-
Notifications
You must be signed in to change notification settings - Fork 722
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added alpine based dockerfile and mysql database setup via docker run… #940
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,118 @@ | ||
# | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
# | ||
|
||
# | ||
# Dockerfile for guacamole-client | ||
# | ||
|
||
# Use args for Tomcat image label to allow image builder to choose alternatives | ||
# such as `--build-arg TOMCAT_JRE=jre8-alpine` | ||
# | ||
ARG TOMCAT_VERSION=8.5 | ||
ARG TOMCAT_JRE=jdk8 | ||
|
||
# Use official maven image for the build | ||
FROM maven:3-eclipse-temurin-8-focal AS builder | ||
|
||
# Use Mozilla's Firefox PPA (newer Ubuntu lacks a "firefox-esr" package and | ||
# provides only a transitional "firefox" package that actually requires Snap | ||
# and thus can't be used within Docker) | ||
|
||
RUN apt-get update \ | ||
&& apt-get upgrade -y \ | ||
&& apt-get install -y software-properties-common \ | ||
&& add-apt-repository -y ppa:mozillateam/ppa | ||
|
||
# Explicitly prefer packages from the Firefox PPA | ||
COPY guacamole-docker/mozilla-firefox.pref /etc/apt/preferences.d/ | ||
|
||
# Install firefox browser for sake of JavaScript unit tests | ||
RUN apt-get update && apt-get install -y firefox | ||
|
||
# Install firefox browser for sake of JavaScript unit tests | ||
# Arbitrary arguments that can be passed to the maven build. By default, an | ||
# argument will be provided to explicitly unskip any skipped tests. To, for | ||
# example, allow the building of the RADIUS auth extension, pass a build profile | ||
# as well: `--build-arg MAVEN_ARGUMENTS="-P lgpl-extensions -DskipTests=false"`. | ||
ARG MAVEN_ARGUMENTS="-DskipTests=false" | ||
|
||
# Versions of JDBC drivers to bundle within image | ||
ARG MSSQL_JDBC_VERSION=9.4.1 | ||
ARG MYSQL_JDBC_VERSION=8.0.33 | ||
ARG PGSQL_JDBC_VERSION=42.6.0 | ||
|
||
# Build environment variables | ||
ENV \ | ||
BUILD_DIR=/tmp/guacamole-docker-BUILD | ||
|
||
# Add configuration scripts | ||
COPY guacamole-docker/bin/ /opt/guacamole/bin/ | ||
|
||
# Copy source to container for sake of build | ||
COPY . "$BUILD_DIR" | ||
|
||
# Run the build itself | ||
RUN /opt/guacamole/bin/build-guacamole.sh "$BUILD_DIR" /opt/guacamole | ||
|
||
# For the runtime image, we start with the official Tomcat distribution | ||
|
||
FROM alpine | ||
|
||
COPY --from=builder /opt/guacamole /opt/guacamole | ||
|
||
ENV TOMCAT_MAJOR=9 \ | ||
TOMCAT_VERSION=9.0.78 \ | ||
CATALINA_HOME=/opt/guacamole | ||
|
||
RUN \ | ||
apk add --update --no-cache \ | ||
openjdk8-jre curl mariadb-client bash openssl busybox-extras && \ | ||
apk add paxctl --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community && \ | ||
curl -jkSL -o /tmp/apache-tomcat.tar.gz \ | ||
http://archive.apache.org/dist/tomcat/tomcat-${TOMCAT_MAJOR}/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz && \ | ||
gunzip /tmp/apache-tomcat.tar.gz && \ | ||
tar -C /opt -xf /tmp/apache-tomcat.tar && \ | ||
ln -s /opt/apache-tomcat-$TOMCAT_VERSION /usr/local/tomcat && \ | ||
chmod -R a+rx /usr/local/tomcat/ | ||
|
||
# cleanup | ||
RUN paxctl -c /usr/lib/jvm/java-1.8-openjdk/bin/java && \ | ||
paxctl -C /usr/lib/jvm/java-1.8-openjdk/bin/java && \ | ||
paxctl -mps /usr/lib/jvm/java-1.8-openjdk/bin/java && \ | ||
apk del curl && \ | ||
apk del paxctl && \ | ||
rm -rf /tmp/* /var/cache/apk/* /usr/local/tomcat/webapps/* | ||
|
||
|
||
# Create a new user guacamole | ||
ARG UID=1001 | ||
ARG GID=1001 | ||
RUN addgroup -g $GID guacamole | ||
RUN adduser -S -D -s /usr/sbin/nologin -u $UID guacamole --ingroup guacamole | ||
|
||
# Run with user guacamole | ||
USER guacamole | ||
|
||
EXPOSE 8080 | ||
|
||
WORKDIR $CATALINA_HOME | ||
|
||
# Start Guacamole under Tomcat, listening on 0.0.0.0:8080 | ||
EXPOSE 8080 | ||
CMD ["/opt/guacamole/bin/start.sh" ] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
#!/bin/bash | ||
# | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, | ||
# software distributed under the License is distributed on an | ||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
# KIND, either express or implied. See the License for the | ||
# specific language governing permissions and limitations | ||
# under the License. | ||
# | ||
|
||
# Setting up mysql database if not exists | ||
|
||
if [ "$SLEEP_SHORT" == "" ]; then | ||
SLEEP_SHORT=5 | ||
fi | ||
|
||
if [ "$SLEEP_LONG" == "" ]; then | ||
SLEEP_LONG=10 | ||
fi | ||
|
||
if [ "$RETRIES" == "" ]; then | ||
RETRIES=5 | ||
fi | ||
|
||
if [[ "$MYSQL_USER" != "" && "$MYSQL_PASSWORD" != "" && "$MYSQL_DATABASE" != "" && "$MYSQL_HOSTNAME" != "" ]]; then | ||
|
||
if [ "$MYSQL_PORT" == "" ]; then | ||
DB_PORT=3306; | ||
else | ||
DB_PORT=$MYSQL_PORT; | ||
fi | ||
|
||
DB_HOST=$MYSQL_HOSTNAME; | ||
DB_NAME=$MYSQL_DATABASE; | ||
DB_USER=$MYSQL_USER; | ||
DB_PASSWORD=$MYSQL_PASSWORD; | ||
DB_ENGINE="/usr/bin/mariadb" | ||
|
||
|
||
UUID=$(openssl rand -hex 16) | ||
SALT=$(echo ${UUID:0:8}-${UUID:8:4}-${UUID:12:4}-${UUID:16:4}-${UUID:20:12} | openssl sha256 -hex | awk '{print toupper($2)}'); | ||
HASH=$(echo -n "$ADMIN_PASSWORD$SALT" | openssl sha256 -hex | awk '{print toupper($2)}') | ||
cp /opt/guacamole/mysql/schema/*.sql /tmp/ | ||
sed -i "s/guacadmin/$ADMIN_NAME/g" /tmp/002-create-admin-user.sql | ||
sed -i "s/FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264/$SALT/" /tmp/002-create-admin-user.sql | ||
sed -i "s/CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960/$HASH/" /tmp/002-create-admin-user.sql | ||
Comment on lines
+35
to
+56
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This would need to be implemented for each supported database, not just MySQL/MariaDB. |
||
|
||
|
||
# Check database access | ||
for retries in $(seq 0 $((RETRIES+ 1))); do | ||
RESPONSE=$(echo "exit" | timeout $SLEEP_SHORT telnet $DB_HOST $DB_PORT|grep Connected); | ||
echo "RESPONSE: $RESPONSE"; | ||
if [ "$RESPONSE" == "" ]; then | ||
if [[ $retries -le $RETRIES ]] ; then | ||
echo "Retired $retries"; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What do you mean by "retired"? |
||
echo "Expected $DB_HOST currently not available, wait $SLEEP_SHORT seconds."; | ||
sleep $SLEEP_SHORT; | ||
else | ||
for retries2 in $(seq 0 $((RETRIES+ 1))); do | ||
RESPONSE=$(echo "exit" | timeout $SLEEP_SHORT telnet $DB_HOST $DB_PORT|grep Connected); | ||
if [ "$RESPONSE" == "" ]; then | ||
if [[ $retries2 -le $RETRIES ]] ; then | ||
echo "Retired $retries2"; | ||
echo "Expected $DB_HOST currently not available, wait $SLEEP_LONG seconds."; | ||
sleep $SLEEP_LONG; | ||
else | ||
echo "Expected $DB_HOST currently not available, and reached all reries limit, exiting"; | ||
exit 1; | ||
fi | ||
else | ||
echo "Expected $DB_HOST accessed successfuly, continue database init processes." | ||
break; | ||
fi | ||
done | ||
fi | ||
else | ||
echo "Expected $DB_HOST accessed successfuly, continue database init processes." | ||
break; | ||
fi | ||
done | ||
Comment on lines
+59
to
+90
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
+1 |
||
|
||
for i in $(ls /tmp/*.sql); do | ||
CREATE_DATABASE=$($DB_ENGINE -u $DB_USER -p$DB_PASSWORD $DB_NAME -h $DB_HOST --port $DB_PORT < $i); | ||
if [[ "$(echo $?)" == "1" ]]; then | ||
echo "Database already exists"; | ||
exit 2; | ||
else | ||
echo "Database automaticaly initialized." ; | ||
fi | ||
done | ||
Comment on lines
+92
to
+100
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is dangerous. Should a user ever manage to write a file to |
||
fi |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
#!/bin/bash -e | ||
#!/bin/bash | ||
# | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
|
@@ -562,11 +562,11 @@ END | |
|
||
set_optional_property \ | ||
"sqlserver-auto-create-accounts" \ | ||
"$SQLSERVER_AUTO_CREATE_ACCOUNTS" | ||
"$SQLSERVERQL_AUTO_CREATE_ACCOUNTS" | ||
|
||
set_optional_property \ | ||
"sqlserver-instance" \ | ||
"$SQLSERVER_INSTANCE" | ||
"$SQLSERVERQL_INSTANCE" | ||
Comment on lines
+565
to
+569
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why were these renamed? |
||
|
||
# Add required .jar files to GUACAMOLE_LIB and GUACAMOLE_EXT | ||
ln -s /opt/guacamole/sqlserver/mssql-jdbc-*.jar "$GUACAMOLE_LIB" | ||
|
@@ -1023,7 +1023,10 @@ associate_apisessiontimeout() { | |
start_guacamole() { | ||
|
||
# User-only writable CATALINA_BASE | ||
CATALINA_BASE=$HOME/tomcat | ||
CATALINA_HOME=/usr/local/tomcat | ||
export CATALINA_BASE=$HOME/tomcat | ||
export CATALINA_HOME=/usr/local/tomcat | ||
for dir in logs temp webapps work; do | ||
mkdir -p $CATALINA_BASE/$dir | ||
done | ||
|
@@ -1039,7 +1042,7 @@ start_guacamole() { | |
|
||
# Start tomcat | ||
cd /usr/local/tomcat | ||
exec catalina.sh run | ||
exec bin/catalina.sh run | ||
|
||
} | ||
|
||
|
@@ -1246,8 +1249,25 @@ if [ -n "$LOGBACK_LEVEL" ]; then | |
sed -i "s/level=\"info\"/level=\"$LOGBACK_LEVEL\"/" $GUACAMOLE_HOME/logback.xml | ||
fi | ||
|
||
# Initialise database if not exists | ||
|
||
/opt/guacamole/bin/check_database.sh | ||
|
||
RESPONSE=$(echo $?); | ||
|
||
if [ "$RESPONSE" == "1" ]; then | ||
echo "No any database accessible, exiting." | ||
exit 1; | ||
elif [ "$RESPONSE" == "2" ]; then | ||
echo "Database exists, continue running." | ||
else | ||
echo "Database init was successsfully." | ||
fi | ||
|
||
# | ||
# Finally start Guacamole (under Tomcat) | ||
# | ||
|
||
|
||
|
||
start_guacamole |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If new environment variables are to be supported by this image, the naming should be more specific.
SLEEP_SHORT
,SLEEP_LONG
, andRETRIES
are too broad.