167 lines
6.0 KiB
Docker
167 lines
6.0 KiB
Docker
# Ver: 1.9 by Endial Fang (endial@126.com)
|
||
#
|
||
|
||
# 默认变量 ========================================================================
|
||
# 该部分变量为系统根据编译命令默认设置
|
||
|
||
# `TARGETPLATFORM`:构建后的目标平台信息。如 `linux/amd64`,`linux/arm/v7`,`windows/amd64`
|
||
# `TARGETOS`:目标平台信息(TARGETPLATFORM)中的操作系统部分,如:`linux`、`windows`
|
||
# `TARGETARCH`:目标平台信息(TARGETPLATFORM)中的平台架构部分,如:`amd64`、`arm`
|
||
# `TARGETVARIANT`:目标平台信息(TARGETPLATFORM)中的版本变体部分,如:`v7`
|
||
# `BUILDPLATFORM`:用于构建的节点平台信息
|
||
# `BUILDOS`:用于构建的节点平台信息(BUILDPLATFORM)中的操作系统部分
|
||
# `BUILDARCH`用于构建的节点平台信息(BUILDPLATFORM)中的平台架构部分
|
||
# `BUILDVARIANT`用于构建的节点平台信息(BUILDPLATFORM)中的版本变体部分
|
||
|
||
# 可变参数 ========================================================================
|
||
# 该部分变量,在编译命令中通过 `--build-arg` 传入;如果未设置,则使用下面对应的默认值
|
||
|
||
# 设置当前应用名称及版本
|
||
ARG APP_NAME=openldap
|
||
ARG APP_VER=2.5.16
|
||
|
||
# 设置默认仓库地址,默认为本地仓库;定义时需要包含末尾的`/`
|
||
ARG REGISTRY_URL="docker.colovu.com/"
|
||
|
||
# 设置 apt-get 源:default / ustc / aliyun
|
||
ARG APT_SOURCE=aliyun
|
||
|
||
# 编译镜像时指定用于加速的本地软件包存储服务器地址
|
||
ARG LOCAL_URL="http://local.colovu.com/dist"
|
||
|
||
# 0. 预处理 ======================================================================
|
||
FROM --platform=${TARGETPLATFORM:-linux/amd64} ${REGISTRY_URL}colovu/dbuilder:12 as builder
|
||
|
||
# 声明需要使用的全局可变参数
|
||
ARG APP_NAME
|
||
ARG APP_VER
|
||
ARG APT_SOURCE
|
||
ARG LOCAL_URL
|
||
|
||
# 选择软件包源(Optional),以加速后续软件包安装
|
||
RUN select_source ${APT_SOURCE};
|
||
|
||
# 安装依赖的软件包及库(Optional)
|
||
# 官方推荐包:Cyrus SASL 2.1.27+、OpenSSL 1.1.1+、libevent 2.1.8+、libsodium(groff)
|
||
RUN install_pkg libperl-dev libcrypto++-dev libsasl2-dev libevent-dev libdb5.3-dev groff groff-base
|
||
# dbuilder已安装: libtool libltdl7 libltdl-dev libssl3 libssl-dev
|
||
|
||
# 设置工作目录
|
||
WORKDIR /tmp
|
||
|
||
# 参考文档:
|
||
# 编译: https://www.cnblogs.com/si-jie/p/8214206.html
|
||
# seolim解决(groff): http://www.emreakkas.com/linux-tips/ubuntu-solve-bin-sh-soelim-not-found
|
||
|
||
# 下载并解压软件包(OpenLDAP 2.4.59)
|
||
RUN set -eux; \
|
||
appName=${APP_NAME}-${APP_VER}.tgz; \
|
||
[ ! -z ${LOCAL_URL} ] && localURL=${LOCAL_URL}/${APP_NAME}; \
|
||
appUrls="${localURL:-} \
|
||
https://www.openldap.org/software/download/OpenLDAP/openldap-release \
|
||
"; \
|
||
download_pkg unpack ${appName} "${appUrls}";
|
||
|
||
# 源码编译(OpenLDAP)
|
||
# --enable-overlays 会安装所有模块到 slapd 中,比如 memberof 属性,不需要单独添加该模块,但需要配置文件中增加:`overlay memberof`来开启
|
||
RUN set -eux; \
|
||
APP_SRC="/tmp/${APP_NAME}-${APP_VER}"; \
|
||
cd ${APP_SRC}; \
|
||
./configure \
|
||
--prefix=/usr/local/${APP_NAME} \
|
||
CPPFLAGS="-I/usr/local/include -D_GNU_SOURCE" LDFLAGS="-L/usr/local/lib" \
|
||
--enable-dynamic --enable-syslog \
|
||
--enable-slapd --enable-cleartext --enable-crypt --enable-spasswd --enable-modules \
|
||
--enable-mdb --enable-ndb=no --enable-sql=no \
|
||
--enable-overlays \
|
||
--enable-balancer \
|
||
--with-cyrus-sasl --with-tls=openssl --with-systemd=no \
|
||
; \
|
||
make depend; \
|
||
make -j "$(nproc)" && make install;
|
||
|
||
# 删除编译生成的多余文件
|
||
RUN set -eux; \
|
||
find /usr/local -name '*.a' -delete; \
|
||
rm -rf /usr/local/${APP_NAME}/share; \
|
||
rm -rf /usr/local/${APP_NAME}/include;
|
||
|
||
# 检测并生成依赖文件记录
|
||
RUN set -eux; \
|
||
find /usr/local/${APP_NAME} -type f -executable -exec ldd '{}' ';' | \
|
||
awk '/=>/ { print $(NF-1) }' | \
|
||
sort -u | \
|
||
xargs -r readlink -f | \
|
||
xargs -r dpkg-query --search 2>/dev/null | \
|
||
cut -d: -f1 | \
|
||
sort -u >>/usr/local/${APP_NAME}/runDeps;
|
||
|
||
# 1. 生成镜像 =====================================================================
|
||
FROM --platform=${TARGETPLATFORM:-linux/amd64} ${REGISTRY_URL}colovu/debian:12
|
||
|
||
# 声明需要使用的全局可变参数
|
||
ARG APP_NAME
|
||
ARG APP_VER
|
||
ARG APT_SOURCE
|
||
|
||
# 镜像所包含应用的基础信息,定义环境变量,供后续脚本使用
|
||
ENV APP_NAME=${APP_NAME} \
|
||
APP_VER=${APP_VER} \
|
||
APP_EXEC=slapd \
|
||
APP_HOME_DIR=/usr/local/${APP_NAME} \
|
||
APP_DEF_DIR=/etc/${APP_NAME}
|
||
|
||
ENV PATH="${APP_HOME_DIR}/sbin:${APP_HOME_DIR}/bin:${APP_HOME_DIR}/libexec:${PATH}" \
|
||
LD_LIBRARY_PATH="${APP_HOME_DIR}/lib"
|
||
|
||
LABEL \
|
||
"Version"="v${APP_VER}" \
|
||
"Description"="Docker image for ${APP_NAME}." \
|
||
"Github"="https://github.com/colovu/docker-${APP_NAME}" \
|
||
"Vendor"="Endial Fang (endial@126.com)"
|
||
|
||
# 从预处理过程中拷贝软件包(Optional),可以使用阶段编号或阶段命名定义来源
|
||
COPY --from=0 /usr/local/${APP_NAME} /usr/local/${APP_NAME}
|
||
|
||
# 拷贝应用使用的客制化脚本
|
||
COPY customer /
|
||
|
||
RUN set -eux; \
|
||
\
|
||
# 创建对应的用户及数据存储目录
|
||
prepare_env; \
|
||
/bin/bash -c "ln -sf /usr/local/${APP_NAME}/etc/${APP_NAME} /etc/"; \
|
||
\
|
||
# 选择软件包源(Optional),以加速后续软件包安装
|
||
select_source ${APT_SOURCE}; \
|
||
\
|
||
# 安装依赖的软件包及库(Optional)
|
||
install_pkg `cat /usr/local/${APP_NAME}/runDeps`; \
|
||
install_pkg pwgen; \
|
||
\
|
||
# 执行预处理脚本,并验证安装的软件包
|
||
override_file="/usr/local/overrides/overrides-${APP_VER}.sh"; \
|
||
[ -e "${override_file}" ] && /bin/bash "${override_file}"; \
|
||
${APP_EXEC} -V | :;
|
||
|
||
# 默认提供的数据卷
|
||
VOLUME ["/srv/conf", "/srv/data", "/srv/datalog", "/srv/cert", "/var/log"]
|
||
|
||
# 默认使用gosu切换为新建用户启动,必须保证端口在1024之上
|
||
EXPOSE 8389 8636
|
||
|
||
# 关闭基础镜像的健康检查
|
||
#HEALTHCHECK NONE
|
||
# 应用健康状态检查
|
||
HEALTHCHECK --interval=10s --timeout=10s --retries=3 \
|
||
CMD netstat -ltun | grep 8389
|
||
|
||
# 使用 non-root 用户运行后续的命令
|
||
USER 1001
|
||
|
||
# 容器初始化命令
|
||
ENTRYPOINT ["/usr/local/bin/entry.sh"]
|
||
|
||
# 应用程序的启动命令,必须使用非守护进程方式运行
|
||
CMD ["/usr/local/bin/run.sh"]
|