JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 26

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The build script implements two stages to exclude installer files from the resulting image.
  • Line 3: The base image is the current Alpine image at build-time.
  • Line 6 - 7: The release identification is injected by build arguments. This information is used to determine the tarball to be downloaded or copied.
  • Line 10 - 11: You can either download the Controller tarball directly from the SOS web site or you store the tarball with the build directory and copy from this location.

  • Line 13 - 15: The tarball is extracted. For Unix Controllers no installer is used.

  • Line 18: The entrypoint.sh script is copied from the build directory to the image. Users can apply their own version of the entrypoint script. The entrypoint script used by SOS looks like this:
    Download: entrypoint.sh

    Code Block
    languagebash
    titleController Entrypoint Script
    linenumberstrue
    collapsetrue
    #!/bin/sh

js_args=""

if [ ! "$RUN_JS_ID" = "" ]
then
  js_args="$js_args --id=$RUN_JS_ID"
fi

if [ ! "$RUN_JS_HTTP_PORT" = "" ] && [ ! "$RUN_JS_HTTP_PORT" = ":" ]
then
  js_args="$js_args --http-port=$RUN_JS_HTTP_PORT"
fi

if [ ! "$RUN_JS_HTTPS_PORT" = "" ] && [ ! "$RUN_JS_HTTPS_PORT" = ":" ]
then
  js_args="$js_args --https-port=$RUN_JS_HTTPS_PORT"
fi

if [ ! "$RUN_JS_JAVA_OPTIONS" = "" ]
then
  js_args="$js_args --java-options=$RUN_JS_JAVA_OPTIONS"
fi

JS_USER_ID=`echo $RUN_JS_USER_ID | cut -d ':' -f 1`
JS_GROUP_ID=`echo $RUN_JS_USER_ID | cut -d ':' -f 2`

BUILD_GROUP_ID=`cat /etc/group | grep jobscheduler | cut -d ':' -f 3`
BUILD_USER_ID=`cat /etc/passwd | grep jobscheduler | cut -d ':' -f 4`

if [ "$(id -u)" = "0" ]
then
  if [ ! "$BUILD_USER_ID" = "$JS_USER_ID" ]
  then
    echo "JS7 entrypoint script switchng ownership of image user id '$BUILD_USER_ID' -> '$JS_USER_ID', group id '$BUILD_GROUP_ID' -> '$JS_GROUP_ID'"
    usermod -u $JS_USER_ID jobscheduler
    groupmod -g $JS_GROUP_ID jobscheduler
    find /var/sos-berlin.com/ -group $BUILD_GROUP_ID -exec chgrp -h jobscheduler {} \;
    find /var/sos-berlin.com/ -user $BUILD_USER_ID -exec chown -h jobscheduler {} \;
  fi

  echo "JS7 entrypoint script switching to user account 'jobscheduler' to run start script"
  echo "JS7 entrypoint script starting Controller: exec su-exec jobscheduler:$JS_GROUP_ID /var/sos-berlin.com/js7/controller/bin/controller.sh start_docker $js_args"
  exec su-exec jobscheduler:$JS_GROUP_ID /var/sos-berlin.com/js7/controller/bin/controller.sh start_docker $js_args
else
  if [ "$BUILD_USER_ID" = "$JS_USER_ID" ]
  then
    if [ "$(id -u)" = "$JS_USER_ID" ]
    then
      echo "JS7 entrypoint script running for user id '$(id -u)'"
    else
      echo "JS7 entrypoint script running for user id '$(id -u)' cannot switch to user id '$JS_USER_ID', group id '$JS_GROUP_ID'"
      echo "JS7 entrypoint script missing permission to switch user id and group id, consider to omit the 'docker run --user' option"
    fi
  else
    echo "JS7 entrypoint script running for user id '$(id -u)' cannot switch image user id '$BUILD_USER_ID' -> '$JS_USER_ID', group id '$BUILD_GROUP_ID' -> '$JS_GROUP_ID'"
    echo "JS7 entrypoint script missing permission to switch user id and group id, consider to omit the 'docker run --user' option"
  fi

  echo "JS7 entrypoint script starting Controller: exec sh -c /var/sos-berlin.com/js7/controller/bin/controller.sh start_docker $js_args"
  exec sh -c "/var/sos-berlin.com/js7/controller/bin/controller.sh start_docker $js_args"
fi
  • Line 2221: The config folder available in the build directory is copied to the config sub-folder in the image. This can be useful to create an image with individual default settings in configuration files, see JS7 - Controller Configuration Items.
  • Line 35 34 - 4138: Defaults for the Controller ID and user id running the Controller inside the container as well as HTTP and HTTPS ports are provided. These values can be overwritten by providing the respective build arguments.
  • Line 44 41 - 5045: Environment variables are provided at run-time, not at build-time. They can be used to specify ports and Java options when running the container.
  • Line 59 54 - 6360: The image OS is updated and additional packages are installed (ps, netstat, bash,).
  • Line 6561: The most recent Java 1.8 package available with Alpine is applied. Controllers can be operated with newer Java releases, however, stick to Oracle, OpenJDK or AdoptOpenJDK as the source for your Java LTS release. Alternatively you can use your own base image and install Java 1.8 or later on top of this.
  • Line 66 62 - 7065: The user account jobscheduler is created and is assigned the user id and group id handed over by the respective build arguments. This translates to the fact that the account running the Controller inside the container and the account that starts the container are assigned the same user id and group id. This allows the account running the container to access any files created by the Controller in mounted volumes with identical permissions.
  • Line 7166: Java releases < Java 12 make use of /dev/random for random number generation. This is a bottleneck as random number generation with this file is blocking. Instead /dev/urandom should be used that implements non-blocking behavior. The change of the random file is applied to the Java security file.
  • Line 73-75-77: The entrypoint script and Controller start script are executed and are dynamically parameterized from environment variables when starting the container.

...