Skip to content

Commit 25a9b71

Browse files
tianontianon
authored
Merge pull request #302 from rabbitmq/add-3.8-edge
Build RabbitMQ 3.8 beta releases
2 parents 257780a + 073a91a commit 25a9b71

File tree

7 files changed

+1343
-0
lines changed

7 files changed

+1343
-0
lines changed

.travis.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@ language: bash
22
services: docker
33

44
env:
5+
- VERSION=3.8-rc VARIANT=ubuntu
6+
- VERSION=3.8-rc VARIANT=alpine
57
- VERSION=3.7-rc VARIANT=ubuntu
68
- VERSION=3.7-rc VARIANT=alpine
79
- VERSION=3.7 VARIANT=ubuntu

3.8-rc/alpine/Dockerfile

Lines changed: 233 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,233 @@
1+
# Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
2+
FROM alpine:3.8
3+
4+
# grab su-exec for easy step-down from root
5+
# bash for docker-entrypoint.sh
6+
RUN apk add --no-cache 'su-exec>=0.2' bash
7+
8+
# Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
9+
ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
10+
# If you are building this image locally and are getting `gpg: keyserver receive failed: No data` errors,
11+
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.7 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.7/ubuntu
12+
# For context, see https://github.com/docker-library/official-images/issues/4252
13+
14+
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
15+
ENV OPENSSL_VERSION 1.1.1a
16+
ENV OPENSSL_SOURCE_SHA256="fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
17+
# https://www.openssl.org/community/omc.html
18+
ENV OPENSSL_PGP_KEY_ID="0x8657ABB260F056B1E5190839D9C4D26D0E604491"
19+
20+
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
21+
ENV OTP_VERSION 21.2.4
22+
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
23+
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html
24+
ENV OTP_SOURCE_SHA256="833d31ac102536b752e474dc6d69be7cc3e37d2d944191317312b30b1ea8ef0d"
25+
26+
# Install dependencies required to build Erlang/OTP from source
27+
# http://erlang.org/doc/installation_guide/INSTALL.html
28+
# autoconf: Required to configure Erlang/OTP before compiling
29+
# dpkg-dev: Required to set up host & build type when compiling Erlang/OTP
30+
# gnupg: Required to verify OpenSSL artefacts
31+
# libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
32+
# m4: Required for Erlang/OTP HiPE support
33+
RUN set -eux; \
34+
\
35+
apk add --no-cache --virtual .build-deps \
36+
autoconf \
37+
ca-certificates \
38+
dpkg-dev dpkg \
39+
gcc \
40+
gnupg \
41+
libc-dev \
42+
linux-headers \
43+
m4 \
44+
make \
45+
ncurses-dev \
46+
wget \
47+
; \
48+
\
49+
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
50+
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
51+
OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
52+
\
53+
# /usr/local/src doesn't exist in Alpine by default
54+
mkdir /usr/local/src; \
55+
\
56+
# Required by the crypto & ssl Erlang/OTP applications
57+
wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
58+
wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz" "$OPENSSL_SOURCE_URL"; \
59+
export GNUPGHOME="$(mktemp -d)"; \
60+
gpg --batch --keyserver "$PGP_KEYSERVER" --recv-keys "$OPENSSL_PGP_KEY_ID"; \
61+
gpg --batch --verify "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_PATH.tar.gz"; \
62+
gpgconf --kill all; \
63+
rm -rf "$GNUPGHOME"; \
64+
echo "$OPENSSL_SOURCE_SHA256 *$OPENSSL_PATH.tar.gz" | sha256sum -c -; \
65+
mkdir -p "$OPENSSL_PATH"; \
66+
tar --extract --file "$OPENSSL_PATH.tar.gz" --directory "$OPENSSL_PATH" --strip-components 1; \
67+
\
68+
# Configure OpenSSL for compilation
69+
cd "$OPENSSL_PATH"; \
70+
./config --openssldir="$OPENSSL_CONFIG_DIR"; \
71+
# Compile, install OpenSSL, verify that the command-line works & development headers are present
72+
make -j "$(getconf _NPROCESSORS_ONLN)"; \
73+
make install_sw install_ssldirs; \
74+
cd ..; \
75+
rm -rf "$OPENSSL_PATH"*; \
76+
# use Alpine's CA certificates
77+
rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
78+
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
79+
# smoke test
80+
openssl version; \
81+
\
82+
OTP_SOURCE_URL="https://github.com/erlang/otp/archive/OTP-$OTP_VERSION.tar.gz"; \
83+
OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
84+
\
85+
# Download, verify & extract OTP_SOURCE
86+
mkdir -p "$OTP_PATH"; \
87+
wget --progress dot:giga --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \
88+
echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum -c -; \
89+
tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \
90+
\
91+
# Configure Erlang/OTP for compilation, disable unused features & applications
92+
# http://erlang.org/doc/applications.html
93+
# ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
94+
cd "$OTP_PATH"; \
95+
export ERL_TOP="$OTP_PATH"; \
96+
./otp_build autoconf; \
97+
CFLAGS="$(dpkg-buildflags --get CFLAGS)"; export CFLAGS; \
98+
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
99+
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
100+
./configure \
101+
--host="$hostArch" \
102+
--build="$buildArch" \
103+
--disable-dynamic-ssl-lib \
104+
--disable-sctp \
105+
--disable-silent-rules \
106+
--enable-clock-gettime \
107+
--enable-hipe \
108+
--enable-hybrid-heap \
109+
--enable-kernel-poll \
110+
--enable-shared-zlib \
111+
--enable-smp-support \
112+
--enable-threads \
113+
--with-microstate-accounting=extra \
114+
--without-common_test \
115+
--without-debugger \
116+
--without-dialyzer \
117+
--without-diameter \
118+
--without-edoc \
119+
--without-erl_docgen \
120+
--without-erl_interface \
121+
--without-et \
122+
--without-eunit \
123+
--without-ftp \
124+
--without-jinterface \
125+
--without-megaco \
126+
--without-observer \
127+
--without-odbc \
128+
--without-reltool \
129+
--without-ssh \
130+
--without-tftp \
131+
--without-wx \
132+
; \
133+
# Compile & install Erlang/OTP
134+
make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
135+
make install; \
136+
cd ..; \
137+
rm -rf "$OTP_PATH"* /usr/local/lib/erlang/lib/*/src; \
138+
\
139+
runDeps="$( \
140+
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
141+
| tr ',' '\n' \
142+
| sort -u \
143+
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
144+
)"; \
145+
apk add --no-cache --virtual .otp-run-deps $runDeps; \
146+
apk del --no-network .build-deps; \
147+
\
148+
# Check that OpenSSL still works after purging build dependencies
149+
openssl version; \
150+
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
151+
erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
152+
153+
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
154+
# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
155+
RUN set -eux; \
156+
addgroup -g 101 -S rabbitmq; \
157+
adduser -u 100 -S -h "$RABBITMQ_DATA_DIR" -G rabbitmq rabbitmq; \
158+
mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
159+
chown -fR rabbitmq:rabbitmq "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
160+
chmod 777 "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
161+
ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
162+
163+
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
164+
ENV RABBITMQ_VERSION 3.8.0-beta.1
165+
# https://www.rabbitmq.com/signatures.html#importing-gpg
166+
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
167+
ENV RABBITMQ_HOME=/opt/rabbitmq
168+
169+
# Add RabbitMQ to PATH, send all logs to TTY
170+
ENV PATH=$RABBITMQ_HOME/sbin:$PATH \
171+
RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=-
172+
173+
# Install RabbitMQ
174+
RUN set -eux; \
175+
\
176+
apk add --no-cache --virtual .build-deps \
177+
ca-certificates \
178+
gnupg \
179+
wget \
180+
xz \
181+
; \
182+
\
183+
RABBITMQ_SOURCE_URL="https://github.com/rabbitmq/rabbitmq-server/releases/download/v$RABBITMQ_VERSION/rabbitmq-server-generic-unix-$RABBITMQ_VERSION.tar.xz"; \
184+
RABBITMQ_PATH="/usr/local/src/rabbitmq-$RABBITMQ_VERSION"; \
185+
\
186+
wget --progress dot:giga --output-document "$RABBITMQ_PATH.tar.xz.asc" "$RABBITMQ_SOURCE_URL.asc"; \
187+
wget --progress dot:giga --output-document "$RABBITMQ_PATH.tar.xz" "$RABBITMQ_SOURCE_URL"; \
188+
\
189+
export GNUPGHOME="$(mktemp -d)"; \
190+
gpg --batch --keyserver "$PGP_KEYSERVER" --recv-keys "$RABBITMQ_PGP_KEY_ID"; \
191+
gpg --batch --verify "$RABBITMQ_PATH.tar.xz.asc" "$RABBITMQ_PATH.tar.xz"; \
192+
gpgconf --kill all; \
193+
rm -rf "$GNUPGHOME"; \
194+
\
195+
mkdir -p "$RABBITMQ_HOME"; \
196+
tar --extract --file "$RABBITMQ_PATH.tar.xz" --directory "$RABBITMQ_HOME" --strip-components 1; \
197+
rm -rf "$RABBITMQ_PATH"*; \
198+
# Do not default SYS_PREFIX to RABBITMQ_HOME, leave it empty
199+
grep -qE '^SYS_PREFIX=\$\{RABBITMQ_HOME\}$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
200+
sed -i 's/^SYS_PREFIX=.*$/SYS_PREFIX=/' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
201+
grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
202+
chown -R rabbitmq:rabbitmq "$RABBITMQ_HOME"; \
203+
\
204+
apk del .build-deps; \
205+
\
206+
# verify assumption of no stale cookies
207+
[ ! -e "$RABBITMQ_DATA_DIR/.erlang.cookie" ]; \
208+
# Ensure RabbitMQ was installed correctly by running a few commands that do not depend on a running server, as the rabbitmq user
209+
# If they all succeed, it's safe to assume that things have been set up correctly
210+
su-exec rabbitmq rabbitmqctl help; \
211+
su-exec rabbitmq rabbitmqctl list_ciphers; \
212+
su-exec rabbitmq rabbitmq-plugins list; \
213+
# no stale cookies
214+
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
215+
216+
# Added for backwards compatibility - users can simply COPY custom plugins to /plugins
217+
RUN ln -sf /opt/rabbitmq/plugins /plugins
218+
219+
# set home so that any `--user` knows where to put the erlang cookie
220+
ENV HOME $RABBITMQ_DATA_DIR
221+
# Hint that the data (a.k.a. home dir) dir should be separate volume
222+
VOLUME $RABBITMQ_DATA_DIR
223+
224+
# warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell)
225+
# Setting all environment variables that control language preferences, behaviour differs - https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html#The-LANGUAGE-variable
226+
# https://docs.docker.com/samples/library/ubuntu/#locales
227+
ENV LANG=C.UTF-8 LANGUAGE=C.UTF-8 LC_ALL=C.UTF-8
228+
229+
COPY docker-entrypoint.sh /usr/local/bin/
230+
ENTRYPOINT ["docker-entrypoint.sh"]
231+
232+
EXPOSE 4369 5671 5672 25672
233+
CMD ["rabbitmq-server"]

0 commit comments

Comments
 (0)