Add java image
This commit is contained in:
parent
0fbb06ca92
commit
089c951be1
17
images/java/Dockerfile
Normal file
17
images/java/Dockerfile
Normal file
|
@ -0,0 +1,17 @@
|
|||
ARG JAVA_VERSION=17
|
||||
|
||||
FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine
|
||||
MAINTAINER Daniel Berteaud <dbd@ehtrace.com>
|
||||
|
||||
ARG JMX_EXPORTER_VERSION=0.19.0
|
||||
|
||||
COPY resources/ /
|
||||
RUN set -exo pipefail &&\
|
||||
apk --no-cache upgrade &&\
|
||||
apk --no-cache add openssl curl xmlstarlet ca-certificates tini &&\
|
||||
mkdir /jmx_exporter &&\
|
||||
curl -sSL https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/${JMX_EXPORTER_VERSION}/jmx_prometheus_javaagent-${JMX_EXPORTER_VERSION}.jar -o /jmx_exporter/jmx_prometheus_javaagent.jar
|
||||
|
||||
ENTRYPOINT ["tini", "--", "/entrypoint.sh"]
|
||||
|
||||
CMD ["sh"]
|
6
images/java/build.sh
Executable file
6
images/java/build.sh
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
for JAVA_VERSION in 11 17; do
|
||||
docker build -t danielberteaud/java:${JAVA_VERSION}-alpine --build-arg JAVA_VERSION=${JAVA_VERSION} -f Dockerfile .
|
||||
docker push danielberteaud/java:${JAVA_VERSION}-alpine
|
||||
done
|
19
images/java/resources/entrypoint.d/20-cert-pem-to-pkcs12.sh
Executable file
19
images/java/resources/entrypoint.d/20-cert-pem-to-pkcs12.sh
Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
# This script expects the following env vars to be set :
|
||||
# PEM_KEY_FILE : the path of the PEM private key (must exists)
|
||||
# PEM_CERT_FILE : the path of the PEM certificate (must exists)
|
||||
# (both PEM_KEY_FILE and PEM_CERT_FILE can refer to the same file if it contains both)
|
||||
# P12_FILE : the path of the PKCS12 bundle to create
|
||||
|
||||
if [ -n "${PEM_KEY_FILE}" -a -f "${PEM_KEY_FILE}" -a -n "${PEM_CERT_FILE}" -a -f "${PEM_CERT_FILE}" -a -n "${P12_FILE}" ]; then
|
||||
if [ ! -f "${P12_FILE}" -o "${PEM_KEY_FILE}" -nt "${P12_FILE}" ]; then
|
||||
echo "Converting PEM files ${PEM_KEY_FILE} and ${PEM_CERT_FILE} to PKCS12 format ${P12_FILE}"
|
||||
openssl pkcs12 -export -out ${P12_FILE} -in ${PEM_CERT_FILE} -inkey ${PEM_KEY_FILE} -passout pass:password
|
||||
chmod 640 ${P12_FILE}
|
||||
else
|
||||
echo "${P12_FILE} already exist and is newer than ${PEM_KEY_FILE}"
|
||||
fi
|
||||
fi
|
22
images/java/resources/entrypoint.d/30-custom-java-ca-cert.env
Executable file
22
images/java/resources/entrypoint.d/30-custom-java-ca-cert.env
Executable file
|
@ -0,0 +1,22 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ $(printenv | grep -c -E '^TRUSTED_CA(_\d+)?') -lt 1 ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ -e "/opt/java/openjdk/lib/security/cacerts" ]; then
|
||||
TRUST_STORE=${NOMAD_SECRETS_DIR:-/tmp}/java_cacerts.jks
|
||||
cp /opt/java/openjdk/lib/security/cacerts ${TRUST_STORE}
|
||||
|
||||
for CA in $(printenv | grep -E '^TRUSTED_CA(_\d+)?' | cut -d= -f1); do
|
||||
CA_PATH=$(printenv ${CA})
|
||||
if [ -e "${CA_PATH}" ]; then
|
||||
echo "Adding ${CA_PATH} to the trusted JKS store ${TRUST_STORE}"
|
||||
keytool -import -alias "${CA}" -file "${CA_PATH}" -keystore ${TRUST_STORE} -storepass "changeit" -noprompt
|
||||
else
|
||||
echo "${CA_PATH} doesn't exist, skiping"
|
||||
fi
|
||||
done
|
||||
export JAVA_OPTS="${JAVA_OPTS} -Djavax.net.ssl.trustStore=${NOMAD_SECRETS_DIR:-/tmp}/java_cacerts.jks -Djavax.net.ssl.trustStorePassword=changeit"
|
||||
fi
|
||||
|
50
images/java/resources/entrypoint.d/90-java.env
Normal file
50
images/java/resources/entrypoint.d/90-java.env
Normal file
|
@ -0,0 +1,50 @@
|
|||
#!/bin/sh
|
||||
|
||||
# If running under Nomad, try to size Xmx automatically as
|
||||
# all minus 25% memory, with a cap at 1024
|
||||
if [ -z "${JVM_XMX}" -a -n "${NOMAD_MEMORY_LIMIT}" ]; then
|
||||
MIN_FREE_MEM=$(printf "%.0f" $(echo ${NOMAD_MEMORY_LIMIT}*0.25 | bc))
|
||||
[ ${MIN_FREE_MEM} -gt 1024 ] && MIN_FREE_MEM=1024
|
||||
export JVM_XMX=$(echo ${NOMAD_MEMORY_LIMIT}-${MIN_FREE_MEM} | bc)m
|
||||
fi
|
||||
export JVM_XMX=${JVM_XMX:-64m}
|
||||
export JVM_XSS=${JVM_XSS:-512k}
|
||||
|
||||
JAVA_OPTS="$JAVA_OPTS -Xshare:off"
|
||||
if [ -n "${JVM_MAXRAM}" ]; then
|
||||
JAVA_OPTS="$JAVA_OPTS -XX:MaxRAM=${JVM_MAXRAM}"
|
||||
if [ -n "${JVM_MINRAM_PERCENTAGE}" ]; then
|
||||
JAVA_OPTS="${JAVA_OPTS} -XX:MinRAMPercentage=${JVM_MINRAM_PERCENTAGE}"
|
||||
fi
|
||||
if [ -n "${JVM_MAXRAM_PERCENTAGE}" ]; then
|
||||
JAVA_OPTS="${JAVA_OPTS} -XX:MaxRAMPercentage=${JVM_MAXRAM_PERCENTAGE}"
|
||||
fi
|
||||
else
|
||||
JAVA_OPTS="$JAVA_OPTS -Xmx${JVM_XMX} -Xss${JVM_XSS}"
|
||||
fi
|
||||
|
||||
JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true -Dfile.encoding=UTF8"
|
||||
|
||||
if [ -n "${HTTP_MAX_CONNECTIONS}" ]; then
|
||||
JAVA_OPTS="$JAVA_OPTS -Dhttp.maxConnections=${HTTP_MAX_CONNECTIONS}"
|
||||
fi
|
||||
|
||||
# Handle proxy options
|
||||
if [ -n "${HTTP_PROXY_HOST}" ]; then
|
||||
JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyHost=${HTTP_PROXY_HOST}"
|
||||
if [ -n "${HTTP_PROXY_PORT}" ]; then
|
||||
JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyPort=${HTTP_PROXY_PORT}"
|
||||
fi
|
||||
fi
|
||||
if [ -n "${HTTPS_PROXY_HOST}" ]; then
|
||||
JAVA_OPTS="$JAVA_OPTS -Dhttps.proxyHost=${HTTPS_PROXY_HOST}"
|
||||
if [ -n "${HTTPS_PROXY_PORT}" ]; then
|
||||
JAVA_OPTS="$JAVA_OPTS -Dhttps.proxyPort=${HTTPS_PROXY_PORT}"
|
||||
fi
|
||||
fi
|
||||
if [ -n "${NO_PROXY}" ]; then
|
||||
JAVA_OPTS="$JAVA_OPTS -Dhttp.nonProxyHosts=${NO_PROXY}"
|
||||
fi
|
||||
|
||||
echo "JAVA_OPTS=$JAVA_OPTS"
|
||||
export JAVA_OPTS=$JAVA_OPTS
|
20
images/java/resources/entrypoint.sh
Executable file
20
images/java/resources/entrypoint.sh
Executable file
|
@ -0,0 +1,20 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
# Scriplets in /entrypoint.d will be sourced (if ending with .env) or executed
|
||||
if [ -d "/entrypoint.d" ]; then
|
||||
for H in $(find /entrypoint.d -type f -o -type l | sort); do
|
||||
if [[ "$H" == "*.env" ]]; then
|
||||
echo "Sourcing entrypoint snippet $H"
|
||||
source "$H"
|
||||
elif [ -x "$H" ]; then
|
||||
echo "Running entrypoint script $H"
|
||||
$H "$@"
|
||||
else
|
||||
echo "Skiping $H"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
exec "$@"
|
102
images/java/resources/usr/local/bin/fetch-artifact.sh
Executable file
102
images/java/resources/usr/local/bin/fetch-artifact.sh
Executable file
|
@ -0,0 +1,102 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
while getopts "r:g:a:v:f:d:t:u:p:" OPTS; do
|
||||
case ${OPTS} in
|
||||
r)
|
||||
ARTIFACT_REPO=${OPTARG}
|
||||
;;
|
||||
g)
|
||||
GROUP_ID=${OPTARG}
|
||||
;;
|
||||
a)
|
||||
ARTIFACT_ID=${OPTARG}
|
||||
;;
|
||||
v)
|
||||
VERSION=${OPTARG}
|
||||
;;
|
||||
f)
|
||||
FORMAT=${OPTARG}
|
||||
;;
|
||||
d)
|
||||
DEST=${OPTARG}
|
||||
;;
|
||||
t)
|
||||
TYPE=${OPTARG}
|
||||
;;
|
||||
u)
|
||||
ARTIFACT_USER=${OPTARG}
|
||||
;;
|
||||
p)
|
||||
ARTIFACT_PWD=${OPTARG}
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z ${ARTIFACT_REPO} ]; then
|
||||
if [[ "${VERSION}" = "*-SNAPSHOT" ]]; then
|
||||
ARTIFACT_REPO=https://nexus.ehtrace.com/repository/maven-snapshots
|
||||
else
|
||||
ARTIFACT_REPO=https://nexus.ehtrace.com/repository/maven-public
|
||||
fi
|
||||
fi
|
||||
GROUP_ID=${GROUP_ID:-com.ehtrace}
|
||||
FORMAT=${FORMAT:-jar}
|
||||
DEST=${DEST:-launch.jar}
|
||||
TYPE=${TYPE:-}
|
||||
|
||||
if [ -d "$DEST" ]; then
|
||||
echo "Can't download to ${DEST} : directory exists"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# If the groupe id is given using dot notation
|
||||
GROUP_ID=$(echo -n $GROUP_ID | sed -e 's|\.|/|g')
|
||||
|
||||
CURL="curl --location-trusted -s"
|
||||
if [ -n "${ARTIFACT_USER}" -a -n "${ARTIFACT_PWD}" ]; then
|
||||
CURL="${CURL} -u ${ARTIFACT_USER}:${ARTIFACT_PWD}"
|
||||
fi
|
||||
|
||||
retrieveSnapshotLatestTimestampedVersion() {
|
||||
snapshotMetadata=$(${CURL} "${ARTIFACT_REPO}/${GROUP_ID}/${ARTIFACT_ID}/${VERSION}/maven-metadata.xml")
|
||||
timestamp=$(echo "$snapshotMetadata" | xmlstarlet sel -t -v "//snapshot/timestamp/text()")
|
||||
if [ -n "$timestamp" ]; then
|
||||
# unique version mode (with timstamp)
|
||||
buildNumber=$(echo "$snapshotMetadata" | xmlstarlet sel -t -v "//snapshot/buildNumber/text()")
|
||||
echo ${VERSION%-SNAPSHOT*}-${timestamp}-${buildNumber}
|
||||
else
|
||||
# non unique mode
|
||||
echo ${VERSION}
|
||||
fi
|
||||
}
|
||||
|
||||
if [[ "${VERSION}" = "*-SNAPSHOT" ]]; then
|
||||
ARTIFACT_VERSION=$(retrieveSnapshotLatestTimestampedVersion)
|
||||
echo "${VERSION} is a SNAPSHOT version"
|
||||
else
|
||||
ARTIFACT_VERSION=${VERSION}
|
||||
fi
|
||||
|
||||
echo "Artifact version=${ARTIFACT_VERSION}"
|
||||
|
||||
[ -n "${TYPE}" ] && TYPE="-${TYPE}"
|
||||
|
||||
DOWNLOAD_URL="${ARTIFACT_REPO}/${GROUP_ID}/${ARTIFACT_ID}/${VERSION}/$(basename ${ARTIFACT_ID})-${ARTIFACT_VERSION}${TYPE}.${FORMAT}"
|
||||
|
||||
echo "Downloading artifact with following url : $DOWNLOAD_URL"
|
||||
${CURL} "${DOWNLOAD_URL}" -o ${DEST}
|
||||
echo "File ${DEST} has been downloaded"
|
||||
|
||||
echo "Fetching expected sha1 from ${DOWNLOAD_URL}.sha1"
|
||||
EXPECTED_SHA1=$(${CURL} ${DOWNLOAD_URL}.sha1)
|
||||
echo "Computing sha1 of the downloaded file"
|
||||
REAL_SHA1=$(sha1sum $DEST | cut -d' ' -f1)
|
||||
|
||||
if [ "${REAL_SHA1}" == "${EXPECTED_SHA1}" ]; then
|
||||
echo "The downloaded file has the expected checksum (${REAL_SHA1})"
|
||||
else
|
||||
echo "Expected sha1 ${EXPECTED_SHA1} but got ${REAL_SHA1}"
|
||||
exit 1
|
||||
fi
|
Loading…
Reference in New Issue
Block a user