[Update]更新

wojiushixiaobai · Jan 15, 2020 · dd2e422 · dd2e422
1 parent 1d6b58b
commit dd2e422
Show file tree

Hide file tree

Showing 17 changed files with 192 additions and 190 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,2 @@
+.DS_Store
+.git
diff --git a/.env b/.env
@@ -1,11 +1,22 @@
 # 版本号可以自己根据项目的版本修改
 Version=1.5.6
 
-# MYSQL_ROOT_PASSWORD 不支持纯数字, 字符串位数推荐大于等于 8
-MYSQL_ROOT_PASSWORD=oM0aevSQaH8Bd2Bgg5cX8lOd
+# MySQL
+DB_HOST=mysql
+DB_PORT=3306
+DB_USER=jumpserver
+DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
+DB_NAME=jumpserver
 
-# SECRET_KEY 不支持纯数字, 推荐字符串位数大于等于 50, 仅首次安装定义, 升级或者迁移请勿修改此项
-SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
+# Redis
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
 
-# BOOTSTRAP_TOKEN 不支持纯数字, 推荐字符串位数大于等于 16, 仅首次安装定义, 升级或者迁移请勿修改
+# Core
+SECRET_KEY=B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy
 BOOTSTRAP_TOKEN=7Q11Vz6R2J6BLAdO
+
+##
+# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
+# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko、guacamole
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.DS_Store
+.git/
diff --git a/core/Dockerfile b/core/Dockerfile
@@ -1,14 +1,12 @@
 FROM centos:7
 WORKDIR /opt
 ARG Version=1.5.6
-ENV LC_ALL=en_US.UTF-8
+ENV Version=${Version} \
+    LC_ALL=en_US.UTF-8
+
 
 RUN set -ex \
     && yum install -y epel-release wget \
-    && wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo \
-    && wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo \
-    && sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo \
-    && yum makecache \
     && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
     && yum -y install gcc nc \
     && yum -y install python36 python36-devel unzip \
@@ -18,11 +16,11 @@ RUN set -ex \
     && chown -R root:root jumpserver \
     && yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) \
     && python3.6 -m venv /opt/py3 \
-    && echo -e "[easy_install]\nindex_url = https://mirrors.aliyun.com/pypi/simple/">> ~/.pydistutils.cfg \
     && source /opt/py3/bin/activate \
     && pip install wheel \
-    && pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/ \
-    && pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/ \
+    && pip install --upgrade pip setuptools \
+    && pip install -r /opt/jumpserver/requirements/requirements.txt \
+    && yum remove -y wget gcc unzip \
     && yum clean all \
     && rm -rf /var/cache/yum/* \
     && rm -rf /opt/${Version}.zip \

diff --git a/core/entrypoint.sh b/core/entrypoint.sh
@@ -2,20 +2,25 @@
 #
 
 sleep 5s
-while ! nc -z mysql 3306;
+while ! nc -z $DB_HOST $DB_PORT;
 do
     echo "wait for jms_mysql ready"
     sleep 2s
 done
 
+while ! nc -z $REDIS_HOST $REDIS_PORT;
+do
+    echo "wait for jms_redis ready"
+    sleep 2s
+done
+
 if [ ! -f "/opt/jumpserver/config.yml" ]; then
     cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml
     sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
     sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
     sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
     sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
     sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
-    sed -i "s/DB_ENGINE: mysql/DB_HOST: $DB_ENGINE/g" /opt/jumpserver/config.yml
     sed -i "s/DB_HOST: 127.0.0.1/DB_HOST: $DB_HOST/g" /opt/jumpserver/config.yml
     sed -i "s/DB_PORT: 3306/DB_PORT: $DB_PORT/g" /opt/jumpserver/config.yml
     sed -i "s/DB_USER: jumpserver/DB_USER: $DB_USER/g" /opt/jumpserver/config.yml

diff --git a/docker-compose-build.yml b/docker-compose-build.yml
@@ -1,26 +1,40 @@
 version: '3'
 services:
   mysql:
-    image: mysql:5.7
+    build:
+      context: .
+      dockerfile: mysql/Dockerfile
+      args:
+        Version: ${Version}
+    image: jms_mysql:${Version}
     container_name: jms_mysql
     restart: always
     tty: true
     environment:
-      MYSQL_ROOT_PASSWORD: $MYSQL_ROOT_PASSWORD
-      MYSQL_DATABASE: jumpserver
-    command: --character-set-server=utf8
+      DB_PORT: $DB_PORT
+      DB_USER: $DB_USER
+      DB_PASSWORD: $DB_PASSWORD
+      DB_NAME: $DB_NAME
     volumes:
       - mysql-data:/var/lib/mysql
     networks:
       - jumpserver
 
   redis:
-    image: redis:alpine
+    build:
+      context: .
+      dockerfile: redis/Dockerfile
+      args:
+        Version: ${Version}
+    image: jms_redis:${Version}
     container_name: jms_redis
     restart: always
     tty: true
+    environment:
+      REDIS_PORT: $REDIS_PORT
+      REDIS_PASSWORD: $REDIS_PASSWORD
     volumes:
-      - redis-data:/data
+      - redis-data:/var/lib/redis/
     networks:
       - jumpserver
 
@@ -37,13 +51,14 @@ services:
     environment:
       SECRET_KEY: $SECRET_KEY
       BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
-      DB_ENGINE: mysql
-      DB_HOST: mysql
-      DB_PORT: 3306
-      DB_USER: root
-      DB_PASSWORD: $MYSQL_ROOT_PASSWORD
-      DB_NAME: jumpserver
-      REDIS_HOST: redis
+      DB_HOST: $DB_HOST
+      DB_PORT: $DB_PORT
+      DB_USER: $DB_USER
+      DB_PASSWORD: $DB_PASSWORD
+      DB_NAME: $DB_NAME
+      REDIS_HOST: $REDIS_HOST
+      REDIS_PORT: $REDIS_PORT
+      REDIS_PASSWORD: $REDIS_PASSWORD
     depends_on:
       - mysql
       - redis
@@ -59,7 +74,6 @@ services:
       dockerfile: koko/Dockerfile
       args:
         Version: ${Version}
-        GOPROXY: https://goproxy.io
     image: jms_koko:${Version}
     container_name: jms_koko
     restart: always
@@ -72,7 +86,7 @@ services:
       - mysql
       - redis
     volumes:
-      - koko-kyes:/opt/koko/data/keys
+      - koko-keys:/opt/koko/data/keys
     ports:
       - 2222:2222
     networks:
@@ -133,7 +147,7 @@ volumes:
   media:
   mysql-data:
   redis-data:
-  koko-kyes:
+  koko-keys:
   guacamole-keys:
 
 networks:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,26 +1,30 @@
 version: '3'
 services:
   mysql:
-    image: mysql:5.7
+    image: wojiushixiaobai/jms_mysql:${Version}
     container_name: jms_mysql
     restart: always
     tty: true
     environment:
-      MYSQL_ROOT_PASSWORD: $MYSQL_ROOT_PASSWORD
-      MYSQL_DATABASE: jumpserver
-    command: --character-set-server=utf8
+      DB_PORT: $DB_PORT
+      DB_USER: $DB_USER
+      DB_PASSWORD: $DB_PASSWORD
+      DB_NAME: $DB_NAME
     volumes:
       - mysql-data:/var/lib/mysql
     networks:
       - jumpserver
 
   redis:
-    image: redis:alpine
+    image: wojiushixiaobai/jms_redis:${Version}
     container_name: jms_redis
     restart: always
     tty: true
+    environment:
+      REDIS_PORT: $REDIS_PORT
+      REDIS_PASSWORD: $REDIS_PASSWORD
     volumes:
-      - redis-data:/data
+      - redis-data:/var/lib/redis/
     networks:
       - jumpserver
 
@@ -32,13 +36,14 @@ services:
     environment:
       SECRET_KEY: $SECRET_KEY
       BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
-      DB_ENGINE: mysql
-      DB_HOST: mysql
-      DB_PORT: 3306
-      DB_USER: root
-      DB_PASSWORD: $MYSQL_ROOT_PASSWORD
-      DB_NAME: jumpserver
-      REDIS_HOST: redis
+      DB_HOST: $DB_HOST
+      DB_PORT: $DB_PORT
+      DB_USER: $DB_USER
+      DB_PASSWORD: $DB_PASSWORD
+      DB_NAME: $DB_NAME
+      REDIS_HOST: $REDIS_HOST
+      REDIS_PORT: $REDIS_PORT
+      REDIS_PASSWORD: $REDIS_PASSWORD
     depends_on:
       - mysql
       - redis
@@ -85,7 +90,7 @@ services:
       - mysql
       - redis
     volumes:
-      - guacamole-key:/config/guacamole/keys
+      - guacamole-keys:/config/guacamole/keys
     networks:
       - jumpserver
 
@@ -112,7 +117,7 @@ volumes:
   media:
   mysql-data:
   redis-data:
-  koko-kyes:
+  koko-keys:
   guacamole-keys:
 
 networks:

diff --git a/guacamole/Dockerfile b/guacamole/Dockerfile
@@ -1,16 +1,13 @@
 FROM centos:7
-WORKDIR /config
+WORKDIR /opt
 ARG Version=1.5.6
-ENV LC_ALL=en_US.UTF-8 \
+ENV Version=${Version} \
+    LC_ALL=en_US.UTF-8 \
     GUAC_VER=1.0.0 \
     TOMCAT_VER=9.0.30
 
 RUN set -ex \
     && yum install -y epel-release wget \
-    && wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo \
-    && wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo \
-    && sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo \
-    && yum makecache \
     && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
     && mkdir /usr/local/lib/freerdp/ \
     && ln -s /usr/local/lib/freerdp /usr/lib64/freerdp \
@@ -19,6 +16,7 @@ RUN set -ex \
     && yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel \
     && yum install -y ffmpeg-devel freerdp1.2-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel \
     && mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions /config/guacamole/data/log/ \
+    && cd /config \
     && wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v${TOMCAT_VER}/bin/apache-tomcat-${TOMCAT_VER}.tar.gz \
     && tar xf apache-tomcat-${TOMCAT_VER}.tar.gz \
     && mv apache-tomcat-${TOMCAT_VER} tomcat9 \
@@ -52,6 +50,7 @@ RUN set -ex \
     && wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz \
     && tar xf linux-amd64.tar.gz -C /bin/ \
     && chmod +x /bin/ssh-forward \
+    && yum remove -y wget gcc make unzip \
     && rm -rf /config/linux-amd64.tar.gz \
     && rm -rf /config/docker-guacamole \
     && yum clean all \

diff --git a/guacamole/entrypoint.sh b/guacamole/entrypoint.sh
@@ -30,7 +30,7 @@ done
 guacd &
 cd /config/tomcat9/bin && ./startup.sh
 
-echo "Guacamole version 1.5.6, more see https://www.jumpserver.org"
+echo "Guacamole version $Version, more see https://www.jumpserver.org"
 echo "Quit the server with CONTROL-C."
 
 if [ ! -f "/config/guacamole/data/log/info.log" ]; then

diff --git a/koko/Dockerfile b/koko/Dockerfile
@@ -1,21 +1,21 @@
-FROM alpine:3.11
+FROM centos:7
 WORKDIR /opt
 ARG Version=1.5.6
+ENV Version=${Version} \
+    LC_ALL=en_US.UTF-8
 
 RUN set -ex \
-   && sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
-   && apk update \
-   && apk add -U tzdata \
-   && apk add curl mariadb-client \
-   && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
-   && echo "Asia/Shanghai" > /etc/timezone \
+   && yum install -y wget \
+   && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+   && yum -y localinstall --nogpgcheck https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-community-client-8.0.18-1.el7.x86_64.rpm https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-community-libs-8.0.18-1.el7.x86_64.rpm https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-community-common-8.0.18-1.el7.x86_64.rpm \
    && wget https://github.com/jumpserver/koko/releases/download/${Version}/koko-master-linux-amd64.tar.gz \
    && tar -xf koko-master-linux-amd64.tar.gz \
    && mv kokodir koko \
    && chown -R root:root koko \
    && rm -rf koko-master-linux-amd64.tar.gz \
-   && apk del tzdata \
-   && rm -rf /var/cache/apk/*
+   && yum remove -y wget \
+   && yum clean all \
+   && rm -rf /var/cache/yum*
 
 COPY koko/entrypoint.sh .
 RUN chmod 755 ./entrypoint.sh

diff --git a/koko/entrypoint.sh b/koko/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 
 sleep 5s

diff --git a/mysql/Dockerfile b/mysql/Dockerfile
@@ -0,0 +1,18 @@
+FROM centos:7
+WORKDIR /opt
+ARG Version=1.5.6
+ENV Version=${Version} \
+    LC_ALL=en_US.UTF-8
+
+RUN set -ex \
+    && yum install -y epel-release wget \
+    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+    && yum -y install mariadb-server \
+    && yum remove -y wget \
+    && yum clean all \
+    && rm -rf /var/cache/yum/*
+
+COPY mysql/entrypoint.sh .
+RUN chmod 755 ./entrypoint.sh
+
+CMD ["./entrypoint.sh"]
diff --git a/mysql/entrypoint.sh b/mysql/entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+
+function config_mysql {
+    if [ $DB_PORT != 3306 ]; then
+        if [ ! "$(cat /etc/my.cnf | grep port=)" ]; then
+            sed -i "10i port=$DB_PORT" /etc/my.cnf
+        else
+            sed -i "s/port=.*/port=$DB_PORT/g" /etc/my.cnf
+        fi
+    fi
+}
+
+if [ ! -d "/var/lib/mysql/$DB_NAME" ]; then
+    config_mysql
+    mysql_install_db --user=mysql --datadir=/var/lib/mysql --force
+    mysqld_safe &
+    sleep 5s
+    mysql -uroot -e "create database $DB_NAME default charset 'utf8';grant all on $DB_NAME.* to '$DB_USER'@'%' identified by '$DB_PASSWORD';flush privileges;";
+    mysql --version
+    tail -f /var/log/mariadb/mariadb.log
+else
+    config_mysql
+    mysql --version
+    mysqld_safe
+fi