From c5f9035d5fd47f301a1a4250ec7f0fdebddcefc0 Mon Sep 17 00:00:00 2001 From: ibuler Date: Fri, 23 Aug 2024 16:56:11 +0800 Subject: [PATCH 01/10] perf: all in one --- allinone/Dockerfile | 141 +++---------------------------------- allinone/gen_dockerfile.py | 3 + 2 files changed, 13 insertions(+), 131 deletions(-) create mode 100644 allinone/gen_dockerfile.py diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 0f2466d..d12f10d 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -1,7 +1,7 @@ -FROM redis:7.0-bookworm AS redis -FROM jumpserver/guacd:1.5.5-bookworm AS guacd -FROM jumpserver/jms_core:v4.1.0 -ARG TARGETARCH +ARG version=dev +FROM jumpserver/koko:${version} AS koko + +FROM jumpserver/core:${version} ARG TOOLS=" \ bash-completion \ @@ -13,138 +13,17 @@ ARG TOOLS=" \ supervisor \ wget" -RUN set -ex \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && mkdir -p /var/cache/nginx \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* - -WORKDIR /opt - -ARG WISP_VERSION=v0.1.22 -RUN set -ex \ - && wget https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -ARG MONGOSH_VERSION=2.2.12 -RUN set -e \ - && \ - case "${TARGETARCH}" in \ - amd64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ - ;; \ - arm64|ppc64le|s390x) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ - ;; \ - *) \ - echo "Unsupported architecture: ${TARGETARCH}" \ - ;; \ - esac - -ARG HELM_VERSION=v3.15.2 -ARG KUBECTL_VERSION=v1.30.2 -RUN set -ex \ - && wget -O /usr/local/bin/rawkubectl https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${TARGETARCH}/kubectl \ - && wget http://download.jumpserver.org/public/kubectl_aliases.tar.gz \ - && mkdir /opt/kubectl-aliases/ \ - && tar -xf kubectl_aliases.tar.gz -C /opt/kubectl-aliases/ \ - && chown -R root:root /opt/kubectl-aliases/ \ - && wget https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -C /opt --strip-components=1 linux-${TARGETARCH}/helm \ - && mv helm /usr/local/bin/rawhelm \ - && chmod 755 /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \ - && chown root:root /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \ - && rm -f /opt/*.tar.gz - -ARG PREFIX_DIR=/opt/guacamole -ENV LD_LIBRARY_PATH=${PREFIX_DIR}/lib -ARG RUNTIME_DEPENDENCIES=" \ - fonts-dejavu \ - fonts-liberation \ - ghostscript \ - xfonts-terminus" - -COPY --from=guacd ${PREFIX_DIR} ${PREFIX_DIR} - -RUN set -ex \ - && apt-get update \ - && apt-get install -y --no-install-recommends $(cat "${PREFIX_DIR}"/DEPENDENCIES) \ - && apt-get clean all \ - && rm -rf /var/lib/apt/lists/* - -COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli - -RUN set -ex \ - && mkdir -p /opt/lina \ - && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ - && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ - && chown -R root:root /opt/lina \ - && rm -f /opt/*.tar.gz - -RUN set -ex \ - && mkdir -p /opt/luna \ - && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ - && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ - && chown -R root:root /opt/luna \ - && rm -f /opt/*.tar.gz - -RUN set -ex \ - && mkdir -p /opt/koko \ - && wget https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf koko-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/ --strip-components=1 \ - && mv /opt/koko/kubectl /usr/local/bin/ \ - && mv /opt/koko/helm /usr/local/bin/ \ - && chmod 755 /usr/local/bin/helm /usr/local/bin/kubectl /opt/koko/init-kubectl.sh \ - && chown root:root /usr/local/bin/helm /usr/local/bin/kubectl \ - && rm -f /opt/*.tar.gz - -RUN set -ex \ - && mkdir -p /opt/lion \ - && wget https://github.com/jumpserver/lion/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf lion-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/lion --strip-components=1 \ - && chown -R root:root /opt/lion \ - && rm -f /opt/*.tar.gz - -RUN set -ex \ - && mkdir -p /opt/chen \ - && wget https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ - && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \ - && chown -R root:root /opt/chen \ - && rm -f /opt/*.tar.gz +RUN apt-get update \ + && apt-get install -y --no-install-recommends ${TOOLS} \ + && apt-get clean -RUN set -ex \ - && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ - && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ - && chown root:root /opt/prepare.sh \ - && chmod 755 /opt/prepare.sh +COPY --from=koko /opt /opt +COPY --from=koko /usr/local/bin /usr/local/bin -COPY readme.txt readme.txt -COPY entrypoint.sh . -COPY nginx.conf /etc/nginx/nginx.conf -COPY supervisord.conf /etc/supervisor/conf.d/ -RUN chmod +x ./entrypoint.sh VOLUME /opt/jumpserver/data VOLUME /opt/koko/data -VOLUME /opt/lion/data -VOLUME /opt/chen/data -VOLUME /opt/download -VOLUME /var/log/nginx EXPOSE 80 2222 -ENTRYPOINT ["./entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["./entrypoint.sh"] diff --git a/allinone/gen_dockerfile.py b/allinone/gen_dockerfile.py new file mode 100644 index 0000000..a8a0b4f --- /dev/null +++ b/allinone/gen_dockerfile.py @@ -0,0 +1,3 @@ +#!/usr/bin/env python +# + From 85740f80cdf60bcefacf9c48b227cc056126160d Mon Sep 17 00:00:00 2001 From: fit2bot Date: Thu, 5 Sep 2024 19:37:26 +0800 Subject: [PATCH 02/10] perf: stash --- allinone/Dockerfile | 33 +++++++++-- allinone/docker-compose.yml | 2 +- allinone/entrypoint.sh | 38 ++++-------- allinone/gen_dockerfile.py | 3 - allinone/nginx.conf | 114 ------------------------------------ allinone/start_db.sh | 25 ++++++++ allinone/supervisord.conf | 18 ++++++ 7 files changed, 85 insertions(+), 148 deletions(-) delete mode 100644 allinone/gen_dockerfile.py delete mode 100644 allinone/nginx.conf create mode 100644 allinone/start_db.sh diff --git a/allinone/Dockerfile b/allinone/Dockerfile index d12f10d..380ba17 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -1,16 +1,22 @@ -ARG version=dev +ARG version=dev-ce FROM jumpserver/koko:${version} AS koko +FROM jumpserver/lion:${version} AS lion +FROM jumpserver/chen:${version} AS chen +FROM jumpserver/web:${version} AS web FROM jumpserver/core:${version} ARG TOOLS=" \ bash-completion \ curl \ - default-mysql-client \ - nginx \ + vim \ + procps \ + sudo \ logrotate \ - openjdk-17-jre-headless \ supervisor \ + postgresql \ + openjdk-17-jre-headless \ + redis \ wget" RUN apt-get update \ @@ -18,12 +24,29 @@ RUN apt-get update \ && apt-get clean COPY --from=koko /opt /opt -COPY --from=koko /usr/local/bin /usr/local/bin +COPY --from=koko /usr /usr + +COPY --from=lion /opt /opt +COPY --from=lion /usr /usr + +COPY --from=chen /opt /opt +COPY --from=chen /usr /usr +COPY --from=chen /etc/alternatives /etc/alternatives + +COPY --from=web /opt /opt +COPY --from=web /usr /usr +COPY --from=web /etc/nginx /etc/nginx +COPY --from=web /docker-entrypoint.d /docker-entrypoint.d +COPY supervisord.conf /etc/supervisor/conf.d/ VOLUME /opt/jumpserver/data VOLUME /opt/koko/data EXPOSE 80 2222 +ENV LC_ALL=C.UTF-8 +WORKDIR /opt +COPY entrypoint.sh . +COPY start_db.sh . ENTRYPOINT ["./entrypoint.sh"] diff --git a/allinone/docker-compose.yml b/allinone/docker-compose.yml index 897a35d..68fc01a 100644 --- a/allinone/docker-compose.yml +++ b/allinone/docker-compose.yml @@ -85,4 +85,4 @@ services: - net networks: - net: + net: \ No newline at end of file diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index 156b7e5..71e9f42 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -1,32 +1,25 @@ #!/bin/bash # + +cwd=$(dirname "$(realpath "$0")") action="${1}" if [[ "$action" == "bash" || "$action" == "sh" ]]; then bash exit 0 fi - echo -if [ ! "${DB_HOST}" ] || [ ! "${DB_PORT}" ] || [ ! "${REDIS_HOST}" ] || [ ! "${REDIS_PORT}" ]; then - echo -e "\033[31m Please set database environment \033[0m" - exit 1 -fi - -until check tcp://${DB_HOST}:${DB_PORT}; do - echo "wait for jms_mysql ${DB_HOST} ready" - sleep 2s +envs=("DB_PASSWORD" "REDIS_PASSWORD" "SECRET_KEY" "BOOTSTRAP_TOKEN") +for var in "${envs[@]}"; do + if [[ -z "${!var}" ]];then + echo "WARN: No ${var} set use unsafe default val" + export "$var=PleaseChangeMe" + fi + echo "$var: ${!var}" done -until check tcp://${REDIS_HOST}:${REDIS_PORT}; do - echo "wait for jms_redis ${REDIS_HOST} ready" - sleep 2s -done - -if [ ! -f "/opt/jumpserver/config.yml" ]; then - echo > /opt/jumpserver/config.yml -fi +cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml if [ ! -d "/opt/jumpserver/data/media/replay" ]; then mkdir -p /opt/jumpserver/data/media/replay @@ -38,6 +31,8 @@ if [ ! -d "/opt/jumpserver/data/static" ]; then chmod 755 -R /opt/jumpserver/data/static fi +source ${cwd}/start_db.sh + rm -f /opt/jumpserver/tmp/*.pid if [ ! "${CORE_HOST}" ]; then @@ -60,12 +55,6 @@ fi export GIN_MODE=release -cd /opt/jumpserver || exit 1 -./jms upgrade_db || { - echo -e "\033[31m Failed to change the table structure. \033[0m" - exit 1 -} - echo echo "Time: $(date "+%Y-%m-%d %H:%M:%S")" if [ -f "/opt/readme.txt" ]; then @@ -78,5 +67,4 @@ echo echo "LOG_LEVEL: ${LOG_LEVEL}" echo "JumpServer Logs:" -/etc/init.d/nginx start -/etc/init.d/supervisor start \ No newline at end of file +/etc/init.d/supervisor start diff --git a/allinone/gen_dockerfile.py b/allinone/gen_dockerfile.py deleted file mode 100644 index a8a0b4f..0000000 --- a/allinone/gen_dockerfile.py +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env python -# - diff --git a/allinone/nginx.conf b/allinone/nginx.conf deleted file mode 100644 index ac57651..0000000 --- a/allinone/nginx.conf +++ /dev/null @@ -1,114 +0,0 @@ -user root; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=cache:10m max_size=2g; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - gzip on; - server_tokens off; - - server { - listen 80; - server_name _; - - client_max_body_size 4096m; # 录像及文件上传大小限制 - - location = /robots.txt { - default_type text/html; - add_header Content-Type "text/plain; charset=UTF-8"; - return 200 "User-agent: *\nDisallow: /\n"; - } - - location /download/ { - alias /opt/download/; - try_files $uri @redirect_oss; - } - - location @redirect_oss { - rewrite ^/download/(.*)$ https://static.jumpserver.org/download/$1 permanent; - } - - location /private-media/ { - internal; - alias /opt/jumpserver/data/media/; - } - location /ui/ { - try_files $uri / /index.html; - alias /opt/lina/; - } - location /luna/ { - try_files $uri / /index.html; - alias /opt/luna/; - } - location /static/ { - root /opt/jumpserver/data/; - } - location /koko/ { - proxy_pass http://127.0.0.1:5000; - proxy_buffering off; - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /lion/ { - proxy_pass http://127.0.0.1:8081; - proxy_buffering off; - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /chen/ { - proxy_pass http://127.0.0.1:8082; - proxy_buffering off; - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /ws/ { - proxy_pass http://127.0.0.1:8080; - proxy_buffering off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location ~ ^/(core|api|media)/ { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://127.0.0.1:8080; - } - location / { - rewrite ^/(.*)$ /ui/$1 last; - } - } -} diff --git a/allinone/start_db.sh b/allinone/start_db.sh new file mode 100644 index 0000000..0ff77a9 --- /dev/null +++ b/allinone/start_db.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# + +function init_pg() { + DB_NAME=${DB_NAME-jumpserver} + POSTGRES_PASSWORD=${DB_PASSWORD-PleaseChangeMe} + + sed -i s'@DB_USER: .*@DB_USER: postgres@g' /opt/jumpserver/config.yml + + if [[ -f /var/lib/postgresql/13/main/inited.txt ]];then + return + fi + + sudo -u postgres psql -c "ALTER USER postgres PASSWORD '$POSTGRES_PASSWORD';" + sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" +} + + +echo "Start database postgre" +pg_ctlcluster 13 main start + +echo "Start redis server" +/usr/bin/redis-server /etc/redis/redis.conf --requirepass $REDIS_PASSWORD + +init_pg && touch /var/lib/postgresql/13/main/inited.txt diff --git a/allinone/supervisord.conf b/allinone/supervisord.conf index e4048bb..6c12e81 100644 --- a/allinone/supervisord.conf +++ b/allinone/supervisord.conf @@ -1,6 +1,24 @@ [supervisord] nodaemon=true +# [program:postgresql] +# command=/usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf +# autostart=true +# autorestart=true +# user=postgres +# group=postgres +# stderr_logfile=/var/log/supervisor/postgresql.err.log +# stdout_logfile=/var/log/supervisor/postgresql.out.log + + +# [program:redis-server] +# command=/usr/bin/redis-server /etc/redis/redis.conf --requirepass $REDIS_PASSWORD +# autostart=true +# autorestart=true +# stderr_logfile=/var/log/supervisor/redis-server.err.log +# stdout_logfile=/var/log/supervisor/redis-server.out.log + + [program:core] priority=1 environment=PATH="/opt/py3/bin:%(ENV_PATH)s",LANG=en_US.UTF-8 From ccada417e493484ff6eeec9188c6e2ba249e5c92 Mon Sep 17 00:00:00 2001 From: fit2bot Date: Mon, 9 Sep 2024 18:39:27 +0800 Subject: [PATCH 03/10] =?UTF-8?q?pref:=20=E5=AE=8C=E6=88=90=20allinone=20?= =?UTF-8?q?=E9=87=8D=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- allinone/Dockerfile | 10 ++++++- allinone/{start_db.sh => database.sh} | 17 ++++++++++++ allinone/entrypoint.sh | 12 +-------- allinone/start.sh | 4 +++ allinone/supervisord.conf | 39 +++++++++++---------------- 5 files changed, 46 insertions(+), 36 deletions(-) rename allinone/{start_db.sh => database.sh} (65%) create mode 100755 allinone/start.sh diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 380ba17..2bf06aa 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -11,6 +11,7 @@ ARG TOOLS=" \ curl \ vim \ procps \ + net-tools \ sudo \ logrotate \ supervisor \ @@ -28,6 +29,9 @@ COPY --from=koko /usr /usr COPY --from=lion /opt /opt COPY --from=lion /usr /usr +COPY --from=lion /lib /lib +COPY --from=lion /lib32 /lib32 +COPY --from=lion /libx32 /libx32 COPY --from=chen /opt /opt COPY --from=chen /usr /usr @@ -37,6 +41,10 @@ COPY --from=web /opt /opt COPY --from=web /usr /usr COPY --from=web /etc/nginx /etc/nginx COPY --from=web /docker-entrypoint.d /docker-entrypoint.d +COPY --from=web /docker-entrypoint.sh /opt/web/entrypoint.sh +RUN useradd nginx \ + && mkdir -p /var/log/nginx \ + && mkdir -p /var/cache/nginx COPY supervisord.conf /etc/supervisor/conf.d/ @@ -48,5 +56,5 @@ ENV LC_ALL=C.UTF-8 WORKDIR /opt COPY entrypoint.sh . -COPY start_db.sh . +COPY database.sh . ENTRYPOINT ["./entrypoint.sh"] diff --git a/allinone/start_db.sh b/allinone/database.sh similarity index 65% rename from allinone/start_db.sh rename to allinone/database.sh index 0ff77a9..9a723fa 100644 --- a/allinone/start_db.sh +++ b/allinone/database.sh @@ -2,6 +2,7 @@ # function init_pg() { + echo "Init database" DB_NAME=${DB_NAME-jumpserver} POSTGRES_PASSWORD=${DB_PASSWORD-PleaseChangeMe} @@ -15,11 +16,27 @@ function init_pg() { sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" } +function init_ng(){ + echo "Init nginx" + echo """ + 127.0.0.1 core + 127.0.0.1 koko + 127.0.0.1 lion + 127.0.0.1 chen + """ >> /etc/hosts + mkdir -p /var/log/nginx + mkdir -p /var/cache/nginx + + /docker-entrypoint.d/40-init-config.sh +} echo "Start database postgre" +chown postgres /var/lib/postgresql/13/main pg_ctlcluster 13 main start echo "Start redis server" /usr/bin/redis-server /etc/redis/redis.conf --requirepass $REDIS_PASSWORD init_pg && touch /var/lib/postgresql/13/main/inited.txt +init_ng + diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index 71e9f42..affcdaa 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -21,17 +21,8 @@ done cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml -if [ ! -d "/opt/jumpserver/data/media/replay" ]; then - mkdir -p /opt/jumpserver/data/media/replay - chmod 755 -R /opt/jumpserver/data/media/replay -fi - -if [ ! -d "/opt/jumpserver/data/static" ]; then - mkdir -p /opt/jumpserver/data/static - chmod 755 -R /opt/jumpserver/data/static -fi -source ${cwd}/start_db.sh +source ${cwd}/database.sh rm -f /opt/jumpserver/tmp/*.pid @@ -43,7 +34,6 @@ if [ ! "${LOG_LEVEL}" ]; then export LOG_LEVEL=ERROR fi sed -i "s@root: INFO@root: ${LOG_LEVEL}@g" /opt/chen/config/application.yml -sed -i "s@address: static://127.0.0.1:9090@address: static://127.0.0.1:9092@g" /opt/chen/config/application.yml if [ -f "/etc/init.d/cron" ]; then /etc/init.d/cron start diff --git a/allinone/start.sh b/allinone/start.sh new file mode 100755 index 0000000..bfedfe1 --- /dev/null +++ b/allinone/start.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# +docker volume create pgdata &> /dev/null +docker run --name one --rm -v pgdata:/var/lib/postgresql/ -e DOMAINS=localhost:8085,jumpserver-test.fit2cloud.com:8085 -p 8085:80 -p 8086:8080 allinone diff --git a/allinone/supervisord.conf b/allinone/supervisord.conf index 6c12e81..67b2b3b 100644 --- a/allinone/supervisord.conf +++ b/allinone/supervisord.conf @@ -1,24 +1,6 @@ [supervisord] nodaemon=true -# [program:postgresql] -# command=/usr/lib/postgresql/13/bin/postgres -D /var/lib/postgresql/13/main -c config_file=/etc/postgresql/13/main/postgresql.conf -# autostart=true -# autorestart=true -# user=postgres -# group=postgres -# stderr_logfile=/var/log/supervisor/postgresql.err.log -# stdout_logfile=/var/log/supervisor/postgresql.out.log - - -# [program:redis-server] -# command=/usr/bin/redis-server /etc/redis/redis.conf --requirepass $REDIS_PASSWORD -# autostart=true -# autorestart=true -# stderr_logfile=/var/log/supervisor/redis-server.err.log -# stdout_logfile=/var/log/supervisor/redis-server.out.log - - [program:core] priority=1 environment=PATH="/opt/py3/bin:%(ENV_PATH)s",LANG=en_US.UTF-8 @@ -34,7 +16,7 @@ autorestart=true priority=100 environment=LANG=en_US.UTF-8 directory=/opt/koko/ -command=/opt/koko/koko +command=/opt/koko/entrypoint.sh ./koko stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr @@ -43,8 +25,8 @@ autorestart=true [program:guacd] priority=10 -environment=LANG=en_US.UTF-8 -command=/opt/guacamole/sbin/guacd -b 0.0.0.0 -f -L error -p /var/run/guacd.pid +environment=LANG=en_US.UTF-8,LD_LIBRARY_PATH=/opt/guacamole/lib +command=/opt/guacamole/sbin/guacd -b 0.0.0.0 -f -L debug -p /var/run/guacd.pid stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr @@ -55,7 +37,7 @@ autorestart=true priority=100 environment=LANG=en_US.UTF-8 directory=/opt/lion/ -command=/opt/lion/lion +command=/opt/lion/entrypoint.sh ./lion stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr @@ -64,9 +46,18 @@ autorestart=true [program:chen] priority=100 -environment=WORK_DIR="/opt/chen",COMPONENT_NAME="chen",WISP_TRACE_PROCESS=1,EXECUTE_PROGRAM="java -Dfile.encoding=utf-8 -XX:+ExitOnOutOfMemoryError -jar /opt/chen/chen.jar --mock.enable=false",BIND_PORT=9092,LANG=en_US.UTF-8 directory=/opt/chen/ -command=/usr/local/bin/wisp +command=/opt/chen/entrypoint.sh wisp +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +autorestart=true + +[program:web] +priority=1000 +directory=/opt +command=/opt/web/entrypoint.sh nginx -g "daemon off;" stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr From f57afd272bc0f694f7c32da19d12ef15bfd1e6f1 Mon Sep 17 00:00:00 2001 From: fit2bot Date: Tue, 10 Sep 2024 15:27:12 +0800 Subject: [PATCH 04/10] pref: base finished --- .github/workflows/build.yml | 41 ---------- allinone/Dockerfile | 13 +++- allinone/database.sh | 42 ---------- allinone/demo_run.sh | 8 ++ allinone/entrypoint.sh | 76 ++++++++++++------ allinone/service.sh | 76 ++++++++++++++++++ allinone/start.sh | 4 - chen/Dockerfile | 84 -------------------- chen/entrypoint.sh | 23 ------ core/Dockerfile | 149 ------------------------------------ core/entrypoint.sh | 25 ------ koko/Dockerfile | 139 --------------------------------- koko/entrypoint.sh | 20 ----- lion/Dockerfile | 84 -------------------- lion/entrypoint.sh | 20 ----- 15 files changed, 144 insertions(+), 660 deletions(-) delete mode 100644 allinone/database.sh create mode 100755 allinone/demo_run.sh create mode 100644 allinone/service.sh delete mode 100755 allinone/start.sh delete mode 100644 chen/Dockerfile delete mode 100755 chen/entrypoint.sh delete mode 100644 core/Dockerfile delete mode 100755 core/entrypoint.sh delete mode 100644 koko/Dockerfile delete mode 100755 koko/entrypoint.sh delete mode 100644 lion/Dockerfile delete mode 100755 lion/entrypoint.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 81a28c8..28c65d4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,47 +7,6 @@ on: - v4.* jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - component: [core, koko, lion, chen, web] - steps: - - uses: actions/checkout@v4 - - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - name: Get Version - run: | - echo "version=$(basename ${GITHUB_REF})" >> $GITHUB_ENV - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and Push Image - uses: docker/build-push-action@v5 - with: - context: . - file: ${{ matrix.component }}/Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - ${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }} - ${{ github.repository_owner }}/jms_${{ matrix.component }}:latest - ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:${{ env.version }} - ghcr.io/${{ github.repository_owner }}/jms_${{ matrix.component }}:latest - cache-from: type=gha - cache-to: type=gha,mode=max - allinone: needs: build runs-on: ubuntu-latest diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 2bf06aa..22d7a54 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -4,7 +4,7 @@ FROM jumpserver/lion:${version} AS lion FROM jumpserver/chen:${version} AS chen FROM jumpserver/web:${version} AS web -FROM jumpserver/core:${version} +FROM jumpserver/core:${version} AS core ARG TOOLS=" \ bash-completion \ @@ -48,13 +48,18 @@ RUN useradd nginx \ COPY supervisord.conf /etc/supervisor/conf.d/ -VOLUME /opt/jumpserver/data -VOLUME /opt/koko/data +FROM debian:bullseye-slim + +COPY --from=core / / + +VOLUME /opt/data +VOLUME /opt/download +VOLUME /var/log/nginx EXPOSE 80 2222 ENV LC_ALL=C.UTF-8 WORKDIR /opt COPY entrypoint.sh . -COPY database.sh . +COPY service.sh . ENTRYPOINT ["./entrypoint.sh"] diff --git a/allinone/database.sh b/allinone/database.sh deleted file mode 100644 index 9a723fa..0000000 --- a/allinone/database.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# - -function init_pg() { - echo "Init database" - DB_NAME=${DB_NAME-jumpserver} - POSTGRES_PASSWORD=${DB_PASSWORD-PleaseChangeMe} - - sed -i s'@DB_USER: .*@DB_USER: postgres@g' /opt/jumpserver/config.yml - - if [[ -f /var/lib/postgresql/13/main/inited.txt ]];then - return - fi - - sudo -u postgres psql -c "ALTER USER postgres PASSWORD '$POSTGRES_PASSWORD';" - sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" -} - -function init_ng(){ - echo "Init nginx" - echo """ - 127.0.0.1 core - 127.0.0.1 koko - 127.0.0.1 lion - 127.0.0.1 chen - """ >> /etc/hosts - mkdir -p /var/log/nginx - mkdir -p /var/cache/nginx - - /docker-entrypoint.d/40-init-config.sh -} - -echo "Start database postgre" -chown postgres /var/lib/postgresql/13/main -pg_ctlcluster 13 main start - -echo "Start redis server" -/usr/bin/redis-server /etc/redis/redis.conf --requirepass $REDIS_PASSWORD - -init_pg && touch /var/lib/postgresql/13/main/inited.txt -init_ng - diff --git a/allinone/demo_run.sh b/allinone/demo_run.sh new file mode 100755 index 0000000..267cc8c --- /dev/null +++ b/allinone/demo_run.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# +docker volume create jsdata &> /dev/null +docker run --name jumpserver \ + -v jsdata:/opt/data \ + -e DOMAINS=localhost:8085,jumpserver-test.fit2cloud.com:8085 \ + -p 8085:80 \ + -p 8086:8080 jumpserver/jms_all diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index affcdaa..e5abe81 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -10,40 +10,66 @@ if [[ "$action" == "bash" || "$action" == "sh" ]]; then fi echo -envs=("DB_PASSWORD" "REDIS_PASSWORD" "SECRET_KEY" "BOOTSTRAP_TOKEN") -for var in "${envs[@]}"; do - if [[ -z "${!var}" ]];then - echo "WARN: No ${var} set use unsafe default val" - export "$var=PleaseChangeMe" +function prepare_core() { + SECRET_KEY=${SECRET_KEY:-PleaseChangeMe} + BOOTSTRAP_TOKEN=${BOOTSTRAP_TOKEN:-PleaseChangeMe} + CORE_HOST=${CORE_HOST:-"http://localhost:8080"} + LOG_LEVEL=${LOG_LEVEL:-INFO} + + export SECRET_KEY BOOTSTRAP_TOKEN CORE_HOST LOG_LEVEL + export PATH=/opt/py3/bin/:$PATH + + if [[ -f /opt/jumpserver/config.yml ]];then + echo > /opt/jumpserver/config.yml fi - echo "$var: ${!var}" -done + rm -f /opt/jumpserver/tmp/*.pid +} -cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml +function mv_dir_link(){ + src=$1 + dst=$2 -source ${cwd}/database.sh + mkdir -p ${dst} + if [[ -d ${src} || ! -L ${src} ]];then + count=$(ls ${src} | wc -l) + if [[ "${count}" != "0" ]];then + mv ${src}/* ${dst}/ + fi + rm -rf ${src} + fi + if [[ ! -d ${src} ]];then + ln -s ${dst} ${src} + fi +} -rm -f /opt/jumpserver/tmp/*.pid +function prepare_data_persist() { + for app in jumpserver koko lion chen;do + mv_dir_link /opt/$app/data /opt/data/${app} + done + + mv_dir_link /var/log/nginx /opt/data/nginx + mv_dir_link /var/lib/redis /opt/data/redis + mv_dir_link /var/lib/postgresql /opt/data/postgresql + chown postgres:postgres /var/lib/postgresql /opt/data/postgresql +} -if [ ! "${CORE_HOST}" ]; then - export CORE_HOST=http://localhost:8080 -fi - -if [ ! "${LOG_LEVEL}" ]; then - export LOG_LEVEL=ERROR -fi -sed -i "s@root: INFO@root: ${LOG_LEVEL}@g" /opt/chen/config/application.yml +function upgrade_db() { + cd /opt/jumpserver || exit 1 + ./jms upgrade_db || { + echo -e "\033[31m Failed to change the table structure. \033[0m" + exit 1 + } +} -if [ -f "/etc/init.d/cron" ]; then - /etc/init.d/cron start -fi +export GIN_MODE=release -if [ "$(uname -m)" = "loongarch64" ]; then - export SECURITY_LOGIN_CAPTCHA_ENABLED=False -fi +prepare_core +prepare_data_persist -export GIN_MODE=release +# start other service +source ${cwd}/service.sh +upgrade_db echo echo "Time: $(date "+%Y-%m-%d %H:%M:%S")" diff --git a/allinone/service.sh b/allinone/service.sh new file mode 100644 index 0000000..03391f5 --- /dev/null +++ b/allinone/service.sh @@ -0,0 +1,76 @@ +#!/bin/bash +# + +function init_pg() { + echo ">> Init database" + DB_NAME=${DB_NAME:-jumpserver} + DB_PASSWORD=${DB_PASSWORD:-PleaseChangeMe} + DB_ENGINE=${DB_ENGINE:-postgresql} + DB_HOST=${DB_HOST:-127.0.0.1} + DB_PORT=${DB_PORT:-5432} + DB_USER=${DB_USER:-postgre} + + export DB_NAME DB_PASSWORD DB_ENGINE DB_HOST DB_PORT DB_USER + + if [[ ${DB_HOST} != "127.0.0.1" ]];then + echo "External database skip start, ${DB_HOST}" + return + fi + + if [[ ! -f /var/lib/postgresql/13/main/inited.txt ]];then + sudo -u postgres psql -c "ALTER USER postgres PASSWORD '$DB_PASSWORD';" + sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" + touch /var/lib/postgresql/13/main/inited.txt + fi + + echo ">> Start database postgre" + chown -R postgres:postgres /var/lib/postgresql/13/main + pg_ctlcluster 13 main start + +} + +function init_ng(){ + echo ">> Init nginx" + echo """ +127.0.0.1 core +127.0.0.1 koko +127.0.0.1 lion +127.0.0.1 chen + """ >> /etc/hosts + mkdir -p /var/log/nginx + mkdir -p /var/cache/nginx +} + +function init_redis() { + REDIS_HOST=${REDIS_HOST:-127.0.0.1} + REDIS_PORT=${REDIS_PORT:-6379} + REDIS_PASSWORD=${REDIS_PASSWORD:-PleaseChangeMe} + export REDIS_HOST REDIS_PORT REDIS_PASSWORD + + if [[ ${REDIS_HOST} != '127.0.0.1' ]];then + echo "External redis server skip start, ${REDIS_HOST}" + return + fi + + echo ">> Start redis server" + /usr/bin/redis-server /etc/redis/redis.conf --requirepass $REDIS_PASSWORD +} + +function init_other() { + # chen + sed -i "s@root: INFO@root: ${LOG_LEVEL}@g" /opt/chen/config/application.yml + + # cron + if [ -f "/etc/init.d/cron" ]; then + /etc/init.d/cron start + fi + +} + + +init_pg +init_ng +init_redis +init_other + + diff --git a/allinone/start.sh b/allinone/start.sh deleted file mode 100755 index bfedfe1..0000000 --- a/allinone/start.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -# -docker volume create pgdata &> /dev/null -docker run --name one --rm -v pgdata:/var/lib/postgresql/ -e DOMAINS=localhost:8085,jumpserver-test.fit2cloud.com:8085 -p 8085:80 -p 8086:8080 allinone diff --git a/chen/Dockerfile b/chen/Dockerfile deleted file mode 100644 index 5775a01..0000000 --- a/chen/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -FROM debian:bookworm-slim AS stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f /opt/*.tar.gz - -ARG WISP_VERSION=v0.1.22 -RUN set -e \ - && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -WORKDIR /opt/chen - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -RUN set -e \ - && cd /opt \ - && wget --quiet https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ - && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \ - && chown -R root:root /opt/chen \ - && rm -f /opt/*.tar.gz - -FROM debian:bookworm-slim -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates \ - openjdk-17-jre-headless" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc \ - && sed -i "s@jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1@jdk.tls.disabledAlgorithms=SSLv3@" /etc/java-17-openjdk/security/java.security - -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/chen /opt/chen - -WORKDIR /opt/chen - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -VOLUME /opt/chen/data - -COPY chen/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 8082 - -STOPSIGNAL SIGQUIT - -CMD [ "wisp" ] diff --git a/chen/entrypoint.sh b/chen/entrypoint.sh deleted file mode 100755 index 3965b64..0000000 --- a/chen/entrypoint.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -export GIN_MODE=release -export WORK_DIR=/opt/chen -export COMPONENT_NAME=chen -export WISP_TRACE_PROCESS=1 -export EXECUTE_PROGRAM="java -Dfile.encoding=utf-8 -XX:+ExitOnOutOfMemoryError -jar /opt/chen/chen.jar --mock.enable=false" - -if [ ! "$LOG_LEVEL" ]; then - LOG_LEVEL=ERROR -fi - -sed -i "s@root: INFO@root: ${LOG_LEVEL}@g" /opt/chen/config/application.yml - -exec "$@" \ No newline at end of file diff --git a/core/Dockerfile b/core/Dockerfile deleted file mode 100644 index 5f2bf2c..0000000 --- a/core/Dockerfile +++ /dev/null @@ -1,149 +0,0 @@ -FROM python:3.11-slim-bookworm AS stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - git \ - git-lfs \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f /opt/*.tar.gz - -ARG VERSION=v4.1.0 -ENV VERSION=$VERSION - -RUN set -e \ - && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver - -WORKDIR /opt/jumpserver - -RUN set -e \ - && echo > /opt/jumpserver/config.yml \ - && \ - if [ -n "${VERSION}" ]; then \ - sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \ - fi \ - && chmod +x /opt/jumpserver/entrypoint.sh \ - && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github - -FROM python:3.11-slim-bookworm AS stage-2 -ARG TARGETARCH - -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - default-libmysqlclient-dev \ - freetds-dev \ - gettext \ - libkrb5-dev \ - libldap2-dev \ - libsasl2-dev" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ENV PYTHONUNBUFFERED=1 \ - PYTHONDONTWRITEBYTECODE=1 \ - GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=1 - -RUN --mount=type=cache,target=/root/.cache,sharing=locked \ - set -e \ - && pip install poetry \ - && poetry config virtualenvs.create false - -WORKDIR /opt/jumpserver - -COPY --from=stage-1 /opt/jumpserver/poetry.lock /opt/jumpserver/pyproject.toml /opt/jumpserver/ - -RUN --mount=type=cache,target=/root/.cache,sharing=locked \ - set -e \ - && python3 -m venv /opt/py3 \ - && . /opt/py3/bin/activate \ - && poetry install --only=main - -COPY --from=stage-1 /opt/jumpserver /opt/jumpserver - -RUN set -e \ - && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \ - && . /opt/py3/bin/activate \ - && cd apps \ - && python manage.py compilemessages - -FROM python:3.11-slim-bookworm -ENV LANG=en_US.UTF-8 \ - PATH=/opt/py3/bin:$PATH - -ARG DEPENDENCIES=" \ - libldap2-dev \ - libx11-dev" - -ARG TOOLS=" \ - bubblewrap \ - ca-certificates \ - default-libmysqlclient-dev \ - openssh-client \ - sshpass" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && mkdir -p /root/.ssh/ \ - && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-2 /opt /opt -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/ - -WORKDIR /opt/jumpserver - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -VOLUME /opt/jumpserver/data - -COPY core/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 8080 - -STOPSIGNAL SIGQUIT - -CMD ["start", "all"] \ No newline at end of file diff --git a/core/entrypoint.sh b/core/entrypoint.sh deleted file mode 100755 index a1ed257..0000000 --- a/core/entrypoint.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# - -until check tcp://${DB_HOST}:${DB_PORT}; do - echo "wait for jms_mysql ${DB_HOST} ready" - sleep 2s -done - -until check tcp://${REDIS_HOST}:${REDIS_PORT}; do - echo "wait for jms_redis ${REDIS_HOST} ready" - sleep 2s -done - -rm -f /opt/jumpserver/tmp/*.pid - -case "$1" in - start|init_db|upgrade_db) - set -- /opt/jumpserver/jms "$@" - ;; - *) - exec "$@" - ;; -esac - -exec "$@" \ No newline at end of file diff --git a/koko/Dockerfile b/koko/Dockerfile deleted file mode 100644 index 01dbbde..0000000 --- a/koko/Dockerfile +++ /dev/null @@ -1,139 +0,0 @@ -FROM redis:7.0-bookworm AS stage-1 -FROM debian:bookworm-slim AS stage-2 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f /opt/*.tar.gz - -ARG WISP_VERSION=v0.1.22 -RUN set -e \ - && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -ARG USQL_VERSION=v0.0.1 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/usql/releases/download/${USQL_VERSION}/usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/usql \ - && chmod 755 /usr/local/bin/usql \ - && rm -f /opt/*.tar.gz - -ARG MONGOSH_VERSION=2.2.12 -RUN set -e \ - && \ - case "${TARGETARCH}" in \ - amd64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ - ;; \ - arm64|ppc64le|s390x) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ - ;; \ - *) \ - echo "Unsupported architecture: ${TARGETARCH}" \ - ;; \ - esac - -ARG HELM_VERSION=v3.15.2 -ARG KUBECTL_VERSION=v1.30.2 -RUN set -e \ - && wget --quiet -O kubectl.tar.gz https://dl.k8s.io/${KUBECTL_VERSION}/kubernetes-client-linux-${TARGETARCH}.tar.gz \ - && tar -xf kubectl.tar.gz --strip-components=3 -C /opt kubernetes/client/bin/kubectl \ - && mv kubectl /usr/local/bin/rawkubectl \ - && mkdir /opt/kubectl-aliases/ \ - && wget --quiet https://github.com/ahmetb/kubectl-aliases/raw/master/.kubectl_aliases \ - && mv .kubectl_aliases /opt/kubectl-aliases/ \ - && chown -R root:root /opt/kubectl-aliases/ \ - && wget --quiet https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz --strip-components=1 linux-${TARGETARCH}/helm \ - && mv helm /usr/local/bin/rawhelm \ - && chmod 755 /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \ - && chown root:root /usr/local/bin/rawhelm /usr/local/bin/rawkubectl \ - && rm -f /opt/*.tar.gz - -WORKDIR /opt/koko - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -RUN set -e \ - && cd /opt \ - && wget --quiet https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf koko-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/koko/ --strip-components=1 \ - && mv /opt/koko/kubectl /usr/local/bin/ \ - && mv /opt/koko/helm /usr/local/bin/ \ - && chmod 755 /usr/local/bin/helm /usr/local/bin/kubectl /opt/koko/init-kubectl.sh \ - && chown root:root /usr/local/bin/helm /usr/local/bin/kubectl \ - && rm -f /opt/*.tar.gz - -FROM debian:bookworm-slim -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-1 /usr/local/bin/redis-cli /usr/local/bin/redis-cli -COPY --from=stage-2 /usr/local/bin /usr/local/bin -COPY --from=stage-2 /usr/local/lib /usr/local/lib -COPY --from=stage-2 /opt/koko /opt/koko -COPY --from=stage-2 /opt/kubectl-aliases /opt/kubectl-aliases - -WORKDIR /opt/koko - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -VOLUME /opt/koko/data - -COPY koko/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 2222 5000 - -STOPSIGNAL SIGQUIT - -CMD [ "wisp" ] diff --git a/koko/entrypoint.sh b/koko/entrypoint.sh deleted file mode 100755 index 2f0654c..0000000 --- a/koko/entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -export WORK_DIR=/opt/koko -export COMPONENT_NAME=koko -export WISP_TRACE_PROCESS=1 -export EXECUTE_PROGRAM=/opt/koko/koko - -if [ ! "$LOG_LEVEL" ]; then - export LOG_LEVEL=ERROR -fi - -exec "$@" \ No newline at end of file diff --git a/lion/Dockerfile b/lion/Dockerfile deleted file mode 100644 index 1d8fe1b..0000000 --- a/lion/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -FROM debian:bookworm-slim AS stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f /opt/*.tar.gz - -ARG WISP_VERSION=v0.1.22 -RUN set -e \ - && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -WORKDIR /opt/lion - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -RUN set -e \ - && cd /opt \ - && wget --quiet https://github.com/jumpserver/lion/releases/download/${VERSION}/lion-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf lion-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/lion --strip-components=1 \ - && chown -R root:root /opt/lion \ - && rm -f /opt/*.tar.gz - -FROM debian:bookworm-slim -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates" - -USER root - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/lion /opt/lion - -WORKDIR /opt/lion - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -VOLUME /opt/lion/data - -COPY lion/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 8081 - -STOPSIGNAL SIGQUIT - -CMD ["wisp"] diff --git a/lion/entrypoint.sh b/lion/entrypoint.sh deleted file mode 100755 index 4631935..0000000 --- a/lion/entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -export WORK_DIR=/opt/lion -export COMPONENT_NAME=lion -export WISP_TRACE_PROCESS=1 -export EXECUTE_PROGRAM=/opt/lion/lion - -if [ ! "$LOG_LEVEL" ]; then - export LOG_LEVEL=ERROR -fi - -exec "$@" \ No newline at end of file From 2b5c7026cb71796260dde6e96ea65168a3807432 Mon Sep 17 00:00:00 2001 From: fit2bot Date: Tue, 10 Sep 2024 16:02:02 +0800 Subject: [PATCH 05/10] pref: mv readme position --- README.md | 221 +----------------- allinone/README.md | 48 +--- allinone/demo_run.sh | 4 +- allinone/docker-compose.yml | 88 ------- allinone/entrypoint.sh | 12 + allinone/service.sh | 2 +- docker-compose-build.yml | 161 ------------- swarm/README.md | 121 ++++++++++ .../config_example.conf | 0 .../docker-compose-init-db.yml | 0 .../docker-compose-mariadb.yml | 0 .../docker-compose-network.yml | 0 .../docker-compose-redis.yml | 0 .../docker-compose.yml | 0 web/Dockerfile | 79 ------- web/entrypoint.sh | 13 -- web/nginx.conf | 121 ---------- 17 files changed, 158 insertions(+), 712 deletions(-) delete mode 100644 allinone/docker-compose.yml delete mode 100644 docker-compose-build.yml create mode 100644 swarm/README.md rename config_example.conf => swarm/config_example.conf (100%) rename docker-compose-init-db.yml => swarm/docker-compose-init-db.yml (100%) rename docker-compose-mariadb.yml => swarm/docker-compose-mariadb.yml (100%) rename docker-compose-network.yml => swarm/docker-compose-network.yml (100%) rename docker-compose-redis.yml => swarm/docker-compose-redis.yml (100%) rename docker-compose.yml => swarm/docker-compose.yml (100%) delete mode 100644 web/Dockerfile delete mode 100755 web/entrypoint.sh delete mode 100644 web/nginx.conf diff --git a/README.md b/README.md index 36ddb16..384ffc1 100644 --- a/README.md +++ b/README.md @@ -13,226 +13,29 @@ -------------------------- ## 环境要求 -- MariaDB Server >= 10.6 +- PostgreSQL >= 13 或 MariaDB Server >= 10.6 - Redis Server >= 6.0 ## 快速部署 ```sh # 测试环境可以使用,生产环境推荐外置数据 -git clone --depth=1 https://github.com/jumpserver/Dockerfile.git -cd Dockerfile -cp config_example.conf .env -docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up -docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d - -docker rm jms_init_db -``` - -## 标准部署 - -> 请先自行创建 数据库 和 Redis, 版本要求参考上面环境要求说明 - -```sh -# 自行部署 MySQL 可以参考 (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#mysql) -# mysql 创建用户并赋予权限, 请自行替换 nu4x599Wq7u0Bn8EABh3J91G 为自己的密码 -mysql -u root -p -``` - -```mysql -create database jumpserver default charset 'utf8'; -create user 'jumpserver'@'%' identified by 'nu4x599Wq7u0Bn8EABh3J91G'; -grant all on jumpserver.* to 'jumpserver'@'%'; -flush privileges; -``` - -```sh -# 自行部署 Redis 可以参考 (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#redis) -``` - -```sh -git clone --depth=1 https://github.com/jumpserver/Dockerfile.git -cd Dockerfile -cp config_example.conf .env -vi .env +docker volume create jsdata +docker run --name jms_all \ + -v jsdata:/opt/data \ + -p 2222:2222 \ + -p 80:80 jumpserver/jms_all ``` -```vim -# 版本号可以自己根据项目的版本修改 -VERSION=v4.1.0 -# 构建参数, 支持 amd64, arm64, ppc64le, s390x -TARGETARCH=amd64 +更多 详见 allinone 目录 README -# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay -COMPOSE_PROJECT_NAME=jms -# COMPOSE_HTTP_TIMEOUT=3600 -# DOCKER_CLIENT_TIMEOUT=3600 -DOCKER_SUBNET=192.168.250.0/24 -NETWORK_DRIVER=overlay - -# 持久化存储 -VOLUME_DIR=/opt/jumpserver - -# 时区 -TZ=Asia/Shanghai - -# MySQL -DB_HOST=mysql -DB_PORT=3306 -DB_USER=root -DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G -DB_NAME=jumpserver - -# Redis -REDIS_HOST=redis -REDIS_PORT=6379 -REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj - -# Core -SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy -BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO -LOG_LEVEL=ERROR -DOMAINS= - -# 组件通信 -CORE_HOST=http://core:8080 - -# Lion -GUACD_LOG_LEVEL=error -GUA_HOST=guacd -GUA_PORT=4822 +## 标准部署 -# Web -HTTP_PORT=80 -SSH_PORT=2222 +请使用 jumpserver installer 部署 -## -# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... -``` -```sh -docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up -docker compose -f docker-compose-network.yml -f docker-compose.yml up -d +https://docs.jumpserver.org/zh/v3/quick_start/ -docker rm jms_init_db -``` ## 集群部署 -- Docker Swarm 集群环境 -- 自行创建 MySQL 和 Redis, 参考上面环境要求说明 -- 自行创建持久化共享存储目录 ( 例如 NFS, GlusterFS, Ceph 等 ) - -```sh -# 在所有 Docker Swarm Worker 节点挂载 NFS 或者其他共享存储, 例如 /data/jumpserver -# 注意: 需要手动创建所有需要挂载的持久化目录, Docker Swarm 模式不会自动创建所需的目录 -mkdir -p /data/jumpserver/core/data -mkdir -p /data/jumpserver/chen/data -mkdir -p /data/jumpserver/lion/data -mkdir -p /data/jumpserver/koko/data -mkdir -p /data/jumpserver/lion/data -mkdir -p /data/jumpserver/web/data/logs -mkdir -p /data/jumpserver/web/download -``` -```sh -git clone --depth=1 https://github.com/jumpserver/Dockerfile.git -cd Dockerfile -cp config_example.conf .env -vi .env -``` -```vim -# 版本号可以自己根据项目的版本修改 -VERSION=v4.1.0 - -# 构建参数, 支持 amd64, arm64, ppc64le, s390x -TARGETARCH=amd64 - -# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay -COMPOSE_PROJECT_NAME=jms -# COMPOSE_HTTP_TIMEOUT=3600 -# DOCKER_CLIENT_TIMEOUT=3600 -DOCKER_SUBNET=192.168.250.0/24 -NETWORK_DRIVER=overlay - -# 持久化存储 -VOLUME_DIR=/opt/jumpserver - -# 时区 -TZ=Asia/Shanghai - -# MySQL -DB_HOST=mysql -DB_PORT=3306 -DB_USER=root -DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G -DB_NAME=jumpserver - -# Redis -REDIS_HOST=redis -REDIS_PORT=6379 -REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj - -# Core -SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy -BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO -LOG_LEVEL=ERROR -DOMAINS= - -# 组件通信 -CORE_HOST=http://core:8080 - -# Lion -GUACD_LOG_LEVEL=error -GUA_HOST=guacd -GUA_PORT=4822 - -# Web -HTTP_PORT=80 -SSH_PORT=2222 - -## -# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... -``` -```sh -# 生成 docker stack 部署所需文件 -docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml -docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml -``` -```sh -# 初始化数据库 -docker stack deploy -c docker-stack-init-db.yml jumpserver -docker service ls -docker service ps jumpserver_init_db - -# 根据查到的 Worker 节点, 到对应节点查看初始化日志 -``` -```sh -# 启动 JumpServer 应用 -docker stack deploy -c docker-stack.yml jumpserver -docker service ls -``` -```sh -# 扩容缩容 -docker service update --replicas=2 jumpserver_koko # 扩容 koko 到 2 个副本 -docker service update --replicas=4 jumpserver_lion # 扩容 lion 到 2 个副本 -# ... -``` - -## Build -```sh -# 如果希望手动构建镜像, 可以使用下面的命令 -cd Dockerfile -cp config_example.conf .env -vi .env -``` -```vim -# 构建参数, 支持 amd64/arm64 -TARGETARCH=amd64 -``` -```bash -docker compose -f docker-compose-build.yml up -``` - -## 初始账号 -- 默认账号: `admin` -- 默认密码: `ChangeMe` \ No newline at end of file +JumpServer 支持 swarm 方式部署,但目前不太推荐用于生产环境,除非你对此熟悉 +见 swarm 目录 README diff --git a/allinone/README.md b/allinone/README.md index f89410d..f35843a 100644 --- a/allinone/README.md +++ b/allinone/README.md @@ -11,14 +11,18 @@ JumpServer all-in-one Dockerfile,该项目是 JumpServer all-in-one 部署方 **注意: all-in-one 部署方式不支持 Client 相关功能, 仅支持在 纯 B/S 架构 Web 端使用。** ```sh -docker compose up -d +docker volume create jsdata +docker run --name jms_all \ + -v jsdata:/opt/data \ + -p 2222:2222 \ + -p 80:80 jumpserver/jms_all ``` ### Standard start 使用外置 MySQL 数据库和 Redis: - - 外置数据库要求 MariaDB 版本大于等于 10.6; + - 外置数据库要求 MariaDB 版本大于等于 10.6 或者 PosgresSQL 13; - 外置 Redis 要求 Redis 版本大于等于 6.2。 ```sh @@ -66,16 +70,14 @@ flush privileges; **启动 JumpServer** ```bash +docker volume create jsdata + docker run --name jms_all -d \ - -v /opt/jumpserver/core/data:/opt/jumpserver/data \ - -v /opt/jumpserver/koko/data:/opt/koko/data \ - -v /opt/jumpserver/lion/data:/opt/lion/data \ -p 80:80 \ -p 2222:2222 \ - -p 30000-30100:30000-30100 \ -e SECRET_KEY=xxxxxx \ -e BOOTSTRAP_TOKEN=xxxxxx \ - -e LOG_LEVEL=ERROR \ + -e LOG_LEVEL=INFO \ -e DB_HOST=192.168.x.x \ -e DB_PORT=3306 \ -e DB_USER=jumpserver \ @@ -85,12 +87,7 @@ docker run --name jms_all -d \ -e REDIS_PORT=6379 \ -e REDIS_PASSWORD=weakPassword \ --privileged=true \ - -v /opt/jumpserver/core/data:/opt/jumpserver/data \ - -v /opt/jumpserver/koko/data:/opt/koko/data \ - -v /opt/jumpserver/lion/data:/opt/lion/data \ - -v /opt/jumpserver/chen/data:/opt/chen/data \ - -v /opt/jumpserver/web/data/logs:/var/log/nginx \ - -v /opt/jumpserver/web/data/download:/opt/download \ + -v jsdata:/opt/data \ jumpserver/jms_all:v4.1.0 ``` @@ -112,30 +109,7 @@ docker pull jumpserver/jms_all:v4.1.0 # 删掉旧版本容器 docker rm jms_all -# 启动新版本 -docker run --name jms_all -d \ - -p 80:80 \ - -p 2222:2222 \ - -p 30000-30100:30000-30100 \ - -e SECRET_KEY=****** \ # 自行修改成你的旧版本 SECRET_KEY, 丢失此 key 会导致数据无法解密 - -e BOOTSTRAP_TOKEN=****** \ # 自行修改成你的旧版本 BOOTSTRAP_TOKEN - -e LOG_LEVEL=ERROR \ - -e DB_HOST=192.168.x.x \ # 自行修改成你的旧版本 MySQL 服务器, 设置不对数据丢失 - -e DB_PORT=3306 \ - -e DB_USER=jumpserver \ - -e DB_PASSWORD=****** \ - -e DB_NAME=jumpserver \ - -e REDIS_HOST=192.168.x.x \ # 自行修改成你的旧版本 Redis 服务器 - -e REDIS_PORT=6379 \ - -e REDIS_PASSWORD=****** \ - --privileged=true \ - -v /opt/jumpserver/core/data:/opt/jumpserver/data \ - -v /opt/jumpserver/koko/data:/opt/koko/data \ - -v /opt/jumpserver/lion/data:/opt/lion/data \ - -v /opt/jumpserver/chen/data:/opt/chen/data \ - -v /opt/jumpserver/web/data/logs:/var/log/nginx \ - -v /opt/jumpserver/web/data/download:/opt/download \ - jumpserver/jms_all:v4.1.0 +# 重新启动新版本 ``` **初始账号** diff --git a/allinone/demo_run.sh b/allinone/demo_run.sh index 267cc8c..461d742 100755 --- a/allinone/demo_run.sh +++ b/allinone/demo_run.sh @@ -3,6 +3,4 @@ docker volume create jsdata &> /dev/null docker run --name jumpserver \ -v jsdata:/opt/data \ - -e DOMAINS=localhost:8085,jumpserver-test.fit2cloud.com:8085 \ - -p 8085:80 \ - -p 8086:8080 jumpserver/jms_all + -p 80:80 jumpserver/jms_all diff --git a/allinone/docker-compose.yml b/allinone/docker-compose.yml deleted file mode 100644 index 68fc01a..0000000 --- a/allinone/docker-compose.yml +++ /dev/null @@ -1,88 +0,0 @@ -services: - mysql: - image: mariadb:10.6 - container_name: jms_mysql - restart: always - environment: - TZ: ${TZ:-Asia/Shanghai} - MARIADB_ROOT_PASSWORD: ${DB_PASSWORD:-Np2qgqtiUayA857GpuVI0Wtg} - MARIADB_DATABASE: ${DB_NAME:-jumpserver} - healthcheck: - test: "mysql -h127.0.0.1 -uroot -p$$MARIADB_ROOT_PASSWORD -e 'SHOW DATABASES;'" - interval: 10s - timeout: 5s - retries: 3 - start_period: 30s - volumes: - - ${VOLUME_DIR:-./data}/mariadb/data:/var/lib/mysql - networks: - - net - - redis: - image: redis:7.0 - container_name: jms_redis - restart: always - command: redis-server --requirepass ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt} - environment: - TZ: ${TZ:-Asia/Shanghai} - REDIS_PASSWORD: ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt} - healthcheck: - test: "redis-cli -h 127.0.0.1 -a $$REDIS_PASSWORD info Replication" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR:-./data}/redis/data:/data - networks: - - net - - jumpserver: - image: jumpserver/jms_all:${VERSION:-latest} - build: - context: . - dockerfile: Dockerfile - container_name: jms_all - privileged: true - restart: always - environment: - TIME_ZONE: ${TZ:-Asia/Shanghai} - TZ: ${TZ:-Asia/Shanghai} - SECRET_KEY: ${SECRET_KEY:-vYneAbsXUhe4BghEeedNL7nfWLwaTTmhnwQMvjYOIG25Ofzghk} - BOOTSTRAP_TOKEN: ${BOOTSTRAP_TOKEN:-K1ffDfLSIK8SV2PZj6VaxOiv8KuawlJK} - LOG_LEVEL: ${LOG_LEVEL:-ERROR} - DB_HOST: ${DB_HOST:-mysql} - DB_PORT: ${DB_PORT:-3306} - DB_USER: ${DB_USER:-root} - DB_PASSWORD: ${DB_PASSWORD:-Np2qgqtiUayA857GpuVI0Wtg} - DB_NAME: ${DB_NAME:-jumpserver} - REDIS_HOST: ${REDIS_HOST:-redis} - REDIS_PORT: ${REDIS_PORT:-6379} - REDIS_PASSWORD: ${REDIS_PASSWORD:-KoJqlTDu1d5HwfXgJ4QTbZQt} - DOMAINS: ${DOMAINS:-} - ports: - - ${HTTP_PORT:-80}:80/tcp - - ${SSH_PORT:-2222}:2222/tcp - depends_on: - mysql: - condition: service_healthy - redis: - condition: service_healthy - healthcheck: - test: "curl -fsL http://localhost/api/health/ > /dev/null" - interval: 10s - timeout: 5s - retries: 3 - start_period: 90s - volumes: - - ${VOLUME_DIR:-./data}/core/data:/opt/jumpserver/data - - ${VOLUME_DIR:-./data}/koko/data:/opt/koko/data - - ${VOLUME_DIR:-./data}/lion/data:/opt/lion/data - - ${VOLUME_DIR:-./data}/chen/data:/opt/chen/data - - ${VOLUME_DIR:-./data}/web/data/logs:/var/log/nginx - - ${VOLUME_DIR:-./data}/web/data/download:/opt/download - networks: - - net - -networks: - net: \ No newline at end of file diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index e5abe81..e9b535b 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -55,6 +55,7 @@ function prepare_data_persist() { } function upgrade_db() { + echo ">> Update database structure" cd /opt/jumpserver || exit 1 ./jms upgrade_db || { echo -e "\033[31m Failed to change the table structure. \033[0m" @@ -69,6 +70,17 @@ prepare_data_persist # start other service source ${cwd}/service.sh + +until check tcp://${DB_HOST}:${DB_PORT}; do + echo "wait for database ${DB_HOST} ready" + sleep 2s +done + +until check tcp://${REDIS_HOST}:${REDIS_PORT}; do + echo "wait for redis ${REDIS_HOST} ready" + sleep 2s +done + upgrade_db echo diff --git a/allinone/service.sh b/allinone/service.sh index 03391f5..ea03201 100644 --- a/allinone/service.sh +++ b/allinone/service.sh @@ -8,7 +8,7 @@ function init_pg() { DB_ENGINE=${DB_ENGINE:-postgresql} DB_HOST=${DB_HOST:-127.0.0.1} DB_PORT=${DB_PORT:-5432} - DB_USER=${DB_USER:-postgre} + DB_USER=${DB_USER:-postgres} export DB_NAME DB_PASSWORD DB_ENGINE DB_HOST DB_PORT DB_USER diff --git a/docker-compose-build.yml b/docker-compose-build.yml deleted file mode 100644 index 9c2746e..0000000 --- a/docker-compose-build.yml +++ /dev/null @@ -1,161 +0,0 @@ -services: - core: - build: - context: . - dockerfile: core/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_core:${VERSION} - container_name: jms_core - restart: always - command: start web - env_file: .env - healthcheck: - test: "check http://localhost:8080/api/health/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 60s - volumes: - - ${VOLUME_DIR}/core/data:/opt/jumpserver/data - networks: - - net - - celery: - image: jumpserver/jms_core:${VERSION} - container_name: jms_celery - restart: always - command: start task - env_file: .env - depends_on: - core: - condition: service_healthy - healthcheck: - test: "bash /opt/jumpserver/utils/check_celery.sh" - interval: 10s - timeout: 10s - retries: 3 - start_period: 30s - volumes: - - ${VOLUME_DIR}/core/data:/opt/jumpserver/data - networks: - - net - - koko: - build: - context: . - dockerfile: koko/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_koko:${VERSION} - container_name: jms_koko - restart: always - privileged: true - env_file: .env - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check http://localhost:5000/koko/health/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR}/koko/data:/opt/koko/data - ports: - - ${SSH_PORT:-2222}:2222 - networks: - - net - - guacd: - image: jumpserver/guacd:1.5.5-bookworm - container_name: jms_guacd - user: root - restart: always - env_file: .env - volumes: - - ${VOLUME_DIR}/lion/data:/opt/lion/data - networks: - - net - - lion: - build: - context: . - dockerfile: lion/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_lion:${VERSION} - container_name: jms_lion - restart: always - env_file: .env - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check http://localhost:8081/lion/health/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR}/lion/data:/opt/lion/data - networks: - - net - - chen: - build: - context: . - dockerfile: chen/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_chen:${VERSION} - container_name: jms_chen - restart: always - env_file: .env - volumes: - - ${VOLUME_DIR}/chen/data:/opt/chen/data - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check http://localhost:8082/chen/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 60s - networks: - - net - - web: - build: - context: . - dockerfile: web/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_web:${VERSION} - container_name: jms_web - restart: always - env_file: .env - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check http://localhost/api/health/ " - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR}/core/data:/opt/jumpserver/data - - ${VOLUME_DIR}/web/data/logs:/var/log/nginx - - ${VOLUME_DIR}/web/data/download:/opt/download - ports: - - ${HTTP_PORT:-80}:80 - networks: - - net \ No newline at end of file diff --git a/swarm/README.md b/swarm/README.md new file mode 100644 index 0000000..b5bffcd --- /dev/null +++ b/swarm/README.md @@ -0,0 +1,121 @@ +## 集群部署 + +- Docker Swarm 集群环境 +- 自行创建 MySQL 和 Redis, 参考上面环境要求说明 +- 自行创建持久化共享存储目录 ( 例如 NFS, GlusterFS, Ceph 等 ) + +```sh +# 在所有 Docker Swarm Worker 节点挂载 NFS 或者其他共享存储, 例如 /data/jumpserver +# 注意: 需要手动创建所有需要挂载的持久化目录, Docker Swarm 模式不会自动创建所需的目录 +mkdir -p /data/jumpserver/core/data +mkdir -p /data/jumpserver/chen/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/koko/data +mkdir -p /data/jumpserver/lion/data +mkdir -p /data/jumpserver/web/data/logs +mkdir -p /data/jumpserver/web/download +``` +```sh +git clone --depth=1 https://github.com/jumpserver/Dockerfile.git +cd Dockerfile/swarm +cp config_example.conf .env +vi .env +``` + +```vim +# 版本号可以自己根据项目的版本修改 +VERSION=v4.1.0 + +# 构建参数, 支持 amd64, arm64, ppc64le, s390x +TARGETARCH=amd64 + +# Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay +COMPOSE_PROJECT_NAME=jms +# COMPOSE_HTTP_TIMEOUT=3600 +# DOCKER_CLIENT_TIMEOUT=3600 +DOCKER_SUBNET=192.168.250.0/24 +NETWORK_DRIVER=overlay + +# 持久化存储 +VOLUME_DIR=/opt/jumpserver + +# 时区 +TZ=Asia/Shanghai + +# MySQL +DB_HOST=mysql +DB_PORT=3306 +DB_USER=root +DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G +DB_NAME=jumpserver + +# Redis +REDIS_HOST=redis +REDIS_PORT=6379 +REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj + +# Core +SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy +BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO +LOG_LEVEL=ERROR +DOMAINS= + +# 组件通信 +CORE_HOST=http://core:8080 + +# Lion +GUACD_LOG_LEVEL=error +GUA_HOST=guacd +GUA_PORT=4822 + +# Web +HTTP_PORT=80 +SSH_PORT=2222 + +## +# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... +``` +```sh +# 生成 docker stack 部署所需文件 +docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml +docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml +``` +```sh +# 初始化数据库 +docker stack deploy -c docker-stack-init-db.yml jumpserver +docker service ls +docker service ps jumpserver_init_db + +# 根据查到的 Worker 节点, 到对应节点查看初始化日志 +``` +```sh +# 启动 JumpServer 应用 +docker stack deploy -c docker-stack.yml jumpserver +docker service ls +``` +```sh +# 扩容缩容 +docker service update --replicas=2 jumpserver_koko # 扩容 koko 到 2 个副本 +docker service update --replicas=4 jumpserver_lion # 扩容 lion 到 2 个副本 +# ... +``` + +## Build +```sh +# 如果希望手动构建镜像, 可以使用下面的命令 +cd Dockerfile +cp config_example.conf .env +vi .env +``` +```vim +# 构建参数, 支持 amd64/arm64 +TARGETARCH=amd64 +``` +```bash +docker compose -f docker-compose-build.yml up +``` + +## 初始账号 +- 默认账号: `admin` +- 默认密码: `ChangeMe` \ No newline at end of file diff --git a/config_example.conf b/swarm/config_example.conf similarity index 100% rename from config_example.conf rename to swarm/config_example.conf diff --git a/docker-compose-init-db.yml b/swarm/docker-compose-init-db.yml similarity index 100% rename from docker-compose-init-db.yml rename to swarm/docker-compose-init-db.yml diff --git a/docker-compose-mariadb.yml b/swarm/docker-compose-mariadb.yml similarity index 100% rename from docker-compose-mariadb.yml rename to swarm/docker-compose-mariadb.yml diff --git a/docker-compose-network.yml b/swarm/docker-compose-network.yml similarity index 100% rename from docker-compose-network.yml rename to swarm/docker-compose-network.yml diff --git a/docker-compose-redis.yml b/swarm/docker-compose-redis.yml similarity index 100% rename from docker-compose-redis.yml rename to swarm/docker-compose-redis.yml diff --git a/docker-compose.yml b/swarm/docker-compose.yml similarity index 100% rename from docker-compose.yml rename to swarm/docker-compose.yml diff --git a/web/Dockerfile b/web/Dockerfile deleted file mode 100644 index 9fd2ff6..0000000 --- a/web/Dockerfile +++ /dev/null @@ -1,79 +0,0 @@ -FROM debian:bookworm-slim AS stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - curl \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f /opt/*.tar.gz - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -RUN set -e \ - && mkdir -p /opt/lina /opt/luna \ - && wget --quiet https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ - && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ - && wget --quiet https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ - && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ - && rm -f /opt/*.tar.gz - -RUN set -e \ - && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ - && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ - && chown root:root /opt/prepare.sh \ - && chmod 755 /opt/prepare.sh - -COPY web/entrypoint.sh . -RUN chmod 755 ./entrypoint.sh - -FROM nginx:1.25-bookworm -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates \ - logrotate" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt /opt -COPY web/nginx.conf /etc/nginx/ - -WORKDIR /opt - -ARG VERSION=v4.1.0 -ENV VERSION=${VERSION} - -VOLUME /opt/download -VOLUME /var/log/nginx - -COPY web/entrypoint.sh /docker-entrypoint.d/99-check-core-ready.sh \ No newline at end of file diff --git a/web/entrypoint.sh b/web/entrypoint.sh deleted file mode 100755 index 826af77..0000000 --- a/web/entrypoint.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -if [ -f "/etc/init.d/cron" ]; then - /etc/init.d/cron start -fi \ No newline at end of file diff --git a/web/nginx.conf b/web/nginx.conf deleted file mode 100644 index da808d2..0000000 --- a/web/nginx.conf +++ /dev/null @@ -1,121 +0,0 @@ -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - proxy_cache_path /var/cache/nginx/proxy_cache levels=1:1:1 keys_zone=cache:10m max_size=2g; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - gzip on; - server_tokens off; - - server { - listen 80; - server_name _; - - proxy_cache cache; - proxy_cache_key $host$request_uri; - proxy_cache_methods GET HEAD; - proxy_cache_valid 200 302 720m; - proxy_cache_valid 404 1m; - proxy_cache_use_stale http_502; - - client_max_body_size 4096m; # 录像及文件上传大小限制 - - location = /robots.txt { - default_type text/html; - add_header Content-Type "text/plain; charset=UTF-8"; - return 200 "User-agent: *\nDisallow: /\n"; - } - - location /download/ { - alias /opt/download/; - try_files $uri @redirect_oss; - } - - location @redirect_oss { - rewrite ^/download/(.*)$ https://static.jumpserver.org/download/$1 permanent; - } - - location /private-media/ { - internal; - alias /opt/jumpserver/data/media/; - } - location /ui/ { - try_files $uri / /index.html; - alias /opt/lina/; - } - location /luna/ { - try_files $uri / /index.html; - alias /opt/luna/; - } - location /static/ { - root /opt/jumpserver/data/; - } - location /koko/ { - proxy_pass http://koko:5000; - proxy_buffering off; - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /lion/ { - proxy_pass http://lion:8081; - proxy_buffering off; - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /chen/ { - proxy_pass http://chen:8082; - proxy_buffering off; - proxy_http_version 1.1; - proxy_request_buffering off; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location /ws/ { - proxy_pass http://core:8080; - proxy_buffering off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location ~ ^/(core|api|media)/ { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://core:8080; - } - location / { - rewrite ^/(.*)$ /ui/$1 last; - } - } -} From 5bf9dd2f625c5eba89b277d1e7fc188c71e153f8 Mon Sep 17 00:00:00 2001 From: fit2bot Date: Tue, 10 Sep 2024 16:04:13 +0800 Subject: [PATCH 06/10] docs: add docs --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 384ffc1..00d374f 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ docker run --name jms_all \ -p 80:80 jumpserver/jms_all ``` -更多 详见 allinone 目录 README +更多 详见 allinone 目录 [README](allinone) ## 标准部署 From 2b9560b6fdad7aadfbb744e124401634b54f0b82 Mon Sep 17 00:00:00 2001 From: fit2bot Date: Tue, 10 Sep 2024 16:05:10 +0800 Subject: [PATCH 07/10] docs: add url --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 00d374f..1b980bb 100644 --- a/README.md +++ b/README.md @@ -37,5 +37,6 @@ https://docs.jumpserver.org/zh/v3/quick_start/ ## 集群部署 -JumpServer 支持 swarm 方式部署,但目前不太推荐用于生产环境,除非你对此熟悉 -见 swarm 目录 README +JumpServer 支持 swarm 方式部署,但目前不太推荐用于生产环境,除非你对此熟悉 . + +详见 swarm 目录 [README](swarm) From c9704840b6d5cccd58d1df493d17983377859b1d Mon Sep 17 00:00:00 2001 From: fit2bot Date: Tue, 10 Sep 2024 17:22:08 +0800 Subject: [PATCH 08/10] doc: add english readme --- README.md | 21 ++-- README_EN.md | 223 ++++-------------------------------------- allinone/README.md | 4 +- allinone/README_EN.md | 119 ++++++++++++++++++++++ swarm/README.md | 15 --- 5 files changed, 153 insertions(+), 229 deletions(-) create mode 100644 allinone/README_EN.md diff --git a/README.md b/README.md index 1b980bb..8dd5f2a 100644 --- a/README.md +++ b/README.md @@ -12,21 +12,28 @@ -------------------------- -## 环境要求 -- PostgreSQL >= 13 或 MariaDB Server >= 10.6 -- Redis Server >= 6.0 -## 快速部署 +## all-in-one 快速部署 +测试环境可以使用,生产环境推荐使用 标准部署 + ```sh -# 测试环境可以使用,生产环境推荐外置数据 docker volume create jsdata docker run --name jms_all \ + -e SECRET_KEY=PleaseChangeMe \ + -e BOOTSTRAP_TOKEN=PleaseChangeMe \ -v jsdata:/opt/data \ -p 2222:2222 \ -p 80:80 jumpserver/jms_all ``` -更多 详见 allinone 目录 [README](allinone) +**初始账号** +```bash +默认账号: admin +默认密码: ChangeMe +``` + +更多详见 allinone [README](allinone) + ## 标准部署 @@ -39,4 +46,4 @@ https://docs.jumpserver.org/zh/v3/quick_start/ JumpServer 支持 swarm 方式部署,但目前不太推荐用于生产环境,除非你对此熟悉 . -详见 swarm 目录 [README](swarm) +详见 swarm [README](swarm) diff --git a/README_EN.md b/README_EN.md index bac9b07..991c516 100644 --- a/README_EN.md +++ b/README_EN.md @@ -1,7 +1,8 @@ +

JumpServer

-

A better bastion host for multi-cloud environments

+

A Better Bastion Host for Multi-Cloud Environments

License: GPLv3 @@ -12,219 +13,29 @@ -------------------------- -## Environment Requirements -- MariaDB Server >= 10.6 -- Redis Server >= 6.0 - -## Quick Deployment -```sh -# Suitable for testing environment, for production environment, it is recommended to use external data -git clone --depth=1 https://github.com/jumpserver/Dockerfile.git -cd Dockerfile -cp config_example.conf .env -docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose-init-db.yml up -docker compose -f docker-compose-network.yml -f docker-compose-redis.yml -f docker-compose-mariadb.yml -f docker-compose.yml up -d - -docker rm jms_init_db -``` - -## Standard Deployment - -> Please create the database and Redis yourself first, the version requirements refer to the above environment requirements +## all-in-one Quick Deployment +This can be used for testing environments. For production environments, it is recommended to use the standard deployment. ```sh -# For deploying MySQL yourself, you can refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#mysql) -# Create a MySQL user and grant permissions, please replace nu4x599Wq7u0Bn8EABh3J91G with your own password -mysql -u root -p +docker volume create jsdata +docker run --name jms_all \ + -e SECRET_KEY=PleaseChangeMe \ + -e BOOTSTRAP_TOKEN=PleaseChangeMe \ + -v jsdata:/opt/data \ + -p 2222:2222 \ + -p 80:80 jumpserver/jms_all ``` -```mysql -create database jumpserver default charset 'utf8'; -create user 'jumpserver'@'%' identified by 'nu4x599Wq7u0Bn8EABh3J91G'; -grant all on jumpserver.* to 'jumpserver'@'%'; -flush privileges; -``` - -```sh -# For deploying Redis yourself, you can refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#redis). -``` - -```sh -git clone --depth=1 https://github.com/jumpserver/Dockerfile.git -cd Dockerfile -cp config_example.conf .env -vi .env -``` -```vim -# You can modify the version number according to the project version -VERSION=v4.1.0 +For more details, see the all-in-one [README](allinone). -# Build parameters, support amd64, arm64, ppc64le, s390x -TARGETARCH=amd64 - -# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay -COMPOSE_PROJECT_NAME=jms -# COMPOSE_HTTP_TIMEOUT=3600 -# DOCKER_CLIENT_TIMEOUT=3600 -DOCKER_SUBNET=192.168.250.0/24 -NETWORK_DRIVER=bridge - -# Persistent storage -VOLUME_DIR=/opt/jumpserver - -# Time zone -TZ=Asia/Shanghai - -# MySQL -DB_HOST=mysql -DB_PORT=3306 -DB_USER=root -DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G -DB_NAME=jumpserver - -# Redis -REDIS_HOST=redis -REDIS_PORT=6379 -REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj - -# Core -SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy -BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO -LOG_LEVEL=ERROR -DOMAINS= - -CORE_HOST=http://core:8080 - -# Lion -GUACD_LOG_LEVEL=error -GUA_HOST=guacd -GUA_PORT=4822 +## Standard Deployment -# Web -HTTP_PORT=80 -SSH_PORT=2222 +Please use the JumpServer installer for deployment. -## -# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. -# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ... -``` -```sh -docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml up -docker compose -f docker-compose-network.yml -f docker-compose.yml up -d - -docker rm jms_init_db -``` +https://docs.jumpserver.org/zh/v3/quick_start/ ## Cluster Deployment -- Docker Swarm cluster environment -- Create MySQL and Redis yourself, refer to the above environment requirements -- Create a persistent shared storage directory yourself (such as NFS, GlusterFS, Ceph, etc.) - -```sh -# Mount NFS or other shared storage on all Docker Swarm Worker nodes, such as /data/jumpserver -# Note: You need to manually create all the persistent directories that need to be mounted, Docker Swarm mode will not automatically create the required directories -mkdir -p /data/jumpserver/core/data -mkdir -p /data/jumpserver/chen/data -mkdir -p /data/jumpserver/lion/data -mkdir -p /data/jumpserver/koko/data -mkdir -p /data/jumpserver/lion/data -mkdir -p /data/jumpserver/web/data/logs -mkdir -p /data/jumpserver/web/download -``` -```sh -git clone --depth=1 https://github.com/jumpserver/Dockerfile.git -cd Dockerfile -cp config_example.conf .env -vi .env -``` -```vim -# The version number can be modified according to the version of the project -VERSION=v4.1.0 - -# Build parameters, support amd64, arm64, ppc64le, s390x -TARGETARCH=amd64 - -# For Compose, Swarm mode, modify NETWORK_DRIVER=overlay -COMPOSE_PROJECT_NAME=jms -# COMPOSE_HTTP_TIMEOUT=3600 -# DOCKER_CLIENT_TIMEOUT=3600 -DOCKER_SUBNET=192.168.250.0/24 -NETWORK_DRIVER=overlay - -# Persistent storage -VOLUME_DIR=/opt/jumpserver - -# Time zone -TZ=Asia/Shanghai - -# MySQL -DB_HOST=mysql -DB_PORT=3306 -DB_USER=root -DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G -DB_NAME=jumpserver - -# Redis -REDIS_HOST=redis -REDIS_PORT=6379 -REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj - -# Core -SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy -BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO -LOG_LEVEL=ERROR -DOMAINS= - -CORE_HOST=http://core:8080 - -# Lion -GUACD_LOG_LEVEL=error -GUA_HOST=guacd -GUA_PORT=4822 - -# Web -HTTP_PORT=80 -SSH_PORT=2222 - -## -# SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. -# BOOTSTRAP_TOKEN is the key used for component authentication, only used when the component is registered. The components refer to koko, lion, magnus, kael, chen ... -``` -```sh -# Generate files required for docker stack deployment -docker compose -f docker-compose-network.yml -f docker-compose-init-db.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack-init-db.yml -docker compose -f docker-compose-network.yml -f docker-compose.yml config | sed '/published:/ s/"//g' | sed "/name:/d" > docker-stack.yml -``` -```sh -# Initialize the database -docker stack deploy -c docker-stack-init-db.yml jumpserver -docker service ls -docker service ps jumpserver_init_db - -# According to the found Worker node, check the initialization log on the corresponding node -``` -```sh -# Start JumpServer application -docker stack deploy -c docker-stack.yml jumpserver -docker service ls -``` -```sh -# Scale up and down -docker service update --replicas=2 jumpserver_koko # Scale up koko to 2 replicas -docker service update --replicas=4 jumpserver_lion # Scale up lion to 2 replicas -# ... -``` - -## Build -```vim -# Build parameters, support amd64/arm64 -TARGETARCH=amd64 -``` -```sh -docker compose -f docker-compose-build.yml up -``` +JumpServer supports deployment using Swarm, but it is not highly recommended for production environments unless you are familiar with it. -## Initial Account -- Default username: `admin` -- Default password: `ChangeMe` \ No newline at end of file +For more details, see the Swarm [README](swarm). diff --git a/allinone/README.md b/allinone/README.md index f35843a..70e200c 100644 --- a/allinone/README.md +++ b/allinone/README.md @@ -13,12 +13,14 @@ JumpServer all-in-one Dockerfile,该项目是 JumpServer all-in-one 部署方 ```sh docker volume create jsdata docker run --name jms_all \ + -e SECRET_KEY=PleaseChangeMe \ + -e BOOTSTRAP_TOKEN=PleaseChangeMe \ -v jsdata:/opt/data \ -p 2222:2222 \ -p 80:80 jumpserver/jms_all ``` -### Standard start +### 外置数据库 使用外置 MySQL 数据库和 Redis: diff --git a/allinone/README_EN.md b/allinone/README_EN.md new file mode 100644 index 0000000..b3044c0 --- /dev/null +++ b/allinone/README_EN.md @@ -0,0 +1,119 @@ +# Dockerfile + +This is the Dockerfile for JumpServer all-in-one deployment, a Docker image generation code for the JumpServer all-in-one deployment method. + +## How to start + +When migrating or upgrading the environment, please ensure that the SECRET_KEY is consistent with the previous settings and not randomly generated. Otherwise, all encrypted fields in the database cannot be decrypted. + +### Quick start + +**Note: The all-in-one deployment method does not support Client-related features. It only supports usage on a pure B/S architecture web interface.** + +```sh +docker volume create jsdata +docker run --name jms_all \ + -e SECRET_KEY=PleaseChangeMe \ + -e BOOTSTRAP_TOKEN=PleaseChangeMe \ + -v jsdata:/opt/data \ + -p 2222:2222 \ + -p 80:80 jumpserver/jms_all +``` + +### Standard start + +Using an external MySQL database and Redis: + + - The external database requires MariaDB version 10.6 or higher, or PostgresSQL 13; + - The external Redis requires Redis version 6.2 or higher. + +```sh +# To deploy MySQL yourself, refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#mysql) +# Create a MySQL user and grant privileges, please replace nu4x599Wq7u0Bn8EABh3J91G with your own password +mysql -u root -p +``` + +```mysql +create database jumpserver default charset 'utf8'; +create user 'jumpserver'@'%' identified by 'nu4x599Wq7u0Bn8EABh3J91G'; +grant all on jumpserver.* to 'jumpserver'@'%'; +flush privileges; +``` + +```sh +# To deploy Redis yourself, refer to (https://docs.jumpserver.org/zh/master/install/setup_by_lb/#redis) +``` + +**设置环境变量:** + + - SECRET_KEY = xxxxx # Generate a random string yourself, do not include special characters, length recommended to be at least 50 + - BOOTSTRAP_TOKEN = xxxxx # Generate a random string yourself, do not include special characters, length recommended to be at least 24 + - LOG_LEVEL = ERROR # Log level, set to DEBUG for testing environments + - DB_ENGINE = mysql # Use MySQL database + - DB_HOST = mysql_host # MySQL database IP address + - DB_PORT = 3306 # MySQL database port + - DB_USER = xxx # MySQL database username + - DB_PASSWORD = xxxx # MySQL database password + - DB_NAME = jumpserver # Database name used by JumpServer + - REDIS_HOST = redis_host # Use Redis for caching + - REDIS_PORT = 6379 # Redis server port + - REDIS_PASSWORD = xxxx # Redis authentication password + - VOLUME /opt/jumpserver/data # Core persistent directory, stores video logs + - VOLUME /opt/koko/data # Koko persistent directory + - VOLUME /opt/lion/data # Lion persistent directory + - VOLUME /opt/chen/data # Chen persistent directory + - VOLUME /var/log/nginx # Nginx log persistent directory + - VOLUME /opt/download # APPLETS file persistent directory (files required for application publishing) + + +Note: Be sure to record the information you set above, as it will be needed again during upgrades + +**启动 JumpServer** +```bash +docker volume create jsdata + +docker run --name jms_all -d \ + -p 80:80 \ + -p 2222:2222 \ + -e SECRET_KEY=xxxxxx \ + -e BOOTSTRAP_TOKEN=xxxxxx \ + -e LOG_LEVEL=INFO \ + -e DB_HOST=192.168.x.x \ + -e DB_PORT=3306 \ + -e DB_USER=jumpserver \ + -e DB_PASSWORD=weakPassword \ + -e DB_NAME=jumpserver \ + -e REDIS_HOST=192.168.x.x \ + -e REDIS_PORT=6379 \ + -e REDIS_PASSWORD=weakPassword \ + --privileged=true \ + -v jsdata:/opt/data \ + jumpserver/jms_all:v4.1.0 +``` + +**Upgrade** +```bash +# Check the defined JumpServer configurations +docker exec -it jms_all env + +# Stop JumpServer +docker stop jms_all + +# Backup the database, replace DB-xxx with the values retrieved from the docker exec -it jms_all env command +mysqldump -h$DB_HOST -p$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > /opt/jumpserver-.sql +# Example: mysqldump -h192.168.100.11 -p3306 -ujumpserver -pnu4x599Wq7u0Bn8EABh3J91G jumpserver > /opt/jumpserver-v2.12.0.sql + +# Pull the new version of the image +docker pull jumpserver/jms_all:v4.1.0 + +# Remove the old version container +docker rm jms_all + +# Restart with the new version +``` + +**Initial Account** +```bash +Default username: admin +Default password: ChangeMe +``` \ No newline at end of file diff --git a/swarm/README.md b/swarm/README.md index b5bffcd..5c6d1f6 100644 --- a/swarm/README.md +++ b/swarm/README.md @@ -26,7 +26,6 @@ vi .env # 版本号可以自己根据项目的版本修改 VERSION=v4.1.0 -# 构建参数, 支持 amd64, arm64, ppc64le, s390x TARGETARCH=amd64 # Compose, Swarm 模式下修改 NETWORK_DRIVER=overlay @@ -101,20 +100,6 @@ docker service update --replicas=4 jumpserver_lion # 扩容 lion 到 2 个副 # ... ``` -## Build -```sh -# 如果希望手动构建镜像, 可以使用下面的命令 -cd Dockerfile -cp config_example.conf .env -vi .env -``` -```vim -# 构建参数, 支持 amd64/arm64 -TARGETARCH=amd64 -``` -```bash -docker compose -f docker-compose-build.yml up -``` ## 初始账号 - 默认账号: `admin` From 36e4e7035b12b949ec09ae229a1509898e3a8963 Mon Sep 17 00:00:00 2001 From: fit2bot Date: Tue, 10 Sep 2024 17:22:39 +0800 Subject: [PATCH 09/10] doc: add readme --- allinone/Dockerfile | 6 ++++-- allinone/build.sh | 6 ++++++ allinone/demo_run.sh | 4 ++-- allinone/entrypoint.sh | 3 +-- 4 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 allinone/build.sh diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 22d7a54..36d80f7 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -18,9 +18,12 @@ ARG TOOLS=" \ postgresql \ openjdk-17-jre-headless \ redis \ + nginx \ wget" -RUN apt-get update \ +ARG APT_MIRROR=http://mirrors.aliyun.com +RUN sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ + &&apt-get update \ && apt-get install -y --no-install-recommends ${TOOLS} \ && apt-get clean @@ -38,7 +41,6 @@ COPY --from=chen /usr /usr COPY --from=chen /etc/alternatives /etc/alternatives COPY --from=web /opt /opt -COPY --from=web /usr /usr COPY --from=web /etc/nginx /etc/nginx COPY --from=web /docker-entrypoint.d /docker-entrypoint.d COPY --from=web /docker-entrypoint.sh /opt/web/entrypoint.sh diff --git a/allinone/build.sh b/allinone/build.sh new file mode 100644 index 0000000..2238164 --- /dev/null +++ b/allinone/build.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# + +version=v4.1.0 + +docker build --build-arg version=${version}-ce -t jumpserver/jms_all:${version} . \ No newline at end of file diff --git a/allinone/demo_run.sh b/allinone/demo_run.sh index 461d742..53ceea4 100755 --- a/allinone/demo_run.sh +++ b/allinone/demo_run.sh @@ -1,6 +1,6 @@ #!/bin/bash # docker volume create jsdata &> /dev/null -docker run --name jumpserver \ +docker run --name jms_all \ -v jsdata:/opt/data \ - -p 80:80 jumpserver/jms_all + -p 8085:80 jumpserver/jms_all:v4.1.0 diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index e9b535b..ca7387d 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -32,8 +32,7 @@ function mv_dir_link(){ mkdir -p ${dst} if [[ -d ${src} || ! -L ${src} ]];then - count=$(ls ${src} | wc -l) - if [[ "${count}" != "0" ]];then + if [[ ! -z "$(ls -A ${src})" ]];then mv ${src}/* ${dst}/ fi rm -rf ${src} From ba8c04f787ef32f69b07f9160bd3b1f26d8e13c4 Mon Sep 17 00:00:00 2001 From: fit2bot Date: Tue, 10 Sep 2024 17:56:37 +0800 Subject: [PATCH 10/10] perf: split volume --- README.md | 4 +++- README_EN.md | 4 +++- allinone/Dockerfile | 2 +- allinone/README.md | 2 ++ allinone/README_EN.md | 4 +++- allinone/build.sh | 2 +- allinone/demo_run.sh | 4 +++- allinone/entrypoint.sh | 4 +--- 8 files changed, 17 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 8dd5f2a..b3238ac 100644 --- a/README.md +++ b/README.md @@ -17,11 +17,13 @@ 测试环境可以使用,生产环境推荐使用 标准部署 ```sh -docker volume create jsdata +docker volume create jsdata &> /dev/null +docker volume create pgdata &> /dev/null docker run --name jms_all \ -e SECRET_KEY=PleaseChangeMe \ -e BOOTSTRAP_TOKEN=PleaseChangeMe \ -v jsdata:/opt/data \ + -v pgdata:/var/lib/postgresql \ -p 2222:2222 \ -p 80:80 jumpserver/jms_all ``` diff --git a/README_EN.md b/README_EN.md index 991c516..e634cef 100644 --- a/README_EN.md +++ b/README_EN.md @@ -17,11 +17,13 @@ This can be used for testing environments. For production environments, it is recommended to use the standard deployment. ```sh -docker volume create jsdata +docker volume create jsdata &> /dev/null +docker volume create pgdata &> /dev/null docker run --name jms_all \ -e SECRET_KEY=PleaseChangeMe \ -e BOOTSTRAP_TOKEN=PleaseChangeMe \ -v jsdata:/opt/data \ + -v pgdata:/var/lib/postgresql \ -p 2222:2222 \ -p 80:80 jumpserver/jms_all ``` diff --git a/allinone/Dockerfile b/allinone/Dockerfile index 36d80f7..5f42717 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -18,7 +18,6 @@ ARG TOOLS=" \ postgresql \ openjdk-17-jre-headless \ redis \ - nginx \ wget" ARG APT_MIRROR=http://mirrors.aliyun.com @@ -41,6 +40,7 @@ COPY --from=chen /usr /usr COPY --from=chen /etc/alternatives /etc/alternatives COPY --from=web /opt /opt +COPY --from=web /usr /usr COPY --from=web /etc/nginx /etc/nginx COPY --from=web /docker-entrypoint.d /docker-entrypoint.d COPY --from=web /docker-entrypoint.sh /opt/web/entrypoint.sh diff --git a/allinone/README.md b/allinone/README.md index 70e200c..287cc03 100644 --- a/allinone/README.md +++ b/allinone/README.md @@ -12,10 +12,12 @@ JumpServer all-in-one Dockerfile,该项目是 JumpServer all-in-one 部署方 ```sh docker volume create jsdata +docker volume create pgdata docker run --name jms_all \ -e SECRET_KEY=PleaseChangeMe \ -e BOOTSTRAP_TOKEN=PleaseChangeMe \ -v jsdata:/opt/data \ + -v pgdata:/var/lib/postgresql \ -p 2222:2222 \ -p 80:80 jumpserver/jms_all ``` diff --git a/allinone/README_EN.md b/allinone/README_EN.md index b3044c0..988c59c 100644 --- a/allinone/README_EN.md +++ b/allinone/README_EN.md @@ -11,11 +11,13 @@ When migrating or upgrading the environment, please ensure that the SECRET_KEY i **Note: The all-in-one deployment method does not support Client-related features. It only supports usage on a pure B/S architecture web interface.** ```sh -docker volume create jsdata +docker volume create jsdata &> /dev/null +docker volume create pgdata &> /dev/null docker run --name jms_all \ -e SECRET_KEY=PleaseChangeMe \ -e BOOTSTRAP_TOKEN=PleaseChangeMe \ -v jsdata:/opt/data \ + -v pgdata:/var/lib/postgresql \ -p 2222:2222 \ -p 80:80 jumpserver/jms_all ``` diff --git a/allinone/build.sh b/allinone/build.sh index 2238164..022743c 100644 --- a/allinone/build.sh +++ b/allinone/build.sh @@ -1,6 +1,6 @@ #!/bin/bash # -version=v4.1.0 +version=dev docker build --build-arg version=${version}-ce -t jumpserver/jms_all:${version} . \ No newline at end of file diff --git a/allinone/demo_run.sh b/allinone/demo_run.sh index 53ceea4..b485b94 100755 --- a/allinone/demo_run.sh +++ b/allinone/demo_run.sh @@ -1,6 +1,8 @@ #!/bin/bash # docker volume create jsdata &> /dev/null +docker volume create pgdata &> /dev/null docker run --name jms_all \ -v jsdata:/opt/data \ - -p 8085:80 jumpserver/jms_all:v4.1.0 + -v pgdata:/var/lib/postgresql \ + -p 8085:80 jumpserver/jms_all:dev diff --git a/allinone/entrypoint.sh b/allinone/entrypoint.sh index ca7387d..db70c9f 100755 --- a/allinone/entrypoint.sh +++ b/allinone/entrypoint.sh @@ -31,7 +31,7 @@ function mv_dir_link(){ dst=$2 mkdir -p ${dst} - if [[ -d ${src} || ! -L ${src} ]];then + if [[ -d ${src} && ! -L ${src} ]];then if [[ ! -z "$(ls -A ${src})" ]];then mv ${src}/* ${dst}/ fi @@ -49,8 +49,6 @@ function prepare_data_persist() { mv_dir_link /var/log/nginx /opt/data/nginx mv_dir_link /var/lib/redis /opt/data/redis - mv_dir_link /var/lib/postgresql /opt/data/postgresql - chown postgres:postgres /var/lib/postgresql /opt/data/postgresql } function upgrade_db() {