docker-library
/
rabbitmq
mirror of https://github.com/docker-library/rabbitmq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove temporary 3.7.9 

This reverts https://github.com/docker-library/rabbitmq/pull/316 (820e85707b).

Now that https://github.com/docker-library/official-images/pull/5446 is merged, we don't need this backfill directory anymore.
This commit is contained in:
Tianon Gravi 2019-02-14 16:17:39 -08:00
parent 258f9d855c
commit 80a9f54130
8 changed files with 0 additions and 1432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.travis.yml
View File

@ -10,10 +10,6 @@ env:
- VERSION=3.7-rc VARIANT=ubuntu ARCH=i386 - VERSION=3.7-rc VARIANT=ubuntu ARCH=i386
- VERSION=3.7-rc VARIANT=alpine - VERSION=3.7-rc VARIANT=alpine
- VERSION=3.7-rc VARIANT=alpine ARCH=i386 - VERSION=3.7-rc VARIANT=alpine ARCH=i386
- VERSION=3.7.9 VARIANT=ubuntu
- VERSION=3.7.9 VARIANT=ubuntu ARCH=i386
- VERSION=3.7.9 VARIANT=alpine
- VERSION=3.7.9 VARIANT=alpine ARCH=i386
- VERSION=3.7 VARIANT=ubuntu - VERSION=3.7 VARIANT=ubuntu
- VERSION=3.7 VARIANT=ubuntu ARCH=i386 - VERSION=3.7 VARIANT=ubuntu ARCH=i386
- VERSION=3.7 VARIANT=alpine - VERSION=3.7 VARIANT=alpine

242
3.7.9/alpine/Dockerfile
View File

@ -1,242 +0,0 @@
# Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
FROM alpine:3.8
RUN apk add --no-cache \
# grab su-exec for easy step-down from root
'su-exec>=0.2' \
# bash for docker-entrypoint.sh
bash \
# "ps" for "rabbitmqctl wait" (https://github.com/docker-library/rabbitmq/issues/162)
procps
# Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# If you are building this image locally and are getting `gpg: keyserver receive failed: No data` errors,
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.7 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.7/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION 1.1.1a
ENV OPENSSL_SOURCE_SHA256="fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_ID="0x8657ABB260F056B1E5190839D9C4D26D0E604491"
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION 21.2.5
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html
ENV OTP_SOURCE_SHA256="3ff578ab020a714be25d6787b81938df016db375692d4126a28f1303e6e9c165"
# Install dependencies required to build Erlang/OTP from source
# http://erlang.org/doc/installation_guide/INSTALL.html
# autoconf: Required to configure Erlang/OTP before compiling
# dpkg-dev: Required to set up host & build type when compiling Erlang/OTP
# gnupg: Required to verify OpenSSL artefacts
# libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
# m4: Required for Erlang/OTP HiPE support
RUN set -eux; \
\
apk add --no-cache --virtual .build-deps \
autoconf \
ca-certificates \
dpkg-dev dpkg \
gcc \
gnupg \
libc-dev \
linux-headers \
m4 \
make \
ncurses-dev \
wget \
; \
\
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
\
# /usr/local/src doesn't exist in Alpine by default
mkdir /usr/local/src; \
\
# Required by the crypto & ssl Erlang/OTP applications
wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz" "$OPENSSL_SOURCE_URL"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver "$PGP_KEYSERVER" --recv-keys "$OPENSSL_PGP_KEY_ID"; \
gpg --batch --verify "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_PATH.tar.gz"; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME"; \
echo "$OPENSSL_SOURCE_SHA256 *$OPENSSL_PATH.tar.gz" | sha256sum -c -; \
mkdir -p "$OPENSSL_PATH"; \
tar --extract --file "$OPENSSL_PATH.tar.gz" --directory "$OPENSSL_PATH" --strip-components 1; \
\
# Configure OpenSSL for compilation
cd "$OPENSSL_PATH"; \
# OpenSSL's "config" script uses a lot of "uname"-based target detection...
MACHINE="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)" \
RELEASE="4.x.y-z" \
SYSTEM='Linux' \
BUILD='???' \
./config --openssldir="$OPENSSL_CONFIG_DIR"; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present
make -j "$(getconf _NPROCESSORS_ONLN)"; \
make install_sw install_ssldirs; \
cd ..; \
rm -rf "$OPENSSL_PATH"*; \
# use Alpine's CA certificates
rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
# smoke test
openssl version; \
\
OTP_SOURCE_URL="https://github.com/erlang/otp/archive/OTP-$OTP_VERSION.tar.gz"; \
OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
\
# Download, verify & extract OTP_SOURCE
mkdir -p "$OTP_PATH"; \
wget --progress dot:giga --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \
echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum -c -; \
tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \
\
# Configure Erlang/OTP for compilation, disable unused features & applications
# http://erlang.org/doc/applications.html
# ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
cd "$OTP_PATH"; \
export ERL_TOP="$OTP_PATH"; \
./otp_build autoconf; \
CFLAGS="$(dpkg-buildflags --get CFLAGS)"; export CFLAGS; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--host="$hostArch" \
--build="$buildArch" \
--disable-dynamic-ssl-lib \
--disable-sctp \
--disable-silent-rules \
--enable-clock-gettime \
--enable-hipe \
--enable-hybrid-heap \
--enable-kernel-poll \
--enable-shared-zlib \
--enable-smp-support \
--enable-threads \
--with-microstate-accounting=extra \
--without-common_test \
--without-debugger \
--without-dialyzer \
--without-diameter \
--without-edoc \
--without-erl_docgen \
--without-erl_interface \
--without-et \
--without-eunit \
--without-ftp \
--without-jinterface \
--without-megaco \
--without-observer \
--without-odbc \
--without-reltool \
--without-ssh \
--without-tftp \
--without-wx \
; \
# Compile & install Erlang/OTP
make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
make install; \
cd ..; \
rm -rf "$OTP_PATH"* /usr/local/lib/erlang/lib/*/src; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-cache --virtual .otp-run-deps $runDeps; \
apk del --no-network .build-deps; \
\
# Check that OpenSSL still works after purging build dependencies
openssl version; \
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
RUN set -eux; \
addgroup -g 101 -S rabbitmq; \
adduser -u 100 -S -h "$RABBITMQ_DATA_DIR" -G rabbitmq rabbitmq; \
mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
chown -fR rabbitmq:rabbitmq "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
chmod 777 "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.7.9
# https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
ENV RABBITMQ_HOME=/opt/rabbitmq
# Add RabbitMQ to PATH, send all logs to TTY
ENV PATH=$RABBITMQ_HOME/sbin:$PATH \
RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=-
# Install RabbitMQ
RUN set -eux; \
\
apk add --no-cache --virtual .build-deps \
ca-certificates \
gnupg \
wget \
xz \
; \
\
RABBITMQ_SOURCE_URL="https://github.com/rabbitmq/rabbitmq-server/releases/download/v$RABBITMQ_VERSION/rabbitmq-server-generic-unix-$RABBITMQ_VERSION.tar.xz"; \
RABBITMQ_PATH="/usr/local/src/rabbitmq-$RABBITMQ_VERSION"; \
\
wget --progress dot:giga --output-document "$RABBITMQ_PATH.tar.xz.asc" "$RABBITMQ_SOURCE_URL.asc"; \
wget --progress dot:giga --output-document "$RABBITMQ_PATH.tar.xz" "$RABBITMQ_SOURCE_URL"; \
\
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver "$PGP_KEYSERVER" --recv-keys "$RABBITMQ_PGP_KEY_ID"; \
gpg --batch --verify "$RABBITMQ_PATH.tar.xz.asc" "$RABBITMQ_PATH.tar.xz"; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME"; \
\
mkdir -p "$RABBITMQ_HOME"; \
tar --extract --file "$RABBITMQ_PATH.tar.xz" --directory "$RABBITMQ_HOME" --strip-components 1; \
rm -rf "$RABBITMQ_PATH"*; \
# Do not default SYS_PREFIX to RABBITMQ_HOME, leave it empty
grep -qE '^SYS_PREFIX=\$\{RABBITMQ_HOME\}$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
sed -i 's/^SYS_PREFIX=.*$/SYS_PREFIX=/' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
chown -R rabbitmq:rabbitmq "$RABBITMQ_HOME"; \
\
apk del .build-deps; \
\
# verify assumption of no stale cookies
[ ! -e "$RABBITMQ_DATA_DIR/.erlang.cookie" ]; \
# Ensure RabbitMQ was installed correctly by running a few commands that do not depend on a running server, as the rabbitmq user
# If they all succeed, it's safe to assume that things have been set up correctly
su-exec rabbitmq rabbitmqctl help; \
su-exec rabbitmq rabbitmqctl list_ciphers; \
su-exec rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Added for backwards compatibility - users can simply COPY custom plugins to /plugins
RUN ln -sf /opt/rabbitmq/plugins /plugins
# set home so that any `--user` knows where to put the erlang cookie
ENV HOME $RABBITMQ_DATA_DIR
# Hint that the data (a.k.a. home dir) dir should be separate volume
VOLUME $RABBITMQ_DATA_DIR
# warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell)
# Setting all environment variables that control language preferences, behaviour differs - https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html#The-LANGUAGE-variable
# https://docs.docker.com/samples/library/ubuntu/#locales
ENV LANG=C.UTF-8 LANGUAGE=C.UTF-8 LC_ALL=C.UTF-8
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 4369 5671 5672 25672
CMD ["rabbitmq-server"]

404
3.7.9/alpine/docker-entrypoint.sh
View File

@ -1,404 +0,0 @@
#!/bin/bash
set -eu
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# backwards compatibility for old environment variables
: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}"
: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}"
: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}"
# "management" SSL config should default to using the same certs
: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}"
: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}"
: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}"
# Allowed env vars that will be read from mounted files (i.e. Docker Secrets):
fileEnvKeys=(
default_user
default_pass
)
# https://www.rabbitmq.com/configure.html
sslConfigKeys=(
cacertfile
certfile
depth
fail_if_no_peer_cert
keyfile
verify
)
managementConfigKeys=(
"${sslConfigKeys[@]/#/ssl_}"
)
rabbitConfigKeys=(
default_pass
default_user
default_vhost
hipe_compile
vm_memory_high_watermark
)
fileConfigKeys=(
management_ssl_cacertfile
management_ssl_certfile
management_ssl_keyfile
ssl_cacertfile
ssl_certfile
ssl_keyfile
)
allConfigKeys=(
"${managementConfigKeys[@]/#/management_}"
"${rabbitConfigKeys[@]}"
"${sslConfigKeys[@]/#/ssl_}"
)
declare -A configDefaults=(
[management_ssl_fail_if_no_peer_cert]='false'
[management_ssl_verify]='verify_none'
[ssl_fail_if_no_peer_cert]='true'
[ssl_verify]='verify_peer'
)
# allow the container to be started with `--user`
if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then
# this needs to happen late enough that we have the SSL config
# https://github.com/docker-library/rabbitmq/issues/283
for conf in "${allConfigKeys[@]}"; do
var="RABBITMQ_${conf^^}"
val="${!var:-}"
[ -n "$val" ] || continue
case "$conf" in
*_ssl_*file | ssl_*file )
if [ -f "$val" ] && ! su-exec rabbitmq test -r "$val"; then
newFile="/tmp/rabbitmq-ssl/$conf.pem"
echo >&2
echo >&2 "WARNING: '$val' ($var) is not readable by rabbitmq ($(id rabbitmq)); copying to '$newFile'"
echo >&2
cat "$val" > "$newFile"
chown rabbitmq "$newFile"
chmod 0400 "$newFile"
eval 'export '$var'="$newFile"'
fi
;;
esac
done
if [ "$1" = 'rabbitmq-server' ]; then
find /var/lib/rabbitmq \! -user rabbitmq -exec chown rabbitmq '{}' +
fi
exec su-exec rabbitmq "$BASH_SOURCE" "$@"
fi
haveConfig=
haveSslConfig=
haveManagementSslConfig=
for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done
for conf in "${allConfigKeys[@]}"; do
var="RABBITMQ_${conf^^}"
val="${!var:-}"
if [ "$val" ]; then
if [ "${configDefaults[$conf]:-}" ] && [ "${configDefaults[$conf]}" = "$val" ]; then
# if the value set is the same as the default, treat it as if it isn't set
continue
fi
haveConfig=1
case "$conf" in
ssl_*) haveSslConfig=1 ;;
management_ssl_*) haveManagementSslConfig=1 ;;
esac
fi
done
if [ "$haveSslConfig" ]; then
missing=()
for sslConf in cacertfile certfile keyfile; do
var="RABBITMQ_SSL_${sslConf^^}"
val="${!var}"
if [ -z "$val" ]; then
missing+=( "$var" )
fi
done
if [ "${#missing[@]}" -gt 0 ]; then
{
echo
echo 'error: SSL requested, but missing required configuration'
for miss in "${missing[@]}"; do
echo " - $miss"
done
echo
} >&2
exit 1
fi
fi
missingFiles=()
for conf in "${fileConfigKeys[@]}"; do
var="RABBITMQ_${conf^^}"
val="${!var}"
if [ "$val" ] && [ ! -f "$val" ]; then
missingFiles+=( "$val ($var)" )
fi
done
if [ "${#missingFiles[@]}" -gt 0 ]; then
{
echo
echo 'error: files specified, but missing'
for miss in "${missingFiles[@]}"; do
echo " - $miss"
done
echo
} >&2
exit 1
fi
# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off)
for conf in "${!configDefaults[@]}"; do
default="${configDefaults[$conf]}"
var="RABBITMQ_${conf^^}"
[ -z "${!var:-}" ] || continue
eval "export $var=\"\$default\""
done
# if long and short hostnames are not the same, use long hostnames
if [ "$(hostname)" != "$(hostname -s)" ]; then
: "${RABBITMQ_USE_LONGNAME:=true}"
fi
if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then
cookieFile='/var/lib/rabbitmq/.erlang.cookie'
if [ -e "$cookieFile" ]; then
if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then
echo >&2
echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE"
echo >&2
fi
else
echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile"
fi
chmod 600 "$cookieFile"
fi
configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}"
oldConfigFile="$configBase.config"
newConfigFile="$configBase.conf"
shouldWriteConfig="$haveConfig"
if [ -n "$shouldWriteConfig" ] && [ -f "$oldConfigFile" ]; then
{
echo "error: Docker configuration environment variables specified, but old-style (Erlang syntax) configuration file '$oldConfigFile' exists"
echo " Suggested fixes: (choose one)"
echo " - remove '$oldConfigFile'"
echo " - remove any Docker-specific 'RABBITMQ_...' environment variables"
echo " - convert '$oldConfigFile' to the newer sysctl format ('$newConfigFile'); see https://www.rabbitmq.com/configure.html#config-file"
} >&2
exit 1
fi
if [ -z "$shouldWriteConfig" ] && [ ! -f "$oldConfigFile" ] && [ ! -f "$newConfigFile" ]; then
# no config files, we should write one
shouldWriteConfig=1
fi
# http://stackoverflow.com/a/2705678/433558
sed_escape_lhs() {
echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g'
}
sed_escape_rhs() {
echo "$@" | sed -e 's/[\/&]/\\&/g'
}
rabbit_set_config() {
local key="$1"; shift
local val="$1"; shift
[ -e "$newConfigFile" ] || touch "$newConfigFile"
local sedKey="$(sed_escape_lhs "$key")"
local sedVal="$(sed_escape_rhs "$val")"
sed -ri \
"s/^[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*)\S.*\$/\1${sedVal}/" \
"$newConfigFile"
if ! grep -qE "^${sedKey}[[:space:]]*=" "$newConfigFile"; then
echo "$key = $val" >> "$newConfigFile"
fi
}
rabbit_comment_config() {
local key="$1"; shift
[ -e "$newConfigFile" ] || touch "$newConfigFile"
local sedKey="$(sed_escape_lhs "$key")"
sed -ri \
"s/^[[:space:]]*#?[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*\S.*)\$/# \1/" \
"$newConfigFile"
}
rabbit_env_config() {
local prefix="$1"; shift
local conf
for conf; do
local var="rabbitmq${prefix:+_$prefix}_$conf"
var="${var^^}"
local key="$conf"
case "$prefix" in
ssl) key="ssl_options.$key" ;;
management_ssl) key="management.listener.ssl_opts.$key" ;;
esac
local val="${!var:-}"
local rawVal="$val"
case "$conf" in
fail_if_no_peer_cert|hipe_compile)
case "${val,,}" in
false|no|0|'') rawVal='false' ;;
true|yes|1|*) rawVal='true' ;;
esac
;;
vm_memory_high_watermark) continue ;; # handled separately
esac
if [ -n "$rawVal" ]; then
rabbit_set_config "$key" "$rawVal"
else
rabbit_comment_config "$key"
fi
done
}
if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then
rabbit_set_config 'loopback_users.guest' 'false'
# determine whether to set "vm_memory_high_watermark" (based on cgroups)
memTotalKb=
if [ -r /proc/meminfo ]; then
memTotalKb="$(awk -F ':? +' '$1 == "MemTotal" { print $2; exit }' /proc/meminfo)"
fi
memLimitB=
if [ -r /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then
# "18446744073709551615" is a valid value for "memory.limit_in_bytes", which is too big for Bash math to handle
# "$(( 18446744073709551615 / 1024 ))" = 0; "$(( 18446744073709551615 * 40 / 100 ))" = 0
memLimitB="$(awk -v totKb="$memTotalKb" '{
limB = $0;
limKb = limB / 1024;
if (!totKb || limKb < totKb) {
printf "%.0f\n", limB;
}
}' /sys/fs/cgroup/memory/memory.limit_in_bytes)"
fi
if [ -n "$memLimitB" ]; then
# if we have a cgroup memory limit, let's inform RabbitMQ of what it is (so it can calculate vm_memory_high_watermark properly)
# https://github.com/rabbitmq/rabbitmq-server/pull/1234
rabbit_set_config 'total_memory_available_override_value' "$memLimitB"
fi
# https://www.rabbitmq.com/memory.html#memsup-usage
if [ "${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-}" ]; then
# https://github.com/docker-library/rabbitmq/pull/105#issuecomment-242165822
vmMemoryHighWatermark="$(
echo "$RABBITMQ_VM_MEMORY_HIGH_WATERMARK" | awk '
/^[0-9]*[.][0-9]+$|^[0-9]+([.][0-9]+)?%$/ {
perc = $0;
if (perc ~ /%$/) {
gsub(/%$/, "", perc);
perc = perc / 100;
}
if (perc > 1.0 || perc <= 0.0) {
printf "error: invalid percentage for vm_memory_high_watermark: %s (must be > 0%%, <= 100%%)\n", $0 > "/dev/stderr";
exit 1;
}
printf "vm_memory_high_watermark.relative %0.03f\n", perc;
next;
}
/^[0-9]+$/ {
printf "vm_memory_high_watermark.absolute %s\n", $0;
next;
}
/^[0-9]+([.][0-9]+)?[a-zA-Z]+$/ {
printf "vm_memory_high_watermark.absolute %s\n", $0;
next;
}
{
printf "error: unexpected input for vm_memory_high_watermark: %s\n", $0;
exit 1;
}
'
)"
if [ "$vmMemoryHighWatermark" ]; then
vmMemoryHighWatermarkKey="${vmMemoryHighWatermark%% *}"
vmMemoryHighWatermarkVal="${vmMemoryHighWatermark#$vmMemoryHighWatermarkKey }"
rabbit_set_config "$vmMemoryHighWatermarkKey" "$vmMemoryHighWatermarkVal"
case "$vmMemoryHighWatermarkKey" in
# make sure we only set one or the other
'vm_memory_high_watermark.absolute') rabbit_comment_config 'vm_memory_high_watermark.relative' ;;
'vm_memory_high_watermark.relative') rabbit_comment_config 'vm_memory_high_watermark.absolute' ;;
esac
fi
fi
if [ "$haveSslConfig" ]; then
rabbit_set_config 'listeners.ssl.default' 5671
rabbit_env_config 'ssl' "${sslConfigKeys[@]}"
else
rabbit_set_config 'listeners.tcp.default' 5672
fi
rabbit_env_config '' "${rabbitConfigKeys[@]}"
# if management plugin is installed, generate config for it
# https://www.rabbitmq.com/management.html#configuration
if [ "$(rabbitmq-plugins list -q -m -e rabbitmq_management)" ]; then
if [ "$haveManagementSslConfig" ]; then
rabbit_set_config 'management.listener.port' 15671
rabbit_set_config 'management.listener.ssl' 'true'
rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}"
else
rabbit_set_config 'management.listener.port' 15672
rabbit_set_config 'management.listener.ssl' 'false'
fi
# if definitions file exists, then load it
# https://www.rabbitmq.com/management.html#load-definitions
managementDefinitionsFile='/etc/rabbitmq/definitions.json'
if [ -f "$managementDefinitionsFile" ]; then
# see also https://github.com/docker-library/rabbitmq/pull/112#issuecomment-271485550
rabbit_set_config 'management.load_definitions' "$managementDefinitionsFile"
fi
fi
fi
combinedSsl='/tmp/rabbitmq-ssl/combined.pem'
if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then
# Create combined cert
cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl"
chmod 0400 "$combinedSsl"
fi
if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then
# More ENV vars for make clustering happiness
# we don't handle clustering in this script, but these args should ensure
# clustered SSL-enabled members will talk nicely
export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)"
sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="${RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS:-} $sslErlArgs"
export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs"
fi
exec "$@"

27
3.7.9/alpine/management/Dockerfile
View File

@ -1,27 +0,0 @@
FROM rabbitmq:3.7.9-alpine
RUN rabbitmq-plugins enable --offline rabbitmq_management
# extract "rabbitmqadmin" from inside the "rabbitmq_management-X.Y.Z.ez" plugin zipfile
# see https://github.com/docker-library/rabbitmq/issues/207
RUN set -eux; \
erl -noinput -eval ' \
{ ok, AdminBin } = zip:foldl(fun(FileInArchive, GetInfo, GetBin, Acc) -> \
case Acc of \
"" -> \
case lists:suffix("/rabbitmqadmin", FileInArchive) of \
true -> GetBin(); \
false -> Acc \
end; \
_ -> Acc \
end \
end, "", init:get_plain_arguments()), \
io:format("~s", [ AdminBin ]), \
init:stop(). \
' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \
[ -s /usr/local/bin/rabbitmqadmin ]; \
chmod +x /usr/local/bin/rabbitmqadmin; \
apk add --no-cache python; \
rabbitmqadmin --version
EXPOSE 15671 15672

256
3.7.9/ubuntu/Dockerfile
View File

@ -1,256 +0,0 @@
# The official Canonical Ubuntu Bionic image is ideal from a security perspective,
# especially for the enterprises that we, the RabbitMQ team, have to deal with
FROM ubuntu:18.04
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
# grab gosu for easy step-down from root
gosu \
; \
rm -rf /var/lib/apt/lists/*; \
# verify that the "gosu" binary works
gosu nobody true
# Default to a PGP keyserver that pgp-happy-eyeballs recognizes, but allow for substitutions locally
ARG PGP_KEYSERVER=ha.pool.sks-keyservers.net
# If you are building this image locally and are getting `gpg: keyserver receive failed: No data` errors,
# run the build with a different PGP_KEYSERVER, e.g. docker build --tag rabbitmq:3.7 --build-arg PGP_KEYSERVER=pgpkeys.eu 3.7/ubuntu
# For context, see https://github.com/docker-library/official-images/issues/4252
# Using the latest OpenSSL LTS release, with support until September 2023 - https://www.openssl.org/source/
ENV OPENSSL_VERSION 1.1.1a
ENV OPENSSL_SOURCE_SHA256="fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
# https://www.openssl.org/community/omc.html
ENV OPENSSL_PGP_KEY_ID="0x8657ABB260F056B1E5190839D9C4D26D0E604491"
# Use the latest stable Erlang/OTP release (https://github.com/erlang/otp/tags)
ENV OTP_VERSION 21.2.5
# TODO add PGP checking when the feature will be added to Erlang/OTP's build system
# http://erlang.org/pipermail/erlang-questions/2019-January/097067.html
ENV OTP_SOURCE_SHA256="3ff578ab020a714be25d6787b81938df016db375692d4126a28f1303e6e9c165"
# Install dependencies required to build Erlang/OTP from source
# http://erlang.org/doc/installation_guide/INSTALL.html
# autoconf: Required to configure Erlang/OTP before compiling
# dpkg-dev: Required to set up host & build type when compiling Erlang/OTP
# gnupg: Required to verify OpenSSL artefacts
# libncurses5-dev: Required for Erlang/OTP new shell & observer_cli - https://github.com/zhongwencool/observer_cli
# m4: Required for Erlang/OTP HiPE support
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install --yes --no-install-recommends \
autoconf \
ca-certificates \
dpkg-dev \
gcc \
gnupg \
libncurses5-dev \
m4 \
make \
wget \
; \
rm -rf /var/lib/apt/lists/*; \
\
OPENSSL_SOURCE_URL="https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz"; \
OPENSSL_PATH="/usr/local/src/openssl-$OPENSSL_VERSION"; \
OPENSSL_CONFIG_DIR=/usr/local/etc/ssl; \
\
# Required by the crypto & ssl Erlang/OTP applications
wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_SOURCE_URL.asc"; \
wget --progress dot:giga --output-document "$OPENSSL_PATH.tar.gz" "$OPENSSL_SOURCE_URL"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver "$PGP_KEYSERVER" --recv-keys "$OPENSSL_PGP_KEY_ID"; \
gpg --batch --verify "$OPENSSL_PATH.tar.gz.asc" "$OPENSSL_PATH.tar.gz"; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME"; \
echo "$OPENSSL_SOURCE_SHA256 *$OPENSSL_PATH.tar.gz" | sha256sum --check --strict -; \
mkdir -p "$OPENSSL_PATH"; \
tar --extract --file "$OPENSSL_PATH.tar.gz" --directory "$OPENSSL_PATH" --strip-components 1; \
\
# Configure OpenSSL for compilation
cd "$OPENSSL_PATH"; \
# OpenSSL's "config" script uses a lot of "uname"-based target detection...
MACHINE="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)" \
RELEASE="4.x.y-z" \
SYSTEM='Linux' \
BUILD='???' \
./config --openssldir="$OPENSSL_CONFIG_DIR"; \
# Compile, install OpenSSL, verify that the command-line works & development headers are present
make -j "$(getconf _NPROCESSORS_ONLN)"; \
make install_sw install_ssldirs; \
cd ..; \
rm -rf "$OPENSSL_PATH"*; \
# this is included in "/etc/ld.so.conf.d/libc.conf", but on arm64, it gets overshadowed by "/etc/ld.so.conf.d/aarch64-linux-gnu.conf" (vs "/etc/ld.so.conf.d/x86_64-linux-gnu.conf") so the precedence isn't correct -- we install our own file to overcome that and ensure any .so files in /usr/local/lib (especially OpenSSL's libssl.so) are preferred appropriately regardless of the target architecture
# see https://bugs.debian.org/685706
echo '/usr/local/lib' > /etc/ld.so.conf.d/000-openssl-libc.conf; \
ldconfig; \
# use Debian's CA certificates
rmdir "$OPENSSL_CONFIG_DIR/certs" "$OPENSSL_CONFIG_DIR/private"; \
ln -sf /etc/ssl/certs /etc/ssl/private "$OPENSSL_CONFIG_DIR"; \
# smoke test
openssl version; \
\
OTP_SOURCE_URL="https://github.com/erlang/otp/archive/OTP-$OTP_VERSION.tar.gz"; \
OTP_PATH="/usr/local/src/otp-$OTP_VERSION"; \
\
# Download, verify & extract OTP_SOURCE
mkdir -p "$OTP_PATH"; \
wget --progress dot:giga --output-document "$OTP_PATH.tar.gz" "$OTP_SOURCE_URL"; \
echo "$OTP_SOURCE_SHA256 *$OTP_PATH.tar.gz" | sha256sum --check --strict -; \
tar --extract --file "$OTP_PATH.tar.gz" --directory "$OTP_PATH" --strip-components 1; \
\
# Configure Erlang/OTP for compilation, disable unused features & applications
# http://erlang.org/doc/applications.html
# ERL_TOP is required for Erlang/OTP makefiles to find the absolute path for the installation
cd "$OTP_PATH"; \
export ERL_TOP="$OTP_PATH"; \
./otp_build autoconf; \
CFLAGS="$(dpkg-buildflags --get CFLAGS)"; export CFLAGS; \
hostArch="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"; \
buildArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--host="$hostArch" \
--build="$buildArch" \
--disable-dynamic-ssl-lib \
--disable-sctp \
--disable-silent-rules \
--enable-clock-gettime \
--enable-hipe \
--enable-hybrid-heap \
--enable-kernel-poll \
--enable-shared-zlib \
--enable-smp-support \
--enable-threads \
--with-microstate-accounting=extra \
--without-common_test \
--without-debugger \
--without-dialyzer \
--without-diameter \
--without-edoc \
--without-erl_docgen \
--without-erl_interface \
--without-et \
--without-eunit \
--without-ftp \
--without-jinterface \
--without-megaco \
--without-observer \
--without-odbc \
--without-reltool \
--without-ssh \
--without-tftp \
--without-wx \
; \
# Compile & install Erlang/OTP
make -j "$(getconf _NPROCESSORS_ONLN)" GEN_OPT_FLGS="-O2 -fno-strict-aliasing"; \
make install; \
cd ..; \
rm -rf "$OTP_PATH"* /usr/local/lib/erlang/lib/*/src; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
find /usr/local -type f -executable -exec ldd '{}' ';' \
| awk '/=>/ { print $(NF-1) }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
\
# Check that OpenSSL still works after purging build dependencies
openssl version; \
# Check that Erlang/OTP crypto & ssl were compiled against OpenSSL correctly
erl -noshell -eval 'io:format("~p~n~n~p~n~n", [crypto:supports(), ssl:versions()]), init:stop().'
ENV RABBITMQ_DATA_DIR=/var/lib/rabbitmq
# Create rabbitmq system user & group, fix permissions & allow root user to connect to the RabbitMQ Erlang VM
RUN set -eux; \
groupadd --gid 999 --system rabbitmq; \
useradd --uid 999 --system --home-dir "$RABBITMQ_DATA_DIR" --gid rabbitmq rabbitmq; \
mkdir -p "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
chown -fR rabbitmq:rabbitmq "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
chmod 777 "$RABBITMQ_DATA_DIR" /etc/rabbitmq /tmp/rabbitmq-ssl /var/log/rabbitmq; \
ln -sf "$RABBITMQ_DATA_DIR/.erlang.cookie" /root/.erlang.cookie
# Use the latest stable RabbitMQ release (https://www.rabbitmq.com/download.html)
ENV RABBITMQ_VERSION 3.7.9
# https://www.rabbitmq.com/signatures.html#importing-gpg
ENV RABBITMQ_PGP_KEY_ID="0x0A9AF2115F4687BD29803A206B73A36E6026DFCA"
ENV RABBITMQ_HOME=/opt/rabbitmq
# Add RabbitMQ to PATH, send all logs to TTY
ENV PATH=$RABBITMQ_HOME/sbin:$PATH \
RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=-
# Install RabbitMQ
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install --yes --no-install-recommends \
ca-certificates \
gnupg \
wget \
xz-utils \
; \
rm -rf /var/lib/apt/lists/*; \
\
RABBITMQ_SOURCE_URL="https://github.com/rabbitmq/rabbitmq-server/releases/download/v$RABBITMQ_VERSION/rabbitmq-server-generic-unix-$RABBITMQ_VERSION.tar.xz"; \
RABBITMQ_PATH="/usr/local/src/rabbitmq-$RABBITMQ_VERSION"; \
\
wget --progress dot:giga --output-document "$RABBITMQ_PATH.tar.xz.asc" "$RABBITMQ_SOURCE_URL.asc"; \
wget --progress dot:giga --output-document "$RABBITMQ_PATH.tar.xz" "$RABBITMQ_SOURCE_URL"; \
\
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver "$PGP_KEYSERVER" --recv-keys "$RABBITMQ_PGP_KEY_ID"; \
gpg --batch --verify "$RABBITMQ_PATH.tar.xz.asc" "$RABBITMQ_PATH.tar.xz"; \
gpgconf --kill all; \
rm -rf "$GNUPGHOME"; \
\
mkdir -p "$RABBITMQ_HOME"; \
tar --extract --file "$RABBITMQ_PATH.tar.xz" --directory "$RABBITMQ_HOME" --strip-components 1; \
rm -rf "$RABBITMQ_PATH"*; \
# Do not default SYS_PREFIX to RABBITMQ_HOME, leave it empty
grep -qE '^SYS_PREFIX=\$\{RABBITMQ_HOME\}$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
sed -i 's/^SYS_PREFIX=.*$/SYS_PREFIX=/' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \
chown -R rabbitmq:rabbitmq "$RABBITMQ_HOME"; \
\
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
\
# verify assumption of no stale cookies
[ ! -e "$RABBITMQ_DATA_DIR/.erlang.cookie" ]; \
# Ensure RabbitMQ was installed correctly by running a few commands that do not depend on a running server, as the rabbitmq user
# If they all succeed, it's safe to assume that things have been set up correctly
gosu rabbitmq rabbitmqctl help; \
gosu rabbitmq rabbitmqctl list_ciphers; \
gosu rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Added for backwards compatibility - users can simply COPY custom plugins to /plugins
RUN ln -sf /opt/rabbitmq/plugins /plugins
# set home so that any `--user` knows where to put the erlang cookie
ENV HOME $RABBITMQ_DATA_DIR
# Hint that the data (a.k.a. home dir) dir should be separate volume
VOLUME $RABBITMQ_DATA_DIR
# warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell)
# Setting all environment variables that control language preferences, behaviour differs - https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html#The-LANGUAGE-variable
# https://docs.docker.com/samples/library/ubuntu/#locales
ENV LANG=C.UTF-8 LANGUAGE=C.UTF-8 LC_ALL=C.UTF-8
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 4369 5671 5672 25672
CMD ["rabbitmq-server"]

404
3.7.9/ubuntu/docker-entrypoint.sh
View File

@ -1,404 +0,0 @@
#!/bin/bash
set -eu
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# backwards compatibility for old environment variables
: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}"
: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}"
: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}"
# "management" SSL config should default to using the same certs
: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}"
: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}"
: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}"
# Allowed env vars that will be read from mounted files (i.e. Docker Secrets):
fileEnvKeys=(
default_user
default_pass
)
# https://www.rabbitmq.com/configure.html
sslConfigKeys=(
cacertfile
certfile
depth
fail_if_no_peer_cert
keyfile
verify
)
managementConfigKeys=(
"${sslConfigKeys[@]/#/ssl_}"
)
rabbitConfigKeys=(
default_pass
default_user
default_vhost
hipe_compile
vm_memory_high_watermark
)
fileConfigKeys=(
management_ssl_cacertfile
management_ssl_certfile
management_ssl_keyfile
ssl_cacertfile
ssl_certfile
ssl_keyfile
)
allConfigKeys=(
"${managementConfigKeys[@]/#/management_}"
"${rabbitConfigKeys[@]}"
"${sslConfigKeys[@]/#/ssl_}"
)
declare -A configDefaults=(
[management_ssl_fail_if_no_peer_cert]='false'
[management_ssl_verify]='verify_none'
[ssl_fail_if_no_peer_cert]='true'
[ssl_verify]='verify_peer'
)
# allow the container to be started with `--user`
if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then
# this needs to happen late enough that we have the SSL config
# https://github.com/docker-library/rabbitmq/issues/283
for conf in "${allConfigKeys[@]}"; do
var="RABBITMQ_${conf^^}"
val="${!var:-}"
[ -n "$val" ] || continue
case "$conf" in
*_ssl_*file | ssl_*file )
if [ -f "$val" ] && ! gosu rabbitmq test -r "$val"; then
newFile="/tmp/rabbitmq-ssl/$conf.pem"
echo >&2
echo >&2 "WARNING: '$val' ($var) is not readable by rabbitmq ($(id rabbitmq)); copying to '$newFile'"
echo >&2
cat "$val" > "$newFile"
chown rabbitmq "$newFile"
chmod 0400 "$newFile"
eval 'export '$var'="$newFile"'
fi
;;
esac
done
if [ "$1" = 'rabbitmq-server' ]; then
find /var/lib/rabbitmq \! -user rabbitmq -exec chown rabbitmq '{}' +
fi
exec gosu rabbitmq "$BASH_SOURCE" "$@"
fi
haveConfig=
haveSslConfig=
haveManagementSslConfig=
for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done
for conf in "${allConfigKeys[@]}"; do
var="RABBITMQ_${conf^^}"
val="${!var:-}"
if [ "$val" ]; then
if [ "${configDefaults[$conf]:-}" ] && [ "${configDefaults[$conf]}" = "$val" ]; then
# if the value set is the same as the default, treat it as if it isn't set
continue
fi
haveConfig=1
case "$conf" in
ssl_*) haveSslConfig=1 ;;
management_ssl_*) haveManagementSslConfig=1 ;;
esac
fi
done
if [ "$haveSslConfig" ]; then
missing=()
for sslConf in cacertfile certfile keyfile; do
var="RABBITMQ_SSL_${sslConf^^}"
val="${!var}"
if [ -z "$val" ]; then
missing+=( "$var" )
fi
done
if [ "${#missing[@]}" -gt 0 ]; then
{
echo
echo 'error: SSL requested, but missing required configuration'
for miss in "${missing[@]}"; do
echo " - $miss"
done
echo
} >&2
exit 1
fi
fi
missingFiles=()
for conf in "${fileConfigKeys[@]}"; do
var="RABBITMQ_${conf^^}"
val="${!var}"
if [ "$val" ] && [ ! -f "$val" ]; then
missingFiles+=( "$val ($var)" )
fi
done
if [ "${#missingFiles[@]}" -gt 0 ]; then
{
echo
echo 'error: files specified, but missing'
for miss in "${missingFiles[@]}"; do
echo " - $miss"
done
echo
} >&2
exit 1
fi
# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off)
for conf in "${!configDefaults[@]}"; do
default="${configDefaults[$conf]}"
var="RABBITMQ_${conf^^}"
[ -z "${!var:-}" ] || continue
eval "export $var=\"\$default\""
done
# if long and short hostnames are not the same, use long hostnames
if [ "$(hostname)" != "$(hostname -s)" ]; then
: "${RABBITMQ_USE_LONGNAME:=true}"
fi
if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then
cookieFile='/var/lib/rabbitmq/.erlang.cookie'
if [ -e "$cookieFile" ]; then
if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then
echo >&2
echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE"
echo >&2
fi
else
echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile"
fi
chmod 600 "$cookieFile"
fi
configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}"
oldConfigFile="$configBase.config"
newConfigFile="$configBase.conf"
shouldWriteConfig="$haveConfig"
if [ -n "$shouldWriteConfig" ] && [ -f "$oldConfigFile" ]; then
{
echo "error: Docker configuration environment variables specified, but old-style (Erlang syntax) configuration file '$oldConfigFile' exists"
echo " Suggested fixes: (choose one)"
echo " - remove '$oldConfigFile'"
echo " - remove any Docker-specific 'RABBITMQ_...' environment variables"
echo " - convert '$oldConfigFile' to the newer sysctl format ('$newConfigFile'); see https://www.rabbitmq.com/configure.html#config-file"
} >&2
exit 1
fi
if [ -z "$shouldWriteConfig" ] && [ ! -f "$oldConfigFile" ] && [ ! -f "$newConfigFile" ]; then
# no config files, we should write one
shouldWriteConfig=1
fi
# http://stackoverflow.com/a/2705678/433558
sed_escape_lhs() {
echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g'
}
sed_escape_rhs() {
echo "$@" | sed -e 's/[\/&]/\\&/g'
}
rabbit_set_config() {
local key="$1"; shift
local val="$1"; shift
[ -e "$newConfigFile" ] || touch "$newConfigFile"
local sedKey="$(sed_escape_lhs "$key")"
local sedVal="$(sed_escape_rhs "$val")"
sed -ri \
"s/^[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*)\S.*\$/\1${sedVal}/" \
"$newConfigFile"
if ! grep -qE "^${sedKey}[[:space:]]*=" "$newConfigFile"; then
echo "$key = $val" >> "$newConfigFile"
fi
}
rabbit_comment_config() {
local key="$1"; shift
[ -e "$newConfigFile" ] || touch "$newConfigFile"
local sedKey="$(sed_escape_lhs "$key")"
sed -ri \
"s/^[[:space:]]*#?[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*\S.*)\$/# \1/" \
"$newConfigFile"
}
rabbit_env_config() {
local prefix="$1"; shift
local conf
for conf; do
local var="rabbitmq${prefix:+_$prefix}_$conf"
var="${var^^}"
local key="$conf"
case "$prefix" in
ssl) key="ssl_options.$key" ;;
management_ssl) key="management.listener.ssl_opts.$key" ;;
esac
local val="${!var:-}"
local rawVal="$val"
case "$conf" in
fail_if_no_peer_cert|hipe_compile)
case "${val,,}" in
false|no|0|'') rawVal='false' ;;
true|yes|1|*) rawVal='true' ;;
esac
;;
vm_memory_high_watermark) continue ;; # handled separately
esac
if [ -n "$rawVal" ]; then
rabbit_set_config "$key" "$rawVal"
else
rabbit_comment_config "$key"
fi
done
}
if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then
rabbit_set_config 'loopback_users.guest' 'false'
# determine whether to set "vm_memory_high_watermark" (based on cgroups)
memTotalKb=
if [ -r /proc/meminfo ]; then
memTotalKb="$(awk -F ':? +' '$1 == "MemTotal" { print $2; exit }' /proc/meminfo)"
fi
memLimitB=
if [ -r /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then
# "18446744073709551615" is a valid value for "memory.limit_in_bytes", which is too big for Bash math to handle
# "$(( 18446744073709551615 / 1024 ))" = 0; "$(( 18446744073709551615 * 40 / 100 ))" = 0
memLimitB="$(awk -v totKb="$memTotalKb" '{
limB = $0;
limKb = limB / 1024;
if (!totKb || limKb < totKb) {
printf "%.0f\n", limB;
}
}' /sys/fs/cgroup/memory/memory.limit_in_bytes)"
fi
if [ -n "$memLimitB" ]; then
# if we have a cgroup memory limit, let's inform RabbitMQ of what it is (so it can calculate vm_memory_high_watermark properly)
# https://github.com/rabbitmq/rabbitmq-server/pull/1234
rabbit_set_config 'total_memory_available_override_value' "$memLimitB"
fi
# https://www.rabbitmq.com/memory.html#memsup-usage
if [ "${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-}" ]; then
# https://github.com/docker-library/rabbitmq/pull/105#issuecomment-242165822
vmMemoryHighWatermark="$(
echo "$RABBITMQ_VM_MEMORY_HIGH_WATERMARK" | awk '
/^[0-9]*[.][0-9]+$|^[0-9]+([.][0-9]+)?%$/ {
perc = $0;
if (perc ~ /%$/) {
gsub(/%$/, "", perc);
perc = perc / 100;
}
if (perc > 1.0 || perc <= 0.0) {
printf "error: invalid percentage for vm_memory_high_watermark: %s (must be > 0%%, <= 100%%)\n", $0 > "/dev/stderr";
exit 1;
}
printf "vm_memory_high_watermark.relative %0.03f\n", perc;
next;
}
/^[0-9]+$/ {
printf "vm_memory_high_watermark.absolute %s\n", $0;
next;
}
/^[0-9]+([.][0-9]+)?[a-zA-Z]+$/ {
printf "vm_memory_high_watermark.absolute %s\n", $0;
next;
}
{
printf "error: unexpected input for vm_memory_high_watermark: %s\n", $0;
exit 1;
}
'
)"
if [ "$vmMemoryHighWatermark" ]; then
vmMemoryHighWatermarkKey="${vmMemoryHighWatermark%% *}"
vmMemoryHighWatermarkVal="${vmMemoryHighWatermark#$vmMemoryHighWatermarkKey }"
rabbit_set_config "$vmMemoryHighWatermarkKey" "$vmMemoryHighWatermarkVal"
case "$vmMemoryHighWatermarkKey" in
# make sure we only set one or the other
'vm_memory_high_watermark.absolute') rabbit_comment_config 'vm_memory_high_watermark.relative' ;;
'vm_memory_high_watermark.relative') rabbit_comment_config 'vm_memory_high_watermark.absolute' ;;
esac
fi
fi
if [ "$haveSslConfig" ]; then
rabbit_set_config 'listeners.ssl.default' 5671
rabbit_env_config 'ssl' "${sslConfigKeys[@]}"
else
rabbit_set_config 'listeners.tcp.default' 5672
fi
rabbit_env_config '' "${rabbitConfigKeys[@]}"
# if management plugin is installed, generate config for it
# https://www.rabbitmq.com/management.html#configuration
if [ "$(rabbitmq-plugins list -q -m -e rabbitmq_management)" ]; then
if [ "$haveManagementSslConfig" ]; then
rabbit_set_config 'management.listener.port' 15671
rabbit_set_config 'management.listener.ssl' 'true'
rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}"
else
rabbit_set_config 'management.listener.port' 15672
rabbit_set_config 'management.listener.ssl' 'false'
fi
# if definitions file exists, then load it
# https://www.rabbitmq.com/management.html#load-definitions
managementDefinitionsFile='/etc/rabbitmq/definitions.json'
if [ -f "$managementDefinitionsFile" ]; then
# see also https://github.com/docker-library/rabbitmq/pull/112#issuecomment-271485550
rabbit_set_config 'management.load_definitions' "$managementDefinitionsFile"
fi
fi
fi
combinedSsl='/tmp/rabbitmq-ssl/combined.pem'
if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then
# Create combined cert
cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl"
chmod 0400 "$combinedSsl"
fi
if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then
# More ENV vars for make clustering happiness
# we don't handle clustering in this script, but these args should ensure
# clustered SSL-enabled members will talk nicely
export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)"
sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true"
export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="${RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS:-} $sslErlArgs"
export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs"
fi
exec "$@"

27
3.7.9/ubuntu/management/Dockerfile
View File

@ -1,27 +0,0 @@
FROM rabbitmq:3.7.9
RUN rabbitmq-plugins enable --offline rabbitmq_management
# extract "rabbitmqadmin" from inside the "rabbitmq_management-X.Y.Z.ez" plugin zipfile
# see https://github.com/docker-library/rabbitmq/issues/207
RUN set -eux; \
erl -noinput -eval ' \
{ ok, AdminBin } = zip:foldl(fun(FileInArchive, GetInfo, GetBin, Acc) -> \
case Acc of \
"" -> \
case lists:suffix("/rabbitmqadmin", FileInArchive) of \
true -> GetBin(); \
false -> Acc \
end; \
_ -> Acc \
end \
end, "", init:get_plain_arguments()), \
io:format("~s", [ AdminBin ]), \
init:stop(). \
' -- /plugins/rabbitmq_management-*.ez > /usr/local/bin/rabbitmqadmin; \
[ -s /usr/local/bin/rabbitmqadmin ]; \
chmod +x /usr/local/bin/rabbitmqadmin; \
apt-get update; apt-get install -y --no-install-recommends python; rm -rf /var/lib/apt/lists/*; \
rabbitmqadmin --version
EXPOSE 15671 15672

68
3.7.9/windows/Dockerfile
View File

@ -1,68 +0,0 @@
FROM mcr.microsoft.com/windows/servercore:1803
# $ProgressPreference: https://github.com/PowerShell/PowerShell/issues/2138#issuecomment-251261324
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
ENV RABBITMQ_HOME C:\RabbitMQ
# PATH isn't actually set in the Docker image, so we have to set it from within the container
RUN $newPath = ('C:\erl\bin;{0}\sbin;{1}' -f $env:RABBITMQ_HOME, $env:PATH); \
Write-Host ('Updating PATH: {0}' -f $newPath); \
setx /M PATH $newPath
# doing this first to share cache across versions more aggressively
# no minor updates for Windows -- infeasible to rebuild from source
ENV OTP_VERSION 21.2
# pulling from erlang-solutions.com instead of erlang.org because it's a lot faster download and includes https
RUN $url = 'https://packages.erlang-solutions.com/erlang/esl-erlang/FLAVOUR_1_general/esl-erlang_{0}~windows_amd64.exe' -f $env:OTP_VERSION; \
Write-Host ('Downloading {0} ...' -f $url); \
Invoke-WebRequest -Uri $url -OutFile otp-setup.exe; \
\
Write-Host 'Installing ...'; \
Start-Process otp-setup.exe -Wait \
-ArgumentList @( \
# https://nsis.sourceforge.io/Which_command_line_parameters_can_be_used_to_configure_installers
'/S', \
'/D=C:\erl' \
); \
\
Write-Host 'Removing ...'; \
Remove-Item otp-setup.exe -Force; \
\
Write-Host 'Validating ...'; \
Start-Process erl -NoNewWindow -Wait \
-ArgumentList @( \
'-version' \
); \
\
Write-Host 'Complete.'
ENV RABBITMQ_VERSION 3.7.10
# https://www.rabbitmq.com/install-windows-manual.html
RUN $url = 'https://github.com/rabbitmq/rabbitmq-server/releases/download/v{0}/rabbitmq-server-windows-{0}.zip' -f $env:RABBITMQ_VERSION; \
Write-Host ('Downloading {0} ...' -f $url); \
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; \
Invoke-WebRequest -Uri $url -OutFile rabbit.zip; \
\
Write-Host 'Expanding ...'; \
Expand-Archive -Path rabbit.zip -DestinationPath C:\; \
\
Write-Host 'Renaming ...'; \
Move-Item -LiteralPath ('rabbitmq_server-{0}' -f $env:RABBITMQ_VERSION) -Destination $env:RABBITMQ_HOME; \
\
Write-Host 'Removing ...'; \
Remove-Item rabbit.zip -Force; \
\
# TODO verification
\
Write-Host 'Complete.'
# send all logs to TTY
ENV RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=-
# TODO RABBITMQ_DATA_DIR
# TODO CMD ["rabbitmq-server"]
CMD ["powershell"]