver_koko # 扩容 koko 到 2 个副本 +docker service update --replicas=4 jumpserver_lion # 扩容 lion 到 2 个副本 +# ... ``` -build +## Build ```sh # 如果希望手动构建镜像, 可以使用下面的命令 cd Dockerfile diff --git a/README_EN.md b/README_EN.md index cc286a3..256fc4c 100644 --- a/README_EN.md +++ b/README_EN.md @@ -12,22 +12,23 @@ -------------------------- -Environment Requirements +## Environment Requirements - MariaDB Server >= 10.6 - Redis Server >= 6.0 -Quick Deployment +## Quick Deployment ```sh # Suitable for testing environment, for production environment, it is recommended to use external data git clone --depth=1 https://github.com/jumpserver/Dockerfile.git cd Dockerfile cp config_example.conf .env docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d + +docker rm jms_init_db ``` -Standard Deployment +## Standard Deployment > Please create the database and Redis yourself first, the version requirements refer to the above environment requirements @@ -55,39 +56,47 @@ cp config_example.conf .env vi .env ``` ```vim -# You can modify the version number according to the project version -VERSION=v3.10.7 +# The version number can be modified according to the version of the project +VERSION=v3.10.10 -# Build parameters, support amd64/arm64/loong64 +# Build parameters, support amd64, arm64, ppc64le, s390x TARGETARCH=amd64 -# Compose +# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay COMPOSE_PROJECT_NAME=jms # COMPOSE_HTTP_TIMEOUT=3600 # DOCKER_CLIENT_TIMEOUT=3600 DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=bridge # Persistent storage VOLUME_DIR=/opt/jumpserver -# MySQL, modify to your external **database** address +# Time zone +TZ=Asia/Shanghai + +# MySQL DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G DB_NAME=jumpserver -# Redis, modify to your external **Redis** address +# Redis REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj -# Core, modify SECRET_KEY and BOOTSTRAP_TOKEN +# Core SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO LOG_LEVEL=ERROR DOMAINS= +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + # Web HTTP_PORT=80 SSH_PORT=2222 @@ -96,16 +105,120 @@ MAGNUS_MARIADB_PORT=33062 MAGNUS_REDIS_PORT=63790 ## -# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it during the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. -# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. Components refer to koko, lion, magnus, etc. +# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. +# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ... ``` ```sh docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up -d -docker exec -i jms_core bash -c './jms upgrade_db' docker compose -f docker-compose-network.yml -f docker-compose.yml up -d + +docker rm jms_init_db +``` + +## Cluster Deployment + +- Docker Swarm cluster environment +- Create MySQL and Redis yourself, refer to the above environment requirements +- Create a persistent shared storage directory yourself (such as NFS, GlusterFS, Ceph, etc.) + +```sh +# Mount NFS or other shared storage on all Docker Swarm Worker nodes, such as /data/jumpserver +# Note: You need to manually create all the persistent directories that need to be mounted, Docker Swarm mode will not automatically create the required directories +mkdir -p /data/jumpserver/core/data +mkdir -p /data/jumpserver/chen/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/kael/data +mkdir -p /data/jumpserver/koko/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/magnus/data +mkdir -p /data/jumpserver/web/data/logs +mkdir -p /data/jumpserver/web/download +``` +```sh +git clone --depth=1 https://github.com/jumpserver/Dockerfile.git +cd Dockerfile +cp config_example.conf .env +vi .env +``` +```vim +# The version number can be modified according to the version of the project +VERSION=v3.10.10 + +# Build parameters, support amd64, arm64, ppc64le, s390x +TARGETARCH=amd64 + +# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay +COMPOSE_PROJECT_NAME=jms +# COMPOSE_HTTP_TIMEOUT=3600 +# DOCKER_CLIENT_TIMEOUT=3600 +DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=overlay + +# Persistent storage +VOLUME_DIR=/opt/jumpserver + +# Time zone +TZ=Asia/Shanghai + +# MySQL +DB_HOST=mysql +DB_PORT=3306 +DB_USER=root +DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G +DB_NAME=jumpserver + +# Redis +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj + +# Core +SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy +BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO +LOG_LEVEL=ERROR +DOMAINS= + +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + +# Web +HTTP_PORT=80 +SSH_PORT=2222 +MAGNUS_MYSQL_PORT=33061 +MAGNUS_MARIADB_PORT=33062 +MAGNUS_REDIS_PORT=63790 + +## +# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. +# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ... +``` +```sh +# Generate files required for docker stack deployment +docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml +docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml +``` +```sh +# Initialize the database +docker stack deploy -c docker-stack-init-db.yml jumpserver +docker service ls +docker service ps jumpserver_init_db + +# According to the found Worker node, check the initialization log on the corresponding node +``` +```sh +# Start JumpServer application +docker stack deploy -c docker-stack.yml jumpserver +docker service ls +``` +```sh +# Scale up and down +docker service update --replicas=2 jumpserver_koko # Scale up koko to 2 replicas +docker service update --replicas=4 jumpserver_lion # Scale up lion to 2 replicas +# ... ``` -Build +## Build ```vim # Build parameters, support amd64/arm64 TARGETARCH=amd64 diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 8f08cb1..52b2deb 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -72,18 +72,11 @@ RUN set -ex \ ARG PREFIX_DIR=/opt/guacamole ENV LD_LIBRARY_PATH=${PREFIX_DIR}/lib -ARG RUNTIME_DEPENDENCIES=" \ - fonts-dejavu \ - fonts-liberation \ - ghostscript \ - netcat-openbsd \ - xfonts-terminus" COPY --from=guacd ${PREFIX_DIR} ${PREFIX_DIR} RUN set -ex \ && apt-get update \ - && apt-get install -y --no-install-recommends $RUNTIME_DEPENDENCIES \ && apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES) \ && apt-get clean all \ && rm -rf /var/lib/apt/lists/* @@ -136,6 +129,12 @@ RUN set -ex \ && chown -R root:root /opt/luna \ && rm -f /opt/*.tar.gz +RUN set -ex \ + && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ + && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ + && chown root:root /opt/prepare.sh \ + && chmod 755 /opt/prepare.sh + COPY readme.txt readme.txt COPY entrypoint.sh . COPY nginx.conf /etc/nginx/nginx.conf @@ -145,12 +144,6 @@ RUN chmod +x ./entrypoint.sh ENV TERMINAL_MAGNUS_ENABLED=False \ TERMINAL_KOKO_SSH_ENABLED=False -RUN set -ex \ - && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ - && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ - && chown root:root /opt/prepare.sh \ - && chmod 755 /opt/prepare.sh - VOLUME /opt/jumpserver/data VOLUME /opt/koko/data VOLUME /opt/lion/data @@ -160,4 +153,5 @@ VOLUME /opt/download VOLUME /var/log/nginx EXPOSE 80 2222 + ENTRYPOINT ["./entrypoint.sh"] \ No newline at end of file diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index 90b659b..5bdb3f8 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -14,14 +14,12 @@ if [ ! "${DB_HOST}" ] || [ ! "${DB_PORT}" ] || [ ! "${REDIS_HOST}" ] || [ ! "${R exit 1 fi -while ! nc -z "${DB_HOST}" "${DB_PORT}"; -do +until check tcp://${DB_HOST}:${DB_PORT}; do echo "wait for jms_mysql ${DB_HOST} ready" sleep 2s done -while ! nc -z "${REDIS_HOST}" "${REDIS_PORT}"; -do +until check tcp://${REDIS_HOST}:${REDIS_PORT}; do echo "wait for jms_redis ${REDIS_HOST} ready" sleep 2s done @@ -40,10 +38,6 @@ if [ ! -d "/opt/jumpserver/data/static" ]; then chmod 755 -R /opt/jumpserver/data/static fi -if [ -f "/opt/readme.txt" ]; then - sed -i "s@VERSION:.*@VERSION: ${VERSION}@g" /opt/readme.txt -fi - rm -f /opt/jumpserver/tmp/*.pid if [ ! "${LOG_LEVEL}" ]; then @@ -71,6 +65,7 @@ cd /opt/jumpserver || exit 1 echo echo "Time: $(date "+%Y-%m-%d %H:%M:%S")" if [ -f "/opt/readme.txt" ]; then + sed -i "s@VERSION:.*@VERSION: ${VERSION}@g" /opt/readme.txt cat /opt/readme.txt rm -f /opt/readme.txt fi diff --git a/config_example.conf b/config_example.conf index 0937345..125dd22 100644 --- a/config_example.conf +++ b/config_example.conf @@ -1,14 +1,15 @@ # 版本号可以自己根据项目的版本修改 -VERSION=v3.10.9 +VERSION=v3.10.10 -# 构建参数, 支持 amd64 +# 构建参数, 支持 amd64, arm64, ppc64le, s390x TARGETARCH=amd64 -# Compose +# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay COMPOSE_PROJECT_NAME=jms # COMPOSE_HTTP_TIMEOUT=3600 # DOCKER_CLIENT_TIMEOUT=3600 DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=bridge # 持久化存储 VOLUME_DIR=/opt/jumpserver @@ -34,6 +35,10 @@ BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO LOG_LEVEL=ERROR DOMAINS= +# Lion +GUA_HOST=guacd +GUA_PORT=4822 + # Web HTTP_PORT=80 SSH_PORT=2222 @@ -43,4 +48,4 @@ MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... \ No newline at end of file diff --git a/core/entrypoint.sh b/core/entrypoint.sh index 985b7b6..a1ed257 100755 --- a/core/entrypoint.sh +++ b/core/entrypoint.sh @@ -1,10 +1,25 @@ #!/bin/bash # +until check tcp://${DB_HOST}:${DB_PORT}; do + echo "wait for jms_mysql ${DB_HOST} ready" + sleep 2s +done + +until check tcp://${REDIS_HOST}:${REDIS_PORT}; do + echo "wait for jms_redis ${REDIS_HOST} ready" + sleep 2s +done + rm -f /opt/jumpserver/tmp/*.pid -if [ "$1" = "start" ]; then - set -- /opt/jumpserver/jms "$@" -fi +case "$1" in + start|init_db|upgrade_db) + set -- /opt/jumpserver/jms "$@" + ;; + *) + exec "$@" + ;; +esac exec "$@" \ No newline at end of file diff --git a/docker-compose-build.yml b/docker-compose-build.yml index fe08df2..6a6e567 100644 --- a/docker-compose-build.yml +++ b/docker-compose-build.yml @@ -10,23 +10,7 @@ services: container_name: jms_core restart: always command: start web - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} - DOMAIN: ${DOMAIN:-} + env_file: .env healthcheck: test: "check http://localhost:8080/api/health/" interval: 10s @@ -43,22 +27,7 @@ services: container_name: jms_celery restart: always command: start task - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} + env_file: .env depends_on: core: condition: service_healthy @@ -84,12 +53,7 @@ services: container_name: jms_koko restart: always privileged: true - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - SSHD_PORT: ${SSH_PORT:-2222} + env_file: .env depends_on: core: condition: service_healthy @@ -129,13 +93,7 @@ services: image: jumpserver/jms_lion:${VERSION} container_name: jms_lion restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - GUA_HOST: ${GUA_HOST:-guacd} - GUA_PORT: ${GUA_PORT:-4822} + env_file: .env depends_on: core: condition: service_healthy @@ -160,14 +118,7 @@ services: image: jumpserver/jms_magnus:${VERSION} container_name: jms_magnus restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} + env_file: .env depends_on: core: condition: service_healthy @@ -196,11 +147,7 @@ services: image: jumpserver/jms_chen:${VERSION} container_name: jms_chen restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + env_file: .env volumes: - ${VOLUME_DIR}/chen/data:/opt/chen/data depends_on: @@ -225,11 +172,7 @@ services: image: jumpserver/jms_kael:${VERSION} container_name: jms_kael restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + env_file: .env volumes: - ${VOLUME_DIR}/kael/data:/opt/kael/data depends_on: @@ -254,9 +197,7 @@ services: image: jumpserver/jms_web:${VERSION} container_name: jms_web restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 + env_file: .env depends_on: core: condition: service_healthy @@ -273,12 +214,4 @@ services: ports: - ${HTTP_PORT:-80}:80 networks: - - net - -networks: - net: - driver: bridge - ipam: - driver: default - config: - - subnet: $DOCKER_SUBNET \ No newline at end of file + - net \ No newline at end of file diff --git a/docker-compose-init-db.yml b/docker-compose-init-db.yml index 9051594..7f86385 100644 --- a/docker-compose-init-db.yml +++ b/docker-compose-init-db.yml @@ -1,21 +1,17 @@ services: - core: + init_db: image: jumpserver/jms_core:${VERSION} - container_name: jms_core - command: "tail -f /dev/null" - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD + container_name: jms_init_db + command: upgrade_db + deploy: + mode: replicated-job + replicas: 1 + restart_policy: + condition: none + placement: + constraints: + - "node.role==worker" + env_file: .env volumes: - ${VOLUME_DIR}/core/data:/opt/jumpserver/data networks: diff --git a/docker-compose-mariadb.yml b/docker-compose-mariadb.yml index 78c8534..f5ddf56 100644 --- a/docker-compose-mariadb.yml +++ b/docker-compose-mariadb.yml @@ -1,9 +1,4 @@ services: - core: - depends_on: - mysql: - condition: service_healthy - mysql: image: mariadb:10.6 container_name: jms_mysql diff --git a/docker-compose-network.yml b/docker-compose-network.yml index 390ea81..53c3b91 100644 --- a/docker-compose-network.yml +++ b/docker-compose-network.yml @@ -1,6 +1,6 @@ networks: net: - driver: bridge + driver: ${NETWORK_DRIVER:-bridge} ipam: driver: default config: diff --git a/docker-compose-redis.yml b/docker-compose-redis.yml index f01bf71..f4688e8 100644 --- a/docker-compose-redis.yml +++ b/docker-compose-redis.yml @@ -1,9 +1,4 @@ services: - core: - depends_on: - mysql: - condition: service_healthy - redis: image: redis:7.0 container_name: jms_redis diff --git a/docker-compose.yml b/docker-compose.yml index 25f4ef0..7ece409 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,23 +2,20 @@ services: core: image: jumpserver/jms_core:${VERSION} container_name: jms_core - restart: always command: start web - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_PORT: ${MAGNUS_PORT:-30000-30020} - DOMAINS: ${DOMAINS:-} + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "1" + # memory: 1536M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:8080/api/health/" interval: 10s @@ -33,26 +30,20 @@ services: celery: image: jumpserver/jms_core:${VERSION} container_name: jms_celery - restart: always command: start task - environment: - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: $SECRET_KEY - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - DB_HOST: $DB_HOST - DB_PORT: $DB_PORT - DB_USER: $DB_USER - DB_PASSWORD: $DB_PASSWORD - DB_NAME: $DB_NAME - REDIS_HOST: $REDIS_HOST - REDIS_PORT: $REDIS_PORT - REDIS_PASSWORD: $REDIS_PASSWORD - MAGNUS_PORT: ${MAGNUS_PORT:-30000-30020} - DOMAINS: ${DOMAINS:-} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.2" + # memory: 1024M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "bash /opt/jumpserver/utils/check_celery.sh" interval: 10s @@ -67,17 +58,20 @@ services: koko: image: jumpserver/jms_koko:${VERSION} container_name: jms_koko - restart: always privileged: true - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - SSHD_PORT: ${SSH_PORT:-2222} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:5000/koko/health/" interval: 10s @@ -87,7 +81,7 @@ services: volumes: - ${VOLUME_DIR}/koko/data:/opt/koko/data ports: - - ${SSH_PORT:-2222}:${SSH_PORT} + - ${SSH_PORT:-2222}:${SSH_PORT:-2222} networks: - net @@ -95,7 +89,18 @@ services: image: jumpserver/guacd:1.5.5-bookworm container_name: jms_guacd user: root - restart: always + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" environment: TZ: ${TZ:-Asia/Shanghai} GUACD_LOG_LEVEL: ${GUACD_LOG_LEVEL:-error} @@ -107,17 +112,19 @@ services: lion: image: jumpserver/jms_lion:${VERSION} container_name: jms_lion - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - GUA_HOST: ${GUA_HOST:-guacd} - GUA_PORT: ${GUA_PORT:-4822} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:8081/lion/health/" interval: 10s @@ -132,18 +139,19 @@ services: magnus: image: jumpserver/jms_magnus:${VERSION} container_name: jms_magnus - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL - MAGNUS_MYSQL_PORT: ${MAGNUS_MYSQL_PORT:-33061} - MAGNUS_MARIADB_PORT: ${MAGNUS_MARIADB_PORT:-33062} - MAGNUS_REDIS_PORT: ${MAGNUS_REDIS_PORT:-63790} - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost:8088/health" interval: 10s @@ -162,17 +170,21 @@ services: chen: image: jumpserver/jms_chen:${VERSION} container_name: jms_chen - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env volumes: - ${VOLUME_DIR}/chen/data:/opt/chen/data - depends_on: - core: - condition: service_healthy healthcheck: test: "check http://localhost:8082/chen" interval: 10s @@ -185,17 +197,21 @@ services: kael: image: jumpserver/jms_kael:${VERSION} container_name: jms_kael - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN - LOG_LEVEL: $LOG_LEVEL + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env volumes: - ${VOLUME_DIR}/kael/data:/opt/kael/data - depends_on: - core: - condition: service_healthy healthcheck: test: "check http://localhost:8083/kael/health/" interval: 10s @@ -208,13 +224,19 @@ services: web: image: jumpserver/jms_web:${VERSION} container_name: jms_web - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - CORE_HOST: http://core:8080 - depends_on: - core: - condition: service_healthy + deploy: + mode: replicated + replicas: 1 + # resources: + # limits: + # cpus: "0.1" + # memory: 128M + restart_policy: + condition: on-failure + placement: + constraints: + - "node.role==worker" + env_file: .env healthcheck: test: "check http://localhost/api/health/" interval: 10s