Page History
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
FROM openjdk:8-jre LABEL maintainer="Software- und Organisations-Service GmbH" # BUILD SETTINGS # provide build arguments for release information ARG JS_RELEASE ARG JS_RELEASE_MAJOR # default user id has to match later run-time user ARG JS_USER_ID=${JS_USER_ID:-1001} ARG JS_HTTP_PORT=${JS_HTTP_PORT:-4446} ARG JS_HTTPS_PORT=${JS_HTTPS_PORT:-4443} ARG JS_JAVA_OPTIONS=${JS_JAVA_OPTIONS} # RUN-TIME SETTINGS # JS7 JobScheduler ports and Java options ENV RUN_JS_HTTP_PORT=${RUN_JS_HTTP_PORT:-$JS_HTTP_PORT} ENV RUN_JS_HTTPS_PORT=${RUN_JS_HTTPS_PORT:-$JS_HTTPS_PORT} ENV RUN_JS_JAVA_OPTIONS=${RUN_JS_JAVA_OPTIONS:-$JS_JAVA_OPTIONS} # PREPARATION # install process tools, bash RUN apt-get update && \ apt-get install -y procps && \ apt-get install -y bash # add installer tarball ADD https://download.sos-berlin.com/JobScheduler.${JS_RELEASE_MAJOR}/js7_joc_linux.${JS_RELEASE}.tar.gz /usr/local/src/ # COPY js7_joc_linux.${JS_RELEASE}.tar.gz /usr/local/src/ # INSTALLATION # extract installer tarball # for JDK < 12, /dev/random does not provide sufficient entropy, see https://kb.sos-berlin.com/x/lIM3 RUN test -e /usr/local/src/js7_joc_linux.${JS_RELEASE}.tar.gz && \ tar zxvf /usr/local/src/js7_joc_linux.${JS_RELEASE}.tar.gz -C /usr/local/src/ && \ rm -f /usr/local/src/js7_joc_linux.${JS_RELEASE}.tar.gz && \ ln -s /usr/local/src/joc.${JS_RELEASE} /usr/local/src/joc && \ sed -i 's/securerandom.source=file:\/dev\/random/securerandom.source=file:\/dev\/urandom/g' /usr/local/openjdk-8/lib/security/java.security # copy installer response file, hibernate configuration file and start script COPY joc_install.xml /usr/local/src/joc/ COPY hibernate.cfg.xml /usr/local/src/joc/ COPY start-joc.sh /usr/local/bin/ # subsitute build arguments in installer response file and hibernate configuration file RUN sed -i "s/\$JS_HTTP_PORT/$JS_HTTP_PORT/g" /usr/local/src/joc/joc_install.xml # perform installation, add jobscheduler user account RUN groupadd --gid ${JS_USER_ID:-1001} jobscheduler && \ useradd --uid ${JS_USER_ID:-1001} --gid jobscheduler --home-dir /home/jobscheduler --no-create-home --shell /bin/bash jobscheduler && \ cd /usr/local/src/joc && ./setup.sh -u joc_install.xml && \ chmod +x /usr/local/bin/start-joc.sh # CONFIGURATION # enable https module RUN java -jar "/opt/sos-berlin.com/js7/joc/jetty/start.jar" -Djetty.home="/opt/sos-berlin.com/js7/joc/jetty" -Djetty.base="/var/sos-berlin.com/js7/joc" --add-to-start=https # add keystore and truststore for private keys and certificates COPY https-keystore.p12 /var/sos-berlin.com/js7/joc/resources/joc/ COPY https-truststore.p12 /var/sos-berlin.com/js7/joc/resources/joc/ # add keystore and truststore locations to configuration files COPY start.ini.add /tmp/ COPY joc.properties.add /tmp/ RUN cat /tmp/start.ini.add >> /var/sos-berlin.com/js7/joc/start.ini && \ sed -i "s/\$JS_HTTPS_PORT/$JS_HTTPS_PORT/g" /var/sos-berlin.com/js7/joc/start.ini && \ cat /tmp/joc.properties.add >> /var/sos-berlin.com/js7/joc/resources/joc/joc.properties # copy configuration COPY config/ /var/sos-berlin.com/js7/joc/resources/ # make jobscheduler user account the owner of directories RUN chown -R jobscheduler:jobscheduler /var/sos-berlin.com # CODA # allow incoming traffic to ports EXPOSE $RUN_JS_HTTP_PORT $RUN_JS_HTTPS_PORT # run-time user, can be overwritten when running the container USER jobscheduler CMD ["sh","-c","/usr/local/bin/start-joc.sh --java-options=\"$RUN_JS_JAVA_OPTIONS\""] |
...
Overview
Content Tools