From 07f2acea22b2808f3094de846cad7e630b903d1e Mon Sep 17 00:00:00 2001 From: Gerhard Lazu Date: Wed, 16 Jan 2019 12:15:59 +0000 Subject: [PATCH 1/3] Build RabbitMQ alpha versions instead of release candidates Alpha releases (a.k.a. edge) are for RabbitMQ users that want to get the latest RabbitMQ features, as soon as they get committed and pass the build pipeline, https://ci.rabbitmq.com The primary reason to consume RabbitMQ alpha releases is because they are produced continuously, new features and fixes can be tested as they are addressed. If an issue has been reported and addressed, it will be first available in an alpha release. Making these releases available via Docker images allows users to easily test and give feedback. The secondary reason to switch to RabbitMQ alpha releases is that they are no less stable than release candidates. All releases, regardless of type, are produced by the same build pipeline and undergo the same rigorous testing. The only difference between these two releases types is timing and scope: alphas are smaller in scope and produced more frequently. The last reason for this change is that RabbitMQ release candidate artefacts get automatically cleaned when a new stable release is produced. This was first noticed in https://github.com/docker-library/rabbitmq/pull/297/commits/5a8c3dc714ebe301fadc7572bdb918e9b3bf70b4. What I've initially thought to be a bug turned out to be "works as designed". Lastly, from a base OS perspective, Alpine Edge has the latest Erlang/OTP minor version. One of our recommendations is to run the latest Erlang/OTP release for the best TLS support: http://www.rabbitmq.com/which-erlang.html#supported-version-policy Alpine Latest ships Erlang/OTP 20.3, while Alpine Edge ships 21.2. A Debian-based edge version is not available, my expectation is that #297 will result in Ubuntu replacing Debian as the Alpine OS alternative. To go further, I would challenge the need to have 2 different image variants for edge versions. What do others think? --- .travis.yml | 3 +- {3.7-rc => 3.7-edge}/alpine/Dockerfile | 9 +- .../alpine/docker-entrypoint.sh | 0 .../alpine/management/Dockerfile | 0 .../debian => 3.7-edge}/docker-entrypoint.sh | 0 3.7-rc/debian/Dockerfile | 145 ------- 3.7-rc/debian/management/Dockerfile | 29 -- 3.7-rc/docker-entrypoint.sh | 404 ------------------ 8 files changed, 5 insertions(+), 585 deletions(-) rename {3.7-rc => 3.7-edge}/alpine/Dockerfile (85%) rename {3.7-rc => 3.7-edge}/alpine/docker-entrypoint.sh (100%) rename {3.7-rc => 3.7-edge}/alpine/management/Dockerfile (100%) rename {3.7-rc/debian => 3.7-edge}/docker-entrypoint.sh (100%) delete mode 100644 3.7-rc/debian/Dockerfile delete mode 100644 3.7-rc/debian/management/Dockerfile delete mode 100755 3.7-rc/docker-entrypoint.sh diff --git a/.travis.yml b/.travis.yml index 4f26ed20..11694edd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,8 +2,7 @@ language: bash services: docker env: - - VERSION=3.7-rc VARIANT=debian - - VERSION=3.7-rc VARIANT=alpine + - VERSION=3.7-edge VARIANT=alpine - VERSION=3.7 VARIANT=debian - VERSION=3.7 VARIANT=alpine diff --git a/3.7-rc/alpine/Dockerfile b/3.7-edge/alpine/Dockerfile similarity index 85% rename from 3.7-rc/alpine/Dockerfile rename to 3.7-edge/alpine/Dockerfile index c4656cb0..bd653084 100644 --- a/3.7-rc/alpine/Dockerfile +++ b/3.7-edge/alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.8 +FROM alpine:edge # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added RUN addgroup -S rabbitmq && adduser -S -h /var/lib/rabbitmq -G rabbitmq rabbitmq @@ -36,8 +36,7 @@ ENV PATH $RABBITMQ_HOME/sbin:$PATH # gpg: key 6026DFCA: public key "RabbitMQ Release Signing Key " imported ENV RABBITMQ_GPG_KEY 0A9AF2115F4687BD29803A206B73A36E6026DFCA -ENV RABBITMQ_VERSION 3.7.8-rc.4 -ENV RABBITMQ_GITHUB_TAG v3.7.8-rc.4 +ENV RABBITMQ_VERSION 3.7.11-alpha.21 RUN set -ex; \ \ @@ -49,8 +48,8 @@ RUN set -ex; \ xz \ ; \ \ - wget -O rabbitmq-server.tar.xz.asc "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz.asc"; \ - wget -O rabbitmq-server.tar.xz "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz"; \ + wget -O rabbitmq-server.tar.xz.asc "https://dl.bintray.com/rabbitmq/all-dev/rabbitmq-server/$RABBITMQ_VERSION/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz.asc"; \ + wget -O rabbitmq-server.tar.xz "https://dl.bintray.com/rabbitmq/all-dev/rabbitmq-server/$RABBITMQ_VERSION/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz"; \ \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$RABBITMQ_GPG_KEY"; \ diff --git a/3.7-rc/alpine/docker-entrypoint.sh b/3.7-edge/alpine/docker-entrypoint.sh similarity index 100% rename from 3.7-rc/alpine/docker-entrypoint.sh rename to 3.7-edge/alpine/docker-entrypoint.sh diff --git a/3.7-rc/alpine/management/Dockerfile b/3.7-edge/alpine/management/Dockerfile similarity index 100% rename from 3.7-rc/alpine/management/Dockerfile rename to 3.7-edge/alpine/management/Dockerfile diff --git a/3.7-rc/debian/docker-entrypoint.sh b/3.7-edge/docker-entrypoint.sh similarity index 100% rename from 3.7-rc/debian/docker-entrypoint.sh rename to 3.7-edge/docker-entrypoint.sh diff --git a/3.7-rc/debian/Dockerfile b/3.7-rc/debian/Dockerfile deleted file mode 100644 index 813e0d7d..00000000 --- a/3.7-rc/debian/Dockerfile +++ /dev/null @@ -1,145 +0,0 @@ -FROM debian:stretch-slim - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - gnupg \ - dirmngr \ - ; \ - rm -rf /var/lib/apt/lists/* - -# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r rabbitmq && useradd -r -d /var/lib/rabbitmq -m -g rabbitmq rabbitmq - -# grab gosu for easy step-down from root -ENV GOSU_VERSION 1.10 -RUN set -eux; \ - \ - fetchDeps=' \ - ca-certificates \ - wget \ - '; \ - apt-get update; \ - apt-get install -y --no-install-recommends $fetchDeps; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - \ -# verify the signature - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - \ - chmod +x /usr/local/bin/gosu; \ -# verify that the binary works - gosu nobody true; \ - \ - apt-get purge -y --auto-remove $fetchDeps - -# RabbitMQ 3.6.15+ requires Erlang 19.3+ (and Stretch only has 19.2); https://www.rabbitmq.com/which-erlang.html -# so we'll pull Erlang from Buster instead (not using Erlang Solutions since their multiarch support is extremely limited) -RUN set -eux; \ -# add buster sources.list - sed 's/stretch/buster/g' /etc/apt/sources.list \ - | tee /etc/apt/sources.list.d/buster.list; \ -# update apt-preferences such that we get only erlang* from buster (and erlang* only from buster) - { \ - echo 'Package: *'; \ - echo 'Pin: release n=buster*'; \ - echo 'Pin-Priority: 1'; \ - echo; \ - echo 'Package: erlang*'; \ - echo 'Pin: release n=buster*'; \ - echo 'Pin-Priority: 999'; \ - echo; \ - echo 'Package: erlang*'; \ - echo 'Pin: release n=stretch*'; \ - echo 'Pin-Priority: -10'; \ - } | tee /etc/apt/preferences.d/buster-erlang - -# install Erlang -RUN set -eux; \ - apt-get update; \ -# "erlang-base-hipe" is optional (and only supported on a few arches) -# so, only install it if it's available for our current arch - if apt-cache show erlang-base-hipe 2>/dev/null | grep -q 'Package: erlang-base-hipe'; then \ - apt-get install -y --no-install-recommends \ - erlang-base-hipe \ - ; \ - fi; \ -# we start with "erlang-base-hipe" because it and "erlang-base" (non-hipe) are exclusive - apt-get install -y --no-install-recommends \ - erlang-asn1 \ - erlang-crypto \ - erlang-eldap \ - erlang-inets \ - erlang-mnesia \ - erlang-nox \ - erlang-os-mon \ - erlang-public-key \ - erlang-ssl \ - erlang-xmerl \ - ; \ - rm -rf /var/lib/apt/lists/* - -# get logs to stdout (thanks @dumbbell for pushing this upstream! :D) -ENV RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=- -# https://github.com/rabbitmq/rabbitmq-server/commit/53af45bf9a162dec849407d114041aad3d84feaf - -# /usr/sbin/rabbitmq-server has some irritating behavior, and only exists to "su - rabbitmq /usr/lib/rabbitmq/bin/rabbitmq-server ..." -ENV PATH /usr/lib/rabbitmq/bin:$PATH - -# gpg: key 6026DFCA: public key "RabbitMQ Release Signing Key " imported -ENV RABBITMQ_GPG_KEY 0A9AF2115F4687BD29803A206B73A36E6026DFCA - -ENV RABBITMQ_VERSION 3.7.8-rc.4 -ENV RABBITMQ_GITHUB_TAG v3.7.8-rc.4 -ENV RABBITMQ_DEBIAN_VERSION 3.7.8.rc.4-1 - -RUN set -eux; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends ca-certificates wget; \ - \ - wget -O rabbitmq-server.deb.asc "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server_${RABBITMQ_DEBIAN_VERSION}_all.deb.asc"; \ - wget -O rabbitmq-server.deb "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server_${RABBITMQ_DEBIAN_VERSION}_all.deb"; \ - \ - apt-get purge -y --auto-remove ca-certificates wget; \ - \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$RABBITMQ_GPG_KEY"; \ - gpg --batch --verify rabbitmq-server.deb.asc rabbitmq-server.deb; \ - command -v gpgconf && gpgconf --kill all || :; \ - rm -rf "$GNUPGHOME"; \ - \ - apt install -y --no-install-recommends ./rabbitmq-server.deb; \ - dpkg -l | grep rabbitmq-server; \ - rm -f rabbitmq-server.deb*; \ - \ - rm -rf /var/lib/apt/lists/* - -# warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell) -ENV LANG C.UTF-8 - -# set home so that any `--user` knows where to put the erlang cookie -ENV HOME /var/lib/rabbitmq - -RUN mkdir -p /var/lib/rabbitmq /etc/rabbitmq /var/log/rabbitmq /tmp/rabbitmq-ssl \ - && chown -R rabbitmq:rabbitmq /var/lib/rabbitmq /etc/rabbitmq /var/log/rabbitmq /tmp/rabbitmq-ssl \ - && chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq /var/log/rabbitmq /tmp/rabbitmq-ssl -VOLUME /var/lib/rabbitmq - -# add a symlink to the .erlang.cookie in /root so we can "docker exec rabbitmqctl ..." without gosu -RUN ln -sf /var/lib/rabbitmq/.erlang.cookie /root/ - -RUN ln -sf "/usr/lib/rabbitmq/lib/rabbitmq_server-$RABBITMQ_VERSION/plugins" /plugins - -COPY docker-entrypoint.sh /usr/local/bin/ -RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 4369 5671 5672 25672 -CMD ["rabbitmq-server"] diff --git a/3.7-rc/debian/management/Dockerfile b/3.7-rc/debian/management/Dockerfile deleted file mode 100644 index 6fa40380..00000000 --- a/3.7-rc/debian/management/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM rabbitmq:3.7-rc - -RUN rabbitmq-plugins enable --offline rabbitmq_management - -# extract "rabbitmqadmin" from inside the "rabbitmq_management-X.Y.Z.ez" plugin zipfile -# see https://github.com/docker-library/rabbitmq/issues/207 -RUN set -eux; \ - erl -noinput -eval ' \ - { ok, AdminBin } = zip:foldl(fun(FileInArchive, GetInfo, GetBin, Acc) -> \ - case Acc of \ - "" -> \ - case lists:suffix("/rabbitmqadmin", FileInArchive) of \ - true -> GetBin(); \ - false -> Acc \ - end; \ - _ -> Acc \ - end \ - end, "", init:get_plain_arguments()), \ - io:format("~s", [ AdminBin ]), \ - init:stop(). \ - ' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \ - [ -s /usr/local/bin/rabbitmqadmin ]; \ - chmod +x /usr/local/bin/rabbitmqadmin; \ - apt-get update; \ - apt-get install -y --no-install-recommends python; \ - rm -rf /var/lib/apt/lists/*; \ - rabbitmqadmin --version - -EXPOSE 15671 15672 diff --git a/3.7-rc/docker-entrypoint.sh b/3.7-rc/docker-entrypoint.sh deleted file mode 100755 index 38406a5a..00000000 --- a/3.7-rc/docker-entrypoint.sh +++ /dev/null @@ -1,404 +0,0 @@ -#!/bin/bash -set -eu - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# backwards compatibility for old environment variables -: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}" -: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}" -: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}" - -# "management" SSL config should default to using the same certs -: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}" -: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}" -: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}" - -# Allowed env vars that will be read from mounted files (i.e. Docker Secrets): -fileEnvKeys=( - default_user - default_pass -) - -# https://www.rabbitmq.com/configure.html -sslConfigKeys=( - cacertfile - certfile - depth - fail_if_no_peer_cert - keyfile - verify -) -managementConfigKeys=( - "${sslConfigKeys[@]/#/ssl_}" -) -rabbitConfigKeys=( - default_pass - default_user - default_vhost - hipe_compile - vm_memory_high_watermark -) -fileConfigKeys=( - management_ssl_cacertfile - management_ssl_certfile - management_ssl_keyfile - ssl_cacertfile - ssl_certfile - ssl_keyfile -) -allConfigKeys=( - "${managementConfigKeys[@]/#/management_}" - "${rabbitConfigKeys[@]}" - "${sslConfigKeys[@]/#/ssl_}" -) - -declare -A configDefaults=( - [management_ssl_fail_if_no_peer_cert]='false' - [management_ssl_verify]='verify_none' - - [ssl_fail_if_no_peer_cert]='true' - [ssl_verify]='verify_peer' -) - -# allow the container to be started with `--user` -if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then - # this needs to happen late enough that we have the SSL config - # https://github.com/docker-library/rabbitmq/issues/283 - for conf in "${allConfigKeys[@]}"; do - var="RABBITMQ_${conf^^}" - val="${!var:-}" - [ -n "$val" ] || continue - case "$conf" in - *_ssl_*file | ssl_*file ) - if [ -f "$val" ] && ! gosu rabbitmq test -r "$val"; then - newFile="/tmp/rabbitmq-ssl/$conf.pem" - echo >&2 - echo >&2 "WARNING: '$val' ($var) is not readable by rabbitmq ($(id rabbitmq)); copying to '$newFile'" - echo >&2 - cat "$val" > "$newFile" - chown rabbitmq "$newFile" - chmod 0400 "$newFile" - eval 'export '$var'="$newFile"' - fi - ;; - esac - done - - if [ "$1" = 'rabbitmq-server' ]; then - find /var/lib/rabbitmq \! -user rabbitmq -exec chown rabbitmq '{}' + - fi - - exec gosu rabbitmq "$BASH_SOURCE" "$@" -fi - -haveConfig= -haveSslConfig= -haveManagementSslConfig= -for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done -for conf in "${allConfigKeys[@]}"; do - var="RABBITMQ_${conf^^}" - val="${!var:-}" - if [ "$val" ]; then - if [ "${configDefaults[$conf]:-}" ] && [ "${configDefaults[$conf]}" = "$val" ]; then - # if the value set is the same as the default, treat it as if it isn't set - continue - fi - haveConfig=1 - case "$conf" in - ssl_*) haveSslConfig=1 ;; - management_ssl_*) haveManagementSslConfig=1 ;; - esac - fi -done -if [ "$haveSslConfig" ]; then - missing=() - for sslConf in cacertfile certfile keyfile; do - var="RABBITMQ_SSL_${sslConf^^}" - val="${!var}" - if [ -z "$val" ]; then - missing+=( "$var" ) - fi - done - if [ "${#missing[@]}" -gt 0 ]; then - { - echo - echo 'error: SSL requested, but missing required configuration' - for miss in "${missing[@]}"; do - echo " - $miss" - done - echo - } >&2 - exit 1 - fi -fi -missingFiles=() -for conf in "${fileConfigKeys[@]}"; do - var="RABBITMQ_${conf^^}" - val="${!var}" - if [ "$val" ] && [ ! -f "$val" ]; then - missingFiles+=( "$val ($var)" ) - fi -done -if [ "${#missingFiles[@]}" -gt 0 ]; then - { - echo - echo 'error: files specified, but missing' - for miss in "${missingFiles[@]}"; do - echo " - $miss" - done - echo - } >&2 - exit 1 -fi - -# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off) -for conf in "${!configDefaults[@]}"; do - default="${configDefaults[$conf]}" - var="RABBITMQ_${conf^^}" - [ -z "${!var:-}" ] || continue - eval "export $var=\"\$default\"" -done - -# if long and short hostnames are not the same, use long hostnames -if [ "$(hostname)" != "$(hostname -s)" ]; then - : "${RABBITMQ_USE_LONGNAME:=true}" -fi - -if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then - cookieFile='/var/lib/rabbitmq/.erlang.cookie' - if [ -e "$cookieFile" ]; then - if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then - echo >&2 - echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE" - echo >&2 - fi - else - echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile" - fi - chmod 600 "$cookieFile" -fi - -configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}" -oldConfigFile="$configBase.config" -newConfigFile="$configBase.conf" - -shouldWriteConfig="$haveConfig" -if [ -n "$shouldWriteConfig" ] && [ -f "$oldConfigFile" ]; then - { - echo "error: Docker configuration environment variables specified, but old-style (Erlang syntax) configuration file '$oldConfigFile' exists" - echo " Suggested fixes: (choose one)" - echo " - remove '$oldConfigFile'" - echo " - remove any Docker-specific 'RABBITMQ_...' environment variables" - echo " - convert '$oldConfigFile' to the newer sysctl format ('$newConfigFile'); see https://www.rabbitmq.com/configure.html#config-file" - } >&2 - exit 1 -fi -if [ -z "$shouldWriteConfig" ] && [ ! -f "$oldConfigFile" ] && [ ! -f "$newConfigFile" ]; then - # no config files, we should write one - shouldWriteConfig=1 -fi - -# http://stackoverflow.com/a/2705678/433558 -sed_escape_lhs() { - echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g' -} -sed_escape_rhs() { - echo "$@" | sed -e 's/[\/&]/\\&/g' -} -rabbit_set_config() { - local key="$1"; shift - local val="$1"; shift - - [ -e "$newConfigFile" ] || touch "$newConfigFile" - - local sedKey="$(sed_escape_lhs "$key")" - local sedVal="$(sed_escape_rhs "$val")" - sed -ri \ - "s/^[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*)\S.*\$/\1${sedVal}/" \ - "$newConfigFile" - if ! grep -qE "^${sedKey}[[:space:]]*=" "$newConfigFile"; then - echo "$key = $val" >> "$newConfigFile" - fi -} -rabbit_comment_config() { - local key="$1"; shift - - [ -e "$newConfigFile" ] || touch "$newConfigFile" - - local sedKey="$(sed_escape_lhs "$key")" - sed -ri \ - "s/^[[:space:]]*#?[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*\S.*)\$/# \1/" \ - "$newConfigFile" -} -rabbit_env_config() { - local prefix="$1"; shift - - local conf - for conf; do - local var="rabbitmq${prefix:+_$prefix}_$conf" - var="${var^^}" - - local key="$conf" - case "$prefix" in - ssl) key="ssl_options.$key" ;; - management_ssl) key="management.listener.ssl_opts.$key" ;; - esac - - local val="${!var:-}" - local rawVal="$val" - case "$conf" in - fail_if_no_peer_cert|hipe_compile) - case "${val,,}" in - false|no|0|'') rawVal='false' ;; - true|yes|1|*) rawVal='true' ;; - esac - ;; - - vm_memory_high_watermark) continue ;; # handled separately - esac - - if [ -n "$rawVal" ]; then - rabbit_set_config "$key" "$rawVal" - else - rabbit_comment_config "$key" - fi - done -} - -if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then - rabbit_set_config 'loopback_users.guest' 'false' - - # determine whether to set "vm_memory_high_watermark" (based on cgroups) - memTotalKb= - if [ -r /proc/meminfo ]; then - memTotalKb="$(awk -F ':? +' '$1 == "MemTotal" { print $2; exit }' /proc/meminfo)" - fi - memLimitB= - if [ -r /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then - # "18446744073709551615" is a valid value for "memory.limit_in_bytes", which is too big for Bash math to handle - # "$(( 18446744073709551615 / 1024 ))" = 0; "$(( 18446744073709551615 * 40 / 100 ))" = 0 - memLimitB="$(awk -v totKb="$memTotalKb" '{ - limB = $0; - limKb = limB / 1024; - if (!totKb || limKb < totKb) { - printf "%.0f\n", limB; - } - }' /sys/fs/cgroup/memory/memory.limit_in_bytes)" - fi - if [ -n "$memLimitB" ]; then - # if we have a cgroup memory limit, let's inform RabbitMQ of what it is (so it can calculate vm_memory_high_watermark properly) - # https://github.com/rabbitmq/rabbitmq-server/pull/1234 - rabbit_set_config 'total_memory_available_override_value' "$memLimitB" - fi - # https://www.rabbitmq.com/memory.html#memsup-usage - if [ "${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-}" ]; then - # https://github.com/docker-library/rabbitmq/pull/105#issuecomment-242165822 - vmMemoryHighWatermark="$( - echo "$RABBITMQ_VM_MEMORY_HIGH_WATERMARK" | awk ' - /^[0-9]*[.][0-9]+$|^[0-9]+([.][0-9]+)?%$/ { - perc = $0; - if (perc ~ /%$/) { - gsub(/%$/, "", perc); - perc = perc / 100; - } - if (perc > 1.0 || perc <= 0.0) { - printf "error: invalid percentage for vm_memory_high_watermark: %s (must be > 0%%, <= 100%%)\n", $0 > "/dev/stderr"; - exit 1; - } - printf "vm_memory_high_watermark.relative %0.03f\n", perc; - next; - } - /^[0-9]+$/ { - printf "vm_memory_high_watermark.absolute %s\n", $0; - next; - } - /^[0-9]+([.][0-9]+)?[a-zA-Z]+$/ { - printf "vm_memory_high_watermark.absolute %s\n", $0; - next; - } - { - printf "error: unexpected input for vm_memory_high_watermark: %s\n", $0; - exit 1; - } - ' - )" - if [ "$vmMemoryHighWatermark" ]; then - vmMemoryHighWatermarkKey="${vmMemoryHighWatermark%% *}" - vmMemoryHighWatermarkVal="${vmMemoryHighWatermark#$vmMemoryHighWatermarkKey }" - rabbit_set_config "$vmMemoryHighWatermarkKey" "$vmMemoryHighWatermarkVal" - case "$vmMemoryHighWatermarkKey" in - # make sure we only set one or the other - 'vm_memory_high_watermark.absolute') rabbit_comment_config 'vm_memory_high_watermark.relative' ;; - 'vm_memory_high_watermark.relative') rabbit_comment_config 'vm_memory_high_watermark.absolute' ;; - esac - fi - fi - - if [ "$haveSslConfig" ]; then - rabbit_set_config 'listeners.ssl.default' 5671 - rabbit_env_config 'ssl' "${sslConfigKeys[@]}" - else - rabbit_set_config 'listeners.tcp.default' 5672 - fi - - rabbit_env_config '' "${rabbitConfigKeys[@]}" - - # if management plugin is installed, generate config for it - # https://www.rabbitmq.com/management.html#configuration - if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then - if [ "$haveManagementSslConfig" ]; then - rabbit_set_config 'management.listener.port' 15671 - rabbit_set_config 'management.listener.ssl' 'true' - rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}" - else - rabbit_set_config 'management.listener.port' 15672 - rabbit_set_config 'management.listener.ssl' 'false' - fi - - # if definitions file exists, then load it - # https://www.rabbitmq.com/management.html#load-definitions - managementDefinitionsFile='/etc/rabbitmq/definitions.json' - if [ -f "$managementDefinitionsFile" ]; then - # see also https://github.com/docker-library/rabbitmq/pull/112#issuecomment-271485550 - rabbit_set_config 'management.load_definitions' "$managementDefinitionsFile" - fi - fi -fi - -combinedSsl='/tmp/rabbitmq-ssl/combined.pem' -if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then - # Create combined cert - cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl" - chmod 0400 "$combinedSsl" -fi -if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then - # More ENV vars for make clustering happiness - # we don't handle clustering in this script, but these args should ensure - # clustered SSL-enabled members will talk nicely - export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)" - sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true" - export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="${RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS:-} $sslErlArgs" - export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs" -fi - -exec "$@" From 01f25ea3c0644684856ff9e1fc3a68a86d01b27f Mon Sep 17 00:00:00 2001 From: Gerhard Lazu Date: Wed, 16 Jan 2019 13:38:14 +0000 Subject: [PATCH 2/3] Fix rabbitmq-plugins list in docker-entrypoint.sh For context, see https://github.com/rabbitmq/rabbitmq-server-boshrelease/commit/2da98843a4cb10c942869b2e4549a29fb2fc3ed0#commitcomment-31470432 --- 3.7-edge/alpine/docker-entrypoint.sh | 2 +- 3.7-edge/docker-entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3.7-edge/alpine/docker-entrypoint.sh b/3.7-edge/alpine/docker-entrypoint.sh index a2856bc5..aea0160a 100755 --- a/3.7-edge/alpine/docker-entrypoint.sh +++ b/3.7-edge/alpine/docker-entrypoint.sh @@ -365,7 +365,7 @@ if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then # if management plugin is installed, generate config for it # https://www.rabbitmq.com/management.html#configuration - if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then + if [ "$(rabbitmq-plugins list -q -m -e rabbitmq_management)" ]; then if [ "$haveManagementSslConfig" ]; then rabbit_set_config 'management.listener.port' 15671 rabbit_set_config 'management.listener.ssl' 'true' diff --git a/3.7-edge/docker-entrypoint.sh b/3.7-edge/docker-entrypoint.sh index 38406a5a..a1bdb3dd 100755 --- a/3.7-edge/docker-entrypoint.sh +++ b/3.7-edge/docker-entrypoint.sh @@ -365,7 +365,7 @@ if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then # if management plugin is installed, generate config for it # https://www.rabbitmq.com/management.html#configuration - if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then + if [ "$(rabbitmq-plugins list -q -m -e rabbitmq_management)" ]; then if [ "$haveManagementSslConfig" ]; then rabbit_set_config 'management.listener.port' 15671 rabbit_set_config 'management.listener.ssl' 'true' From 52c33cab93c449a10db2e77bd1d48f9a70b4ef22 Mon Sep 17 00:00:00 2001 From: Gerhard Lazu Date: Wed, 16 Jan 2019 13:39:24 +0000 Subject: [PATCH 3/3] Fix FROM image in management variant --- 3.7-edge/alpine/management/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3.7-edge/alpine/management/Dockerfile b/3.7-edge/alpine/management/Dockerfile index b5487f01..74424d3b 100644 --- a/3.7-edge/alpine/management/Dockerfile +++ b/3.7-edge/alpine/management/Dockerfile @@ -1,4 +1,4 @@ -FROM rabbitmq:3.7-rc-alpine +FROM rabbitmq:3.7-edge-alpine RUN rabbitmq-plugins enable --offline rabbitmq_management