From 125759ab46c8ee8e8fb642ce542fea2ad379bc71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Wed, 3 Jul 2024 15:26:07 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E9=80=82=E9=85=8D=20v4.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 6 --- README_EN.md | 6 --- allinone/Dockerfile | 64 +++++++---------------------- chen/Dockerfile | 5 +-- config_example.conf | 10 ++--- core/Dockerfile | 31 ++++++++------ docker-compose-build.yml | 54 ------------------------- docker-compose.yml | 58 --------------------------- kael/Dockerfile | 87 ---------------------------------------- kael/entrypoint.sh | 20 --------- koko/Dockerfile | 40 ++++-------------- lion/Dockerfile | 5 +-- magnus/Dockerfile | 84 -------------------------------------- magnus/entrypoint.sh | 20 --------- web/Dockerfile | 5 +-- 15 files changed, 51 insertions(+), 444 deletions(-) delete mode 100644 kael/Dockerfile delete mode 100755 kael/entrypoint.sh delete mode 100644 magnus/Dockerfile delete mode 100755 magnus/entrypoint.sh diff --git a/README.md b/README.md index 3519649..3c3da5f 100644 --- a/README.md +++ b/README.md @@ -100,9 +100,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 @@ -185,9 +182,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 diff --git a/README_EN.md b/README_EN.md index 7f3ebb9..6a10807 100644 --- a/README_EN.md +++ b/README_EN.md @@ -100,9 +100,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. @@ -185,9 +182,6 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted. diff --git a/allinone/Dockerfile b/allinone/Dockerfile index e7ed6a0..9816cb4 100644 --- a/allinone/Dockerfile +++ b/allinone/Dockerfile @@ -22,31 +22,6 @@ RUN set -ex \ WORKDIR /opt -ARG MONGOSH_VERSION=2.2.10 -RUN set -ex \ - && \ - case "${TARGETARCH}" in \ - amd64) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \ - ;; \ - arm64|s390x|ppc64le) \ - wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \ - ;; \ - *) \ - echo "Unsupported architecture: ${TARGETARCH}" \ - ;; \ - esac - ARG HELM_VERSION=v3.15.2 ARG KUBECTL_VERSION=v1.30.2 RUN set -ex \ @@ -88,6 +63,20 @@ RUN set -ex \ COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli +RUN set -ex \ + && mkdir -p /opt/lina \ + && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ + && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ + && chown -R root:root /opt/lina \ + && rm -f /opt/*.tar.gz + +RUN set -ex \ + && mkdir -p /opt/luna \ + && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ + && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ + && chown -R root:root /opt/luna \ + && rm -f /opt/*.tar.gz + RUN set -ex \ && mkdir -p /opt/koko \ && wget https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \ @@ -105,14 +94,6 @@ RUN set -ex \ && chown -R root:root /opt/lion \ && rm -f /opt/*.tar.gz -RUN set -ex \ - && mkdir -p /opt/kael \ - && wget https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf kael-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/kael --strip-components=1 \ - && chmod 755 /opt/kael/kael \ - && chown -R root:root /opt/kael \ - && rm -f /opt/*.tar.gz - RUN set -ex \ && mkdir -p /opt/chen \ && wget https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \ @@ -120,20 +101,6 @@ RUN set -ex \ && chown -R root:root /opt/chen \ && rm -f /opt/*.tar.gz -RUN set -ex \ - && mkdir -p /opt/lina \ - && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \ - && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \ - && chown -R root:root /opt/lina \ - && rm -f /opt/*.tar.gz - -RUN set -ex \ - && mkdir -p /opt/luna \ - && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \ - && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \ - && chown -R root:root /opt/luna \ - && rm -f /opt/*.tar.gz - RUN set -ex \ && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \ && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \ @@ -146,9 +113,6 @@ COPY nginx.conf /etc/nginx/nginx.conf COPY supervisord.conf /etc/supervisor/conf.d/ RUN chmod +x ./entrypoint.sh -ENV TERMINAL_MAGNUS_ENABLED=False \ - TERMINAL_KOKO_SSH_ENABLED=False - VOLUME /opt/jumpserver/data VOLUME /opt/koko/data VOLUME /opt/lion/data diff --git a/chen/Dockerfile b/chen/Dockerfile index 1ed87b5..0c57440 100644 --- a/chen/Dockerfile +++ b/chen/Dockerfile @@ -19,11 +19,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG WISP_VERSION=v0.1.21 RUN set -e \ diff --git a/config_example.conf b/config_example.conf index 7ed1e23..c33470b 100644 --- a/config_example.conf +++ b/config_example.conf @@ -17,14 +17,15 @@ VOLUME_DIR=/opt/jumpserver # 时区 TZ=Asia/Shanghai -# MySQL +# DB, 支持 MySQL, PostgreSQL +DB_ENGINE=mysql DB_HOST=mysql DB_PORT=3306 DB_USER=root DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G DB_NAME=jumpserver -# Redis +# Redis, 支持 Sentinel REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj @@ -42,10 +43,7 @@ GUA_PORT=4822 # Web HTTP_PORT=80 SSH_PORT=2222 -MAGNUS_MYSQL_PORT=33061 -MAGNUS_MARIADB_PORT=33062 -MAGNUS_REDIS_PORT=63790 ## # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。 -# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ... \ No newline at end of file +# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, chen ... \ No newline at end of file diff --git a/core/Dockerfile b/core/Dockerfile index 1591a32..66d698c 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -4,7 +4,6 @@ ARG TARGETARCH ARG DEPENDENCIES=" \ ca-certificates \ git \ - git-lfs \ wget" RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ @@ -21,27 +20,27 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG VERSION=v3.10.11 ENV VERSION=$VERSION RUN set -e \ - && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver \ - && sed -i "s@VERSION = .*@VERSION = \"${VERSION}\"@g" /opt/jumpserver/apps/jumpserver/const.py \ - && chmod +x /opt/jumpserver/entrypoint.sh \ - && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github + && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver WORKDIR /opt/jumpserver RUN set -e \ && echo > /opt/jumpserver/config.yml \ - && cd utils \ - && bash -ixeu build.sh + && \ + if [ -n "${VERSION}" ]; then \ + sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \ + fi \ + && chmod +x /opt/jumpserver/entrypoint.sh \ + && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github FROM python:3.11-slim-bookworm as stage-2 ARG TARGETARCH @@ -107,6 +106,14 @@ RUN --mount=type=cache,target=/root/.cache,sharing=locked \ && . /opt/py3/bin/activate \ && poetry install --only=main +COPY --from=stage-1 /opt/jumpserver /opt/jumpserver + +RUN set -e \ + && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \ + && . /opt/py3/bin/activate \ + && cd apps \ + && python manage.py compilemessages + FROM python:3.11-slim-bookworm ENV LANG=en_US.UTF-8 \ PATH=/opt/py3/bin:$PATH @@ -139,9 +146,9 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ && sed -i "s@# export @export @g" ~/.bashrc \ && sed -i "s@# alias @alias @g" ~/.bashrc -COPY --from=stage-2 /opt/py3 /opt/py3 +COPY --from=stage-2 /opt /opt COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver +COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/ WORKDIR /opt/jumpserver diff --git a/docker-compose-build.yml b/docker-compose-build.yml index 6a6e567..db3a8a2 100644 --- a/docker-compose-build.yml +++ b/docker-compose-build.yml @@ -108,35 +108,6 @@ services: networks: - net - magnus: - build: - context: . - dockerfile: magnus/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_magnus:${VERSION} - container_name: jms_magnus - restart: always - env_file: .env - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check tcp://127.0.0.1:$$MAGNUS_MYSQL_PORT" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR}/magnus/data:/opt/magnus/data - ports: - - ${MAGNUS_MYSQL_PORT:-33061}:33061 - - ${MAGNUS_MARIADB_PORT:-33062}:33062 - - ${MAGNUS_REDIS_PORT:-63790}:63790 - networks: - - net - chen: build: context: . @@ -162,31 +133,6 @@ services: networks: - net - kael: - build: - context: . - dockerfile: kael/Dockerfile - args: - VERSION: ${VERSION} - TARGETARCH: ${TARGETARCH} - image: jumpserver/jms_kael:${VERSION} - container_name: jms_kael - restart: always - env_file: .env - volumes: - - ${VOLUME_DIR}/kael/data:/opt/kael/data - depends_on: - core: - condition: service_healthy - healthcheck: - test: "check http://localhost:8083/kael/health/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 60s - networks: - - net - web: build: context: . diff --git a/docker-compose.yml b/docker-compose.yml index 7ece409..254a25e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -136,37 +136,6 @@ services: networks: - net - magnus: - image: jumpserver/jms_magnus:${VERSION} - container_name: jms_magnus - deploy: - mode: replicated - replicas: 1 - # resources: - # limits: - # cpus: "0.1" - # memory: 128M - restart_policy: - condition: on-failure - placement: - constraints: - - "node.role==worker" - env_file: .env - healthcheck: - test: "check http://localhost:8088/health" - interval: 10s - timeout: 5s - retries: 3 - start_period: 10s - volumes: - - ${VOLUME_DIR}/magnus/data:/opt/magnus/data - ports: - - ${MAGNUS_MYSQL_PORT:-33061}:33061 - - ${MAGNUS_MARIADB_PORT:-33062}:33062 - - ${MAGNUS_REDIS_PORT:-63790}:63790 - networks: - - net - chen: image: jumpserver/jms_chen:${VERSION} container_name: jms_chen @@ -194,33 +163,6 @@ services: networks: - net - kael: - image: jumpserver/jms_kael:${VERSION} - container_name: jms_kael - deploy: - mode: replicated - replicas: 1 - # resources: - # limits: - # cpus: "0.1" - # memory: 128M - restart_policy: - condition: on-failure - placement: - constraints: - - "node.role==worker" - env_file: .env - volumes: - - ${VOLUME_DIR}/kael/data:/opt/kael/data - healthcheck: - test: "check http://localhost:8083/kael/health/" - interval: 10s - timeout: 5s - retries: 3 - start_period: 60s - networks: - - net - web: image: jumpserver/jms_web:${VERSION} container_name: jms_web diff --git a/kael/Dockerfile b/kael/Dockerfile deleted file mode 100644 index 2edcfed..0000000 --- a/kael/Dockerfile +++ /dev/null @@ -1,87 +0,0 @@ -FROM debian:bookworm-slim as stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz - -ARG WISP_VERSION=v0.1.21 -RUN set -e \ - && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -WORKDIR /opt/kael - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -RUN set -e \ - && cd /opt \ - && wget --quiet https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf kael-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/kael --strip-components=1 \ - && chmod 755 /opt/kael/kael \ - && chown -R root:root /opt/kael \ - && rm -f /opt/*.tar.gz - -COPY kael/entrypoint.sh . -RUN chmod 755 ./entrypoint.sh - -FROM debian:bookworm-slim -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/kael /opt/kael - -WORKDIR /opt/kael - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -VOLUME /opt/kael/data - -COPY kael/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 8083 - -STOPSIGNAL SIGQUIT - -CMD [ "wisp" ] \ No newline at end of file diff --git a/kael/entrypoint.sh b/kael/entrypoint.sh deleted file mode 100755 index b2ab55c..0000000 --- a/kael/entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -export WORK_DIR=/opt/kael -export COMPONENT_NAME=kael -export WISP_TRACE_PROCESS=1 -export EXECUTE_PROGRAM=/opt/kael/kael - -if [ ! "$LOG_LEVEL" ]; then - export LOG_LEVEL=ERROR -fi - -exec "$@" \ No newline at end of file diff --git a/koko/Dockerfile b/koko/Dockerfile index b75a0a3..6632a3b 100644 --- a/koko/Dockerfile +++ b/koko/Dockerfile @@ -20,11 +20,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG WISP_VERSION=v0.1.21 RUN set -e \ @@ -34,36 +33,13 @@ RUN set -e \ && chmod 755 /usr/local/bin/wisp \ && rm -f /opt/*.tar.gz -ARG MONGOSH_VERSION=2.2.10 +ARG USQL_VERSION=v0.0.1 RUN set -e \ - && \ - case "${TARGETARCH}" in \ - 'amd64') \ - ARCH=x64; \ - ;; \ - 'arm64') \ - ARCH=arm64; \ - ;; \ - 's390x') \ - ARCH=s390x; \ - ;; \ - 'ppc64le') \ - ARCH=ppc64le; \ - ;; \ - *) \ - echo "Unsupported architecture: ${TARGETARCH}"; \ - ;; \ - esac \ - && \ - if [ -n "${ARCH}" ]; then \ - wget --quiet https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${ARCH}.tgz \ - && tar -xf mongosh-${MONGOSH_VERSION}-linux-${ARCH}.tgz \ - && chown root:root mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/* \ - && mv mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/mongosh /usr/local/bin/ \ - && mv mongosh-${MONGOSH_VERSION}-linux-${ARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \ - && rm -rf mongosh-${MONGOSH_VERSION}-linux-${ARCH}* \ - ; \ - fi + && wget --quiet https://github.com/jumpserver-dev/usql/releases/download/${USQL_VERSION}/usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz \ + && tar -xf usql-${USQL_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ + && chown root:root /usr/local/bin/usql \ + && chmod 755 /usr/local/bin/usql \ + && rm -f /opt/*.tar.gz ARG HELM_VERSION=v3.15.2 ARG KUBECTL_VERSION=v1.30.2 diff --git a/lion/Dockerfile b/lion/Dockerfile index 2a39ebe..329201a 100644 --- a/lion/Dockerfile +++ b/lion/Dockerfile @@ -19,11 +19,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG WISP_VERSION=v0.1.21 RUN set -e \ diff --git a/magnus/Dockerfile b/magnus/Dockerfile deleted file mode 100644 index 8e99646..0000000 --- a/magnus/Dockerfile +++ /dev/null @@ -1,84 +0,0 @@ -FROM debian:bookworm-slim as stage-1 -ARG TARGETARCH - -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.3 -RUN set -e \ - && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz - -ARG WISP_VERSION=v0.1.21 -RUN set -e \ - && wget --quiet https://github.com/jumpserver/wisp/releases/download/${WISP_VERSION}/wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf wisp-${WISP_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ --strip-components=1 \ - && chown root:root /usr/local/bin/wisp \ - && chmod 755 /usr/local/bin/wisp \ - && rm -f /opt/*.tar.gz - -WORKDIR /opt/magnus - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -RUN set -e \ - && cd /opt \ - && wget --quiet https://github.com/jumpserver/magnus-release/releases/download/${VERSION}/magnus-${VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf magnus-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/magnus --strip-components=1 \ - && chmod 755 /opt/magnus/magnus \ - && chown -R root:root /opt/magnus \ - && rm -f /opt/*.tar.gz - -FROM debian:bookworm-slim -ENV LANG=en_US.UTF-8 - -ARG DEPENDENCIES=" \ - ca-certificates" - -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -e \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get install -y --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc - -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/magnus /opt/magnus - -WORKDIR /opt/magnus - -ARG VERSION=v3.10.11 -ENV VERSION=${VERSION} - -VOLUME /opt/magnus/data - -COPY magnus/entrypoint.sh /opt/entrypoint.sh -ENTRYPOINT ["/opt/entrypoint.sh"] - -EXPOSE 33061 33062 63790 - -STOPSIGNAL SIGQUIT - -CMD [ "wisp" ] \ No newline at end of file diff --git a/magnus/entrypoint.sh b/magnus/entrypoint.sh deleted file mode 100755 index cbd0e73..0000000 --- a/magnus/entrypoint.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# - -if [ -n "$CORE_HOST" ]; then - until check ${CORE_HOST}/api/health/; do - echo "wait for jms_core ${CORE_HOST} ready" - sleep 2 - done -fi - -export WORK_DIR=/opt/magnus -export COMPONENT_NAME=magnus -export WISP_TRACE_PROCESS=1 -export EXECUTE_PROGRAM=/opt/magnus/magnus - -if [ ! "$LOG_LEVEL" ]; then - export LOG_LEVEL=ERROR -fi - -exec "$@" \ No newline at end of file diff --git a/web/Dockerfile b/web/Dockerfile index 7e2bebc..51dfc59 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -20,11 +20,10 @@ WORKDIR /opt ARG CHECK_VERSION=v1.0.3 RUN set -e \ && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ + && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \ && chown root:root /usr/local/bin/check \ && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz + && rm -f /opt/*.tar.gz ARG VERSION=v3.10.11 ENV VERSION=${VERSION}