From 0b65e3ffda659a61e9f9d37818e4860da8aba7fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E5=B0=8F=E7=99=BD?= <296015668@qq.com> Date: Tue, 28 May 2024 10:40:35 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E6=8C=89=E8=A6=81=E6=B1=82=E7=A7=BB?= =?UTF-8?q?=E9=99=A4=E9=87=8D=E5=A4=8D=E6=9E=84=E5=BB=BA=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/jms-build-test.yml | 51 +++++++-- Dockerfile | 64 ++--------- Dockerfile-ee | 161 ++------------------------- Dockerfile.base | 55 +++++++++ entrypoint.sh | 30 ++--- 5 files changed, 120 insertions(+), 241 deletions(-) create mode 100644 Dockerfile.base diff --git a/.github/workflows/jms-build-test.yml b/.github/workflows/jms-build-test.yml index 4c6330b54..7b731bc22 100644 --- a/.github/workflows/jms-build-test.yml +++ b/.github/workflows/jms-build-test.yml @@ -1,36 +1,62 @@ name: "Run Build Test" on: push: - branches: - - pr@* - - repr@* + paths: + - 'Dockerfile' + - 'Dockerfile*' + - 'Dockerfile-*' + - 'pyproject.toml' + - 'poetry.lock' jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build Base Image + uses: docker/build-push-action@v5 + with: + context: . + push: true + file: Dockerfile.base + tags: ghcr.io/jumpserver/core:v4-base + platforms: linux/amd64 + build-args: | + APT_MIRROR=http://deb.debian.org + PIP_MIRROR=https://pypi.org/simple + outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Build CE Image uses: docker/build-push-action@v5 with: context: . - push: false + push: true file: Dockerfile - tags: jumpserver/core-ce:test + tags: ghcr.io/jumpserver/core:v4-lite platforms: linux/amd64 build-args: | + VERSION=v4 APT_MIRROR=http://deb.debian.org - PIP_MIRROR=https://pypi.org/simple - PIP_JMS_MIRROR=https://pypi.org/simple + BASE_IMAGE=ghcr.io/jumpserver/core + outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true cache-from: type=gha cache-to: type=gha,mode=max - name: Prepare EE Image run: | - sed -i 's@^FROM registry.fit2cloud.com@# FROM registry.fit2cloud.com@g' Dockerfile-ee + sed -i 's@^FROM registry.fit2cloud.com/jumpserver/xpack@# FROM registry.fit2cloud.com/jumpserver/xpack@' Dockerfile-ee + sed -i 's@^FROM registry.fit2cloud.com/jumpserver@FROM ghcr.io/jumpserver@g' Dockerfile-ee sed -i 's@^COPY --from=build-xpack@# COPY --from=build-xpack@g' Dockerfile-ee - name: Build EE Image @@ -39,11 +65,12 @@ jobs: context: . push: false file: Dockerfile-ee - tags: jumpserver/core-ee:test + tags: jumpserver/core:v4 platforms: linux/amd64 build-args: | + VERSION=v4 APT_MIRROR=http://deb.debian.org - PIP_MIRROR=https://pypi.org/simple - PIP_JMS_MIRROR=https://pypi.org/simple + BASE_IMAGE=ghcr.io/jumpserver/core + outputs: type=image,oci-mediatypes=true,compression=zstd,compression-level=3,force-compression=true cache-from: type=gha cache-to: type=gha,mode=max \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 6fb318050..abc740e73 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,6 @@ +ARG VERSION +ARG BASE_IMAGE=jumpserver/core + FROM python:3.11-slim-bullseye as stage-1 ARG TARGETARCH @@ -36,7 +39,6 @@ RUN set -ex \ && rm -f /opt/receptor.tar.gz ARG VERSION -ENV VERSION=$VERSION WORKDIR /opt/jumpserver ADD . . @@ -46,67 +48,17 @@ RUN echo > /opt/jumpserver/config.yml \ sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \ fi -FROM python:3.11-slim-bullseye as stage-2 +FROM ${BASE_IMAGE}:${VERSION}-base as stage-2 ARG TARGETARCH -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - freetds-dev \ - gettext \ - libffi-dev \ - libjpeg-dev \ - libkrb5-dev \ - libldap2-dev \ - libpq-dev \ - libsasl2-dev \ - libssl-dev \ - libxml2-dev \ - libxmlsec1-dev \ - libxmlsec1-openssl \ - freerdp2-dev \ - libaio-dev" - -ARG TOOLS=" \ - ca-certificates \ - curl \ - default-libmysqlclient-dev \ - default-mysql-client \ - git \ - git-lfs \ - unzip \ - xz-utils \ - wget" - -ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && echo "no" | dpkg-reconfigure dash - WORKDIR /opt/jumpserver -ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple RUN --mount=type=cache,target=/root/.cache,sharing=locked \ --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ set -ex \ - && python3 -m venv /opt/py3 \ - && pip install poetry -i ${PIP_MIRROR} \ - && poetry config virtualenvs.create false \ && . /opt/py3/bin/activate \ - && poetry install --without xpack + && poetry install --only main COPY --from=stage-1 /opt/jumpserver /opt/jumpserver @@ -161,6 +113,10 @@ ENV VERSION=$VERSION VOLUME /opt/jumpserver/data +ENTRYPOINT ["./entrypoint.sh"] + EXPOSE 8080 -ENTRYPOINT ["./entrypoint.sh"] +STOPSIGNAL SIGQUIT + +CMD ["start", "all"] diff --git a/Dockerfile-ee b/Dockerfile-ee index 5a9eda508..3e876dd26 100644 --- a/Dockerfile-ee +++ b/Dockerfile-ee @@ -1,149 +1,27 @@ ARG VERSION +ARG BASE_IMAGE=registry.fit2cloud.com/jumpserver/core + FROM registry.fit2cloud.com/jumpserver/xpack:${VERSION} as build-xpack - -FROM python:3.11-slim-bullseye as stage-1 +FROM registry.fit2cloud.com/jumpserver/core:${VERSION}-base as build-core ARG TARGETARCH -ARG DEPENDENCIES=" \ - ca-certificates \ - wget" - -ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && echo "no" | dpkg-reconfigure dash - -WORKDIR /opt - -ARG CHECK_VERSION=v1.0.2 -RUN set -ex \ - && wget https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \ - && mv check /usr/local/bin/ \ - && chown root:root /usr/local/bin/check \ - && chmod 755 /usr/local/bin/check \ - && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz - -ARG RECEPTOR_VERSION=v1.4.5 -RUN set -ex \ - && wget -O /opt/receptor.tar.gz https://github.com/ansible/receptor/releases/download/${RECEPTOR_VERSION}/receptor_${RECEPTOR_VERSION/v/}_linux_${TARGETARCH}.tar.gz \ - && tar -xf /opt/receptor.tar.gz -C /usr/local/bin/ \ - && chown root:root /usr/local/bin/receptor \ - && chmod 755 /usr/local/bin/receptor \ - && rm -f /opt/receptor.tar.gz - -ARG VERSION -ENV VERSION=$VERSION - -WORKDIR /opt/jumpserver -ADD . . -COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack - -RUN echo > /opt/jumpserver/config.yml \ - && \ - if [ -n "${VERSION}" ]; then \ - sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \ - fi - -FROM python:3.11-slim-bullseye as stage-2 -ARG TARGETARCH - -ARG BUILD_DEPENDENCIES=" \ - g++ \ - make \ - pkg-config" - -ARG DEPENDENCIES=" \ - freetds-dev \ - gettext \ - libffi-dev \ - libjpeg-dev \ - libkrb5-dev \ - libldap2-dev \ - libpq-dev \ - libsasl2-dev \ - libssl-dev \ - libxml2-dev \ - libxmlsec1-dev \ - libxmlsec1-openssl \ - freerdp2-dev \ - libaio-dev" - -ARG TOOLS=" \ - ca-certificates \ - curl \ - default-libmysqlclient-dev \ - default-mysql-client \ - git \ - git-lfs \ - unzip \ - xz-utils \ - wget" - -ARG APT_MIRROR=http://mirrors.ustc.edu.cn -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ - && apt-get update \ - && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && echo "no" | dpkg-reconfigure dash - WORKDIR /opt/jumpserver -ARG PIP_MIRROR=https://pypi.tuna.tsinghua.edu.cn/simple RUN --mount=type=cache,target=/root/.cache,sharing=locked \ --mount=type=bind,source=poetry.lock,target=/opt/jumpserver/poetry.lock \ --mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \ set -ex \ - && python3 -m venv /opt/py3 \ - && pip install poetry -i ${PIP_MIRROR} \ - && poetry config virtualenvs.create false \ && . /opt/py3/bin/activate \ - && poetry install --with xpack + && poetry install --only xpack -COPY --from=stage-1 /opt/jumpserver /opt/jumpserver - -RUN set -ex \ - && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \ - && . /opt/py3/bin/activate \ - && cd apps \ - && python manage.py compilemessages - -FROM python:3.11-slim-bullseye +FROM ${BASE_IMAGE}:${VERSION}-lite ARG TARGETARCH -ENV LANG=zh_CN.UTF-8 \ - PATH=/opt/py3/bin:$PATH - -ARG DEPENDENCIES=" \ - libldap2-dev \ - libpq-dev \ - libx11-dev \ - libxmlsec1-openssl" ARG TOOLS=" \ - ca-certificates \ curl \ - default-libmysqlclient-dev \ - default-mysql-client \ iputils-ping \ - locales \ netcat-openbsd \ nmap \ - openssh-client \ - patch \ - sshpass \ telnet \ vim \ wget" @@ -152,31 +30,8 @@ ARG APT_MIRROR=http://mirrors.ustc.edu.cn RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ set -ex \ - && rm -f /etc/apt/apt.conf.d/docker-clean \ - && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ - && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ - && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ && apt-get update \ - && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ - && apt-get -y install --no-install-recommends ${TOOLS} \ - && mkdir -p /root/.ssh/ \ - && echo "Host *\n\tStrictHostKeyChecking no\n\tUserKnownHostsFile /dev/null\n\tCiphers +aes128-cbc\n\tKexAlgorithms +diffie-hellman-group1-sha1\n\tHostKeyAlgorithms +ssh-rsa" > /root/.ssh/config \ - && echo "no" | dpkg-reconfigure dash \ - && echo "zh_CN.UTF-8" | dpkg-reconfigure locales \ - && sed -i "s@# export @export @g" ~/.bashrc \ - && sed -i "s@# alias @alias @g" ~/.bashrc + && apt-get -y install --no-install-recommends ${TOOLS} -COPY --from=stage-2 /opt /opt -COPY --from=stage-1 /usr/local/bin /usr/local/bin -COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/ - -WORKDIR /opt/jumpserver - -ARG VERSION -ENV VERSION=$VERSION - -VOLUME /opt/jumpserver/data - -EXPOSE 8080 - -ENTRYPOINT ["./entrypoint.sh"] +COPY --from=build-core /opt/py3 /opt/py3 +COPY --from=build-xpack /opt/xpack /opt/jumpserver/apps/xpack diff --git a/Dockerfile.base b/Dockerfile.base new file mode 100644 index 000000000..003e7c6bc --- /dev/null +++ b/Dockerfile.base @@ -0,0 +1,55 @@ +FROM python:3.11-slim-bullseye +ARG TARGETARCH + +ARG BUILD_DEPENDENCIES=" \ + g++ \ + make \ + pkg-config" + +ARG DEPENDENCIES=" \ + freetds-dev \ + gettext \ + libffi-dev \ + libjpeg-dev \ + libkrb5-dev \ + libldap2-dev \ + libpq-dev \ + libsasl2-dev \ + libssl-dev \ + libxml2-dev \ + libxmlsec1-dev \ + libxmlsec1-openssl \ + freerdp2-dev \ + libaio-dev" + +ARG TOOLS=" \ + ca-certificates \ + curl \ + default-libmysqlclient-dev \ + default-mysql-client \ + git \ + git-lfs \ + unzip \ + xz-utils \ + wget" + +ARG APT_MIRROR=http://mirrors.ustc.edu.cn +RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ + --mount=type=cache,target=/var/lib/apt,sharing=locked \ + set -ex \ + && rm -f /etc/apt/apt.conf.d/docker-clean \ + && echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache \ + && sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \ + && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \ + && apt-get update \ + && apt-get -y install --no-install-recommends ${BUILD_DEPENDENCIES} \ + && apt-get -y install --no-install-recommends ${DEPENDENCIES} \ + && apt-get -y install --no-install-recommends ${TOOLS} \ + && echo "no" | dpkg-reconfigure dash + +ARG PIP_MIRROR=https://pypi.org/simple +RUN --mount=type=cache,target=/root/.cache,sharing=locked \ + set -ex \ + && python3 -m venv /opt/py3 \ + && pip install poetry -i ${PIP_MIRROR} \ + && poetry config virtualenvs.create false \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index b5515df47..2e4c5887b 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,26 +1,12 @@ #!/bin/bash -function cleanup() -{ - local pids=`jobs -p` - if [[ "${pids}" != "" ]]; then - kill ${pids} >/dev/null 2>/dev/null - fi -} - -action="${1-start}" -service="${2-all}" - -trap cleanup EXIT +# rm -f /opt/jumpserver/tmp/*.pid -if [[ "$action" == "bash" || "$action" == "sh" ]];then - bash -elif [[ "$action" == "sleep" ]];then - echo "Sleep 365 days" - sleep 365d -elif [[ "$service" == "receptor" ]];then - python receptor "$action" -else - python jms "$action" "$service" -fi \ No newline at end of file +case "$1" in + start|init_db|upgrade_db) + set -- /opt/jumpserver/jms "$@" + ;; +esac + +exec "$@" \ No newline at end of file