Skip to content

Commit 2e2b61b

Browse files
adamretteradamretter
authored
Merge pull request #69 from evolvedbinary/7.x.x/feature/docker-improvements
[7.x.x] Small improvements to the Docker Images
2 parents 7b9e99f + 487d8ad commit 2e2b61b

File tree

2 files changed

+143
-33
lines changed

2 files changed

+143
-33
lines changed

exist-docker/src/main/resources-filtered/Dockerfile

Lines changed: 70 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -19,21 +19,65 @@
1919
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2020
#
2121

22+
### START: Container build time args for Elemental Server
23+
##
24+
# Names of the Linux user account and group to run the Elemental Server service under
25+
ARG ELEMENTAL_SERVER_SERVICE_ACCOUNT="edb01"
26+
ARG ELEMENTAL_SERVER_SERVICE_GROUP="edb01"
27+
28+
# Elemental data cache size
29+
ARG ELEMENTAL_SERVER_CACHE_MEM="256"
30+
# Elemental maximum number of database brokers
31+
ARG ELEMENTAL_SERVER_MAX_BROKER="20"
32+
##
33+
### END: Container build time args for Elemental Server
34+
35+
### START: Container build time args for JVM (Java Virtual Machine)
36+
##
37+
# JVM maximum RAM use (as a percentage of RAM available to the Docker Container)
38+
ARG JVM_MAX_RAM_PERCENTAGE="75.0"
39+
# JVM Garbage Collector
40+
ARG JVM_GC="Z"
41+
42+
# Any additional options to be added to the JAVA_TOOL_OPTIONS Environment Variable for the JVM
43+
ARG ADDITIONAL_JAVA_TOOL_OPTIONS
44+
##
45+
### END: Container build time args for JVM (Java Virtual Machine)
46+
2247
# Install latest JRE 21 in Chainguard Wolfi temporary builder image
2348
FROM cgr.dev/chainguard/wolfi-base AS builder
2449

50+
# Inherit global args to this build stage
51+
ARG ELEMENTAL_SERVER_SERVICE_ACCOUNT
52+
ARG ELEMENTAL_SERVER_SERVICE_GROUP
53+
2554
RUN apk update && apk upgrade
2655
# Install dependencies needed for JRE
27-
RUN apk add zlib libjpeg-turbo libpng lcms2 freetype ttf-dejavu fontconfig-config libfontconfig1 expat libuuid libbrotlicommon1 libbrotlidec1 libbrotlienc1 libcrypt1
56+
RUN apk add tzdata zlib libjpeg-turbo libpng lcms2 freetype ttf-dejavu fontconfig-config libfontconfig1 expat libuuid libbrotlicommon1 libbrotlidec1 libbrotlienc1 libcrypt1
57+
# Install latest CA certificates
58+
RUN apk add ca-certificates java-cacerts
2859
# Install latest JRE
2960
RUN apk add openjdk-21-jre
3061

62+
# Add Elemental Server service group and account
63+
RUN addgroup -S ${ELEMENTAL_SERVER_SERVICE_GROUP} \
64+
&& adduser -S -G ${ELEMENTAL_SERVER_SERVICE_GROUP} -H -h /nonexistent -s /sbin/nologin -g "Elemental Database Server - Instance 01" ${ELEMENTAL_SERVER_SERVICE_ACCOUNT}
65+
66+
3167
# Use Chainguard distroless glibc base for dynamically linked libraries
3268
FROM cgr.dev/chainguard/glibc-dynamic:latest
3369

70+
# Inherit global args to this build stage
71+
ARG ELEMENTAL_SERVER_SERVICE_ACCOUNT
72+
ARG ELEMENTAL_SERVER_SERVICE_GROUP
73+
ARG ELEMENTAL_SERVER_CACHE_MEM
74+
ARG ELEMENTAL_SERVER_MAX_BROKER
75+
ARG JVM_MAX_RAM_PERCENTAGE
76+
ARG JVM_GC
77+
ARG ADDITIONAL_JAVA_TOOL_OPTIONS
78+
3479
# Copy over dependencies for updated JRE from Wolfi
35-
COPY --from=builder /etc/ca-certificates /etc/ca-certificates
36-
COPY --from=builder /etc/ca-certificates.conf /etc/ca-certificates.conf
80+
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
3781
COPY --from=builder /lib/libz.so.1 /lib/libz.so.1
3882
COPY --from=builder /usr/lib/libjpeg.so.8 /usr/lib/libjpeg.so.8
3983
COPY --from=builder /usr/lib/libturbojpeg.so.0 /usr/lib/libturbojpeg.so.0
@@ -52,19 +96,33 @@ COPY --from=builder /usr/lib/libbrotlicommon.so.1 /usr/lib/libbrotlicommon.so.1
5296
COPY --from=builder /usr/lib/libbrotlidec.so.1 /usr/lib/libbrotlidec.so.1
5397
COPY --from=builder /usr/lib/libbrotlienc.so.1 /usr/lib/libbrotlienc.so.1
5498

99+
# Copy over certificates for updated JRE from Wolfi
100+
COPY --from=builder /etc/ca-certificates /etc/ca-certificates
101+
COPY --from=builder /etc/ca-certificates.conf /etc/ca-certificates.conf
102+
COPY --from=builder /etc/apk/protected_paths.d/ca-certificates.list /etc/apk/protected_paths.d/ca-certificates.list
103+
COPY --from=builder /etc/ssl /etc/ssl
104+
COPY --from=builder /etc/pki /etc/pki
105+
COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates
106+
55107
# Copy over updated JRE from Wolfi
56108
COPY --from=builder /usr/lib/jvm/java-21-openjdk /usr/lib/jvm/java-21-openjdk
57109

58-
# Switch to nonroot user
59-
USER nonroot
110+
# Copy Elemental Server service group and account
111+
COPY --from=builder --chown=root:root --chmod=0644 /etc/passwd /etc/passwd
112+
COPY --from=builder --chown=root:root --chmod=0644 /etc/group /etc/group
113+
COPY --from=builder --chown=root:root --chmod=0600 /etc/shadow /etc/shadow
114+
115+
# Switch to Elemental Server service account
116+
USER ${ELEMENTAL_SERVER_SERVICE_ACCOUNT}
60117

61118
# Copy Elemental
62-
COPY LICENSE /elemental/LICENSE
63-
COPY autodeploy /elemental/autodeploy
64-
COPY etc /elemental/etc
65-
COPY lib /elemental/lib
66-
COPY --chown=nonroot logs /elemental/logs
67-
COPY --chown=nonroot logs /elemental/data
119+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0555 logs /elemental
120+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0444 LICENSE /elemental/LICENSE
121+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0570 autodeploy /elemental/autodeploy
122+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0570 etc /elemental/etc
123+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0550 lib /elemental/lib
124+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0750 logs /elemental/logs
125+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0750 logs /elemental/data
68126

69127
# Build-time metadata as defined at http://label-schema.org
70128
# and used by autobuilder @hooks/build
@@ -79,18 +137,13 @@ LABEL org.label-schema.build-date=${maven.build.timestamp} \
79137

80138
EXPOSE 8080 8443
81139

82-
# make CACHE_MEM, MAX_BROKER, and JVM_MAX_RAM_PERCENTAGE available to users
83-
ARG CACHE_MEM
84-
ARG MAX_BROKER
85-
ARG JVM_MAX_RAM_PERCENTAGE
86-
87140
ENV ELEMENTAL_HOME="/elemental"
88141
ENV EXIST_HOME="/elemental"
89142
ENV CLASSPATH="/elemental/lib/${elemental.uber.jar.filename}"
90143

91144
ENV JAVA_HOME="/usr/lib/jvm/java-21-openjdk"
92145

93-
ENV JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8 -Dsun.jnu.encoding=UTF-8 -Djava.awt.headless=true -Dorg.exist.db-connection.cacheSize=${CACHE_MEM:-256}M -Dorg.exist.db-connection.pool.max=${MAX_BROKER:-20} -Dlog4j.configurationFile=/elemental/etc/log4j2.xml -Dexist.home=/elemental -Dexist.configurationFile=/elemental/etc/conf.xml -Djetty.home=/elemental -Dexist.jetty.config=/elemental/etc/jetty/standard.enabled-jetty-configs -XX:+UseNUMA -XX:+UseZGC -XX:+UseContainerSupport -XX:MaxRAMPercentage=${JVM_MAX_RAM_PERCENTAGE:-75.0} -XX:+ExitOnOutOfMemoryError"
146+
ENV JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8 -Dsun.jnu.encoding=UTF-8 -Djava.awt.headless=true -Dorg.exist.db-connection.cacheSize=${ELEMENTAL_SERVER_CACHE_MEM}M -Dorg.exist.db-connection.pool.max=${ELEMENTAL_SERVER_MAX_BROKER} -Dlog4j.configurationFile=/elemental/etc/log4j2.xml -Dexist.home=/elemental -Dexist.configurationFile=/elemental/etc/conf.xml -Djetty.home=/elemental -Dexist.jetty.config=/elemental/etc/jetty/standard.enabled-jetty-configs -XX:+UseNUMA -XX:+Use${JVM_GC}GC -XX:+UseContainerSupport -XX:MaxRAMPercentage=${JVM_MAX_RAM_PERCENTAGE} -XX:+ExitOnOutOfMemoryError ${ADDITIONAL_JAVA_TOOL_OPTIONS}"
94147

95148
ENV PATH="/usr/lib/jvm/java-21-openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
96149

exist-docker/src/main/resources-filtered/Dockerfile-DEBUG

Lines changed: 73 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -19,25 +19,88 @@
1919
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2020
#
2121

22+
### START: Container build time args for Elemental Server
23+
##
24+
# Names of the Linux user account and group to run the Elemental Server service under
25+
ARG ELEMENTAL_SERVER_SERVICE_ACCOUNT="edb01"
26+
ARG ELEMENTAL_SERVER_SERVICE_GROUP="edb01"
27+
28+
# Name of the Linux user account to use for the interactive container user when needing to debug
29+
ARG ELEMENTAL_CONTAINER_DEBUG_USER_ACCOUNT="debug"
30+
31+
# Elemental data cache size
32+
ARG ELEMENTAL_SERVER_CACHE_MEM="256"
33+
# Elemental maximum number of database brokers
34+
ARG ELEMENTAL_SERVER_MAX_BROKER="20"
35+
##
36+
### END: Container build time args for Elemental Server
37+
38+
### START: Container build time args for JVM (Java Virtual Machine)
39+
##
40+
# JVM maximum RAM use (as a percentage of RAM available to the Docker Container)
41+
ARG JVM_MAX_RAM_PERCENTAGE="75.0"
42+
# JVM Garbage Collector
43+
ARG JVM_GC="Z"
44+
45+
# JVM debugging protocol, suspend process on startup (y = Yes, n = No)
46+
ARG JVM_JDWP_SUSPEND="n"
47+
# JVM debugging protocol address and/or port
48+
ARG JVM_JDWP_ADDRESS="5005"
49+
50+
# Any additional options to be added to the JAVA_TOOL_OPTIONS Environment Variable for the JVM
51+
ARG ADDITIONAL_JAVA_TOOL_OPTIONS
52+
##
53+
### END: Container build time args for JVM (Java Virtual Machine)
54+
55+
2256
# Use Chainguard Wolfi
2357
FROM cgr.dev/chainguard/wolfi-base
2458

59+
# Inherit global args to this build stage
60+
ARG ELEMENTAL_SERVER_SERVICE_ACCOUNT
61+
ARG ELEMENTAL_SERVER_SERVICE_GROUP
62+
ARG ELEMENTAL_CONTAINER_DEBUG_USER_ACCOUNT
63+
ARG ELEMENTAL_SERVER_CACHE_MEM
64+
ARG ELEMENTAL_SERVER_MAX_BROKER
65+
ARG JVM_MAX_RAM_PERCENTAGE
66+
ARG JVM_GC
67+
ARG JVM_JDWP_SUSPEND
68+
ARG JVM_JDWP_ADDRESS
69+
ARG ADDITIONAL_JAVA_TOOL_OPTIONS
70+
2571
RUN apk update && apk upgrade
2672
# Install dependencies needed for JDK
27-
RUN apk add zlib libjpeg-turbo libpng lcms2 freetype ttf-dejavu fontconfig-config libfontconfig1 expat libuuid libbrotlicommon1 libbrotlidec1 libbrotlienc1 libcrypt1
73+
RUN apk add tzdata zlib libjpeg-turbo libpng lcms2 freetype ttf-dejavu fontconfig-config libfontconfig1 expat libuuid libbrotlicommon1 libbrotlidec1 libbrotlienc1 libcrypt1
74+
# Install latest CA certificates
75+
RUN apk add ca-certificates java-cacerts
2876
# Install latest JDK
2977
RUN apk add openjdk-21
3078

31-
# Switch to nonroot user
32-
USER nonroot
79+
# Add Elemental Server service group and account
80+
RUN addgroup -S ${ELEMENTAL_SERVER_SERVICE_GROUP} \
81+
&& adduser -S -G ${ELEMENTAL_SERVER_SERVICE_GROUP} -H -h /nonexistent -s /sbin/nologin -g "Elemental Database Server - Instance 01" ${ELEMENTAL_SERVER_SERVICE_ACCOUNT}
82+
83+
# Add 'debug' user for interactive use, and add then to the Elemental Server service group
84+
RUN adduser -D -g "Elemental Docker Container - debug user" ${ELEMENTAL_CONTAINER_DEBUG_USER_ACCOUNT} \
85+
&& addgroup ${ELEMENTAL_CONTAINER_DEBUG_USER_ACCOUNT} ${ELEMENTAL_SERVER_SERVICE_GROUP}
86+
87+
# Install sudo
88+
RUN apk add sudo-rs
89+
COPY --chmod=0440 <<EOF /etc/sudoers.d/${ELEMENTAL_CONTAINER_DEBUG_USER_ACCOUNT}
90+
${ELEMENTAL_CONTAINER_DEBUG_USER_ACCOUNT} ALL = (ALL:ALL) NOPASSWD:ALL
91+
EOF
92+
93+
# Switch to Elemental Server service account
94+
USER ${ELEMENTAL_SERVER_SERVICE_ACCOUNT}
3395

3496
# Copy Elemental
35-
COPY LICENSE /elemental/LICENSE
36-
COPY autodeploy /elemental/autodeploy
37-
COPY etc /elemental/etc
38-
COPY lib /elemental/lib
39-
COPY --chown=nonroot logs /elemental/logs
40-
COPY --chown=nonroot logs /elemental/data
97+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0555 logs /elemental
98+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0444 LICENSE /elemental/LICENSE
99+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0570 autodeploy /elemental/autodeploy
100+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0570 etc /elemental/etc
101+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0550 lib /elemental/lib
102+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0750 logs /elemental/logs
103+
COPY --chown=${ELEMENTAL_SERVER_SERVICE_ACCOUNT}:${ELEMENTAL_SERVER_SERVICE_GROUP} --chmod=0750 logs /elemental/data
41104

42105
# Build-time metadata as defined at http://label-schema.org
43106
# and used by autobuilder @hooks/build
@@ -52,19 +115,13 @@ LABEL org.label-schema.build-date=${maven.build.timestamp} \
52115

53116
EXPOSE 8080 8443 5005
54117

55-
# make CACHE_MEM, MAX_BROKER, JVM_MAX_RAM_PERCENTAGE, and JVM_JDWP_SUSPEND available to users at build time
56-
ARG CACHE_MEM
57-
ARG MAX_BROKER
58-
ARG JVM_MAX_RAM_PERCENTAGE
59-
ARG JVM_JDWP_SUSPEND
60-
61118
ENV ELEMENTAL_HOME="/elemental"
62119
ENV EXIST_HOME="/elemental"
63120
ENV CLASSPATH="/elemental/lib/${elemental.uber.jar.filename}"
64121

65122
ENV JAVA_HOME="/usr/lib/jvm/java-21-openjdk"
66123

67-
ENV JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8 -Dsun.jnu.encoding=UTF-8 -Djava.awt.headless=true -Dorg.exist.db-connection.cacheSize=${CACHE_MEM:-256}M -Dorg.exist.db-connection.pool.max=${MAX_BROKER:-20} -Dlog4j.configurationFile=/elemental/etc/log4j2.xml -Dexist.home=/elemental -Dexist.configurationFile=/elemental/etc/conf.xml -Djetty.home=/elemental -Dexist.jetty.config=/elemental/etc/jetty/standard.enabled-jetty-configs -XX:+UseNUMA -XX:+UseZGC -XX:+UseContainerSupport -XX:MaxRAMPercentage=${JVM_MAX_RAM_PERCENTAGE:-75.0} -XX:+ExitOnOutOfMemoryError -agentlib:jdwp=transport=dt_socket,server=y,suspend=${JVM_JDWP_SUSPEND:-n},address=5005"
124+
ENV JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF8 -Dsun.jnu.encoding=UTF-8 -Djava.awt.headless=true -Dorg.exist.db-connection.cacheSize=${ELEMENTAL_SERVER_CACHE_MEM}M -Dorg.exist.db-connection.pool.max=${ELEMENTAL_SERVER_MAX_BROKER} -Dlog4j.configurationFile=/elemental/etc/log4j2.xml -Dexist.home=/elemental -Dexist.configurationFile=/elemental/etc/conf.xml -Djetty.home=/elemental -Dexist.jetty.config=/elemental/etc/jetty/standard.enabled-jetty-configs -XX:+UseNUMA -XX:+Use${JVM_GC}GC -XX:+UseContainerSupport -XX:MaxRAMPercentage=${JVM_MAX_RAM_PERCENTAGE} -XX:+ExitOnOutOfMemoryError -agentlib:jdwp=transport=dt_socket,server=y,suspend=${JVM_JDWP_SUSPEND},address=${JVM_JDWP_ADDRESS} ${ADDITIONAL_JAVA_TOOL_OPTIONS}"
68125

69126
ENV PATH="/usr/lib/jvm/java-21-openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
70127

0 commit comments

Comments
 (0)