Page History

...

FROM openjdk:8-jre

LABEL maintainer="Software- und Organisations-Service GmbH"

# BUILD SETTINGS

# provide build arguments for release information
ARG JS_RELEASE
ARG JS_RELEASE_MAJOR

# default user id has to match later run-time user
ARG JS_USER_ID=${UID:-1001}
ARG JS_HTTP_PORT=${JS_HTTP_PORT:-4445}
ARG JS_HTTPS_PORT=${JS_HTTPS_PORT:-4443}
ARG JS_JAVA_OPTIONS=${JS_JAVA_OPTIONS}

# RUN-TIME SETTINGS

# JS7 JobScheduler ports and Java options
ENV RUN_JS_HTTP_PORT=${RUN_JS_HTTP_PORT:-$JS_HTTP_PORT}
ENV RUN_JS_HTTPS_PORT=${RUN_JS_HTTPS_PORT}
ENV RUN_JS_JAVA_OPTIONS=${RUN_JS_JAVA_OPTIONS:-$JS_JAVA_OPTIONS}

# PREPARATION

# install process tools, bash
RUN apt-get update && \
    apt-get install -y procps && \
    apt-get install -y net-tools && \
    apt-get install -y bash && \
    apt-get install -y vim-tiny

# setup working directory
RUN mkdir -p /var/sos-berlin.com/js7
WORKDIR /var/sos-berlin.com/js7

# add/copy installation tarball
ADD https://download.sos-berlin.com/JobScheduler.${JS_RELEASE_MAJOR}/js7_agent_unix.${JS_RELEASE}.tar.gz /usr/local/src/
# COPY js7_agent_unix.${JS_RELEASE}.tar.gz /usr/local/src/

# INSTALLATION

# extract tarball
#   for JDK < 12, /dev/random does not provide sufficient entropy, see https://kb.sos-berlin.com/x/lIM3
RUN test -e /usr/local/src/js7_agent_unix.${JS_RELEASE}.tar.gz && \
    tar xfvz /usr/local/src/js7_agent_unix.${JS_RELEASE}.tar.gz -C /var/sos-berlin.com/js7  && \
    rm /usr/local/src/js7_agent_unix.${JS_RELEASE}.tar.gz && \
    sed -i 's/securerandom.source=file:\/dev\/random/securerandom.source=file:\/dev\/urandom/g' /usr/local/openjdk-8/lib/security/java.security

# CONFIGURATION

# copy configuration
COPY config/ /var/sos-berlin.com/js7/agent/var_$JS_HTTP_PORT/config/

# add start script
COPY start-agent.sh /usr/local/bin/

# add jobscheduler user account and make it the owner of directories
RUN groupadd --gid ${JS_USER_ID:-1001} jobscheduler && useradd --uid ${JS_USER_ID:-1001} --gid jobscheduler --home-dir /home/jobscheduler --no-create-home --shell /bin/bash jobscheduler && \
    chown -R jobscheduler:jobscheduler /var/sos-berlin.com && \
    chmod +x /usr/local/bin/start-agent.sh

# CODA

# run-time user, can be overwritten when running the container
USER jobscheduler

# allow incoming traffic to ports
EXPOSE $RUN_JS_HTTP_PORT $RUN_JS_HTTPS_PORT

CMD ["sh","-c","/usr/local/bin/start-agent.sh --http-port=$RUN_JS_HTTP_PORT --https-port=$RUN_JS_HTTPS_PORT --java-options=\"$RUN_JS_JAVA_OPTIONS\""]

...

• Line 1: The base image is OpenJDK Java 1.8 (Debian based). You can run Agents with newer Java releases, however, stick to Oracle, OpenJDK or AdoptOpenJDK as the source for your Java base image. Alternatively you can use your own base image and install Java 1.8 on top of this.
• Line 8 - 9: The release identification is injected by build arguments. This information is used to determine the tarball to be downloaded.
• Line 12 - 15: Defaults for the user id running the Agent inside the container as well as HTTP and HTTPS ports are provided. These values can be overwritten by providing the respective build arguments.
• Line 20 - 22: Environment variables are provided at run-time, not at build-time. They can be used to specify ports and Java options when running the container.
• Line 27 - 31: The image OS is updated and additional packages are installed (ps, netstat, bash, vi).
• Line 36 38 - 3739: You can either download the Agent tarball directly from the SOS web site or you store the tarball with the build directory and copy from this location.
• Line 5153: if a config folder is available in the build directory then its contents is copied to the respective config folder in the image. This can be useful to create an image with individual settings in configuration files, see JS7 - Agent Configuration Items.

• Line 5456: The start-agent.sh script is copied from the build directory to the image. Users can apply their own version of the start script. The start script used by SOS looks like this:

  Code Block
  language bash title Agent Start Script linenumbers true collapse true
  #!/bin/sh js_http_port="" js_https_port="" js_java_options="" for option in "$@" do case "$option" in --http-port=*) js_http_port=`echo "$option" | sed 's/--http-port=//'` ;; --https-port=*) js_https_port=`echo "$option" | sed 's/--https-port=//'` ;; --java-options=*) js_java_options=`echo "$option" | sed 's/--java-options=//'` ;; *) echo "unknown argument: $option" exit 1 ;; esac done js_args="" if [ ! "$js_http_port" = "" ] then js_args="$js_args --http-port=$js_http_port" fi if [ ! "$js_https_port" = "" ] then js_args="$js_args --https-port=$js_https_port" fi if [ ! "$js_java_options" = "" ] then js_args="$js_args --java-options=$js_java_options" fi echo "starting Agent: /var/sos-berlin.com/js7/agent/bin/agent.sh start $js_args" /var/sos-berlin.com/js7/agent/bin/agent.sh start $js_args && tail -f /dev/null

• Line 57 59 - 5860: The user account jobscheduler is created and is assigned the user id and group id handed over by the respective build arguments. This translates to the fact that the account running the Agent inside the container and the account that starts the container are assigned the same user id and group id. This allows the account running the container to access any files created by the Agent in mounted volumes with identical permissions.
• Line 6769: The HTTP port and optionally the HTTPS port are exposed to the Docker host. Both ports can be forwarded by environment variables when running the container, overwriting the build-time values. This is relevant only if users want to use ports inside the container that are different from the default values. In most situations the default ports should be fine and are mapped to outside ports on the Docker host when starting the container.
• Line 6971: The start script is executed and is dynamically parameterized from environment variables that are forwarded when starting the container.

...