diff --git a/.travis.yml b/.travis.yml index e5ae44b6..53ef678d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,8 @@ language: bash services: docker env: + - VERSION=3.7 VARIANT=debian + - VERSION=3.7 VARIANT=alpine - VERSION=3.6 VARIANT=debian - VERSION=3.6 VARIANT=alpine diff --git a/3.6/debian/Dockerfile b/3.6/debian/Dockerfile index 7b37bb14..9241e8f3 100644 --- a/3.6/debian/Dockerfile +++ b/3.6/debian/Dockerfile @@ -1,6 +1,6 @@ FROM debian:stretch-slim -RUN set -ex; \ +RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ gnupg \ @@ -13,7 +13,7 @@ RUN groupadd -r rabbitmq && useradd -r -d /var/lib/rabbitmq -m -g rabbitmq rabbi # grab gosu for easy step-down from root ENV GOSU_VERSION 1.10 -RUN set -x \ +RUN set -eux \ && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \ && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \ && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \ @@ -26,7 +26,7 @@ RUN set -x \ && apt-get purge -y --auto-remove ca-certificates wget # install Erlang -RUN set -ex; \ +RUN set -eux; \ apt-get update; \ # "erlang-base-hipe" is optional (and only supported on a few arches) # so, only install it if it's available for our current arch @@ -64,7 +64,7 @@ ENV RABBITMQ_VERSION 3.6.14 ENV RABBITMQ_GITHUB_TAG rabbitmq_v3_6_14 ENV RABBITMQ_DEBIAN_VERSION 3.6.14-1 -RUN set -ex; \ +RUN set -eux; \ \ apt-get update; \ apt-get install -y --no-install-recommends ca-certificates wget; \ diff --git a/3.6/docker-entrypoint.sh b/3.6/docker-entrypoint.sh new file mode 100755 index 00000000..3f78ac07 --- /dev/null +++ b/3.6/docker-entrypoint.sh @@ -0,0 +1,401 @@ +#!/bin/bash +set -eu + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# allow the container to be started with `--user` +if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then + if [ "$1" = 'rabbitmq-server' ]; then + chown -R rabbitmq /var/lib/rabbitmq + fi + exec gosu rabbitmq "$BASH_SOURCE" "$@" +fi + +# backwards compatibility for old environment variables +: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}" +: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}" +: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}" + +# "management" SSL config should default to using the same certs +: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}" + +# Allowed env vars that will be read from mounted files (i.e. Docker Secrets): +fileEnvKeys=( + default_user + default_pass +) + +# https://www.rabbitmq.com/configure.html +sslConfigKeys=( + cacertfile + certfile + depth + fail_if_no_peer_cert + keyfile + verify +) +managementConfigKeys=( + "${sslConfigKeys[@]/#/ssl_}" +) +rabbitConfigKeys=( + default_pass + default_user + default_vhost + hipe_compile + vm_memory_high_watermark +) +fileConfigKeys=( + management_ssl_cacertfile + management_ssl_certfile + management_ssl_keyfile + ssl_cacertfile + ssl_certfile + ssl_keyfile +) +allConfigKeys=( + "${managementConfigKeys[@]/#/management_}" + "${rabbitConfigKeys[@]}" + "${sslConfigKeys[@]/#/ssl_}" +) + +declare -A configDefaults=( + [management_ssl_fail_if_no_peer_cert]='false' + [management_ssl_verify]='verify_none' + + [ssl_fail_if_no_peer_cert]='true' + [ssl_verify]='verify_peer' +) + +haveConfig= +haveSslConfig= +haveManagementSslConfig= +for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done +for conf in "${allConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var:-}" + if [ "$val" ]; then + if [ "${configDefaults[$conf]:-}" ] && [ "${configDefaults[$conf]}" = "$val" ]; then + # if the value set is the same as the default, treat it as if it isn't set + continue + fi + haveConfig=1 + case "$conf" in + ssl_*) haveSslConfig=1 ;; + management_ssl_*) haveManagementSslConfig=1 ;; + esac + fi +done +if [ "$haveSslConfig" ]; then + missing=() + for sslConf in cacertfile certfile keyfile; do + var="RABBITMQ_SSL_${sslConf^^}" + val="${!var}" + if [ -z "$val" ]; then + missing+=( "$var" ) + fi + done + if [ "${#missing[@]}" -gt 0 ]; then + { + echo + echo 'error: SSL requested, but missing required configuration' + for miss in "${missing[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 + fi +fi +missingFiles=() +for conf in "${fileConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var}" + if [ "$val" ] && [ ! -f "$val" ]; then + missingFiles+=( "$val ($var)" ) + fi +done +if [ "${#missingFiles[@]}" -gt 0 ]; then + { + echo + echo 'error: files specified, but missing' + for miss in "${missingFiles[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 +fi + +# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off) +for conf in "${!configDefaults[@]}"; do + default="${configDefaults[$conf]}" + var="RABBITMQ_${conf^^}" + [ -z "${!var:-}" ] || continue + eval "export $var=\"\$default\"" +done + +# If long & short hostnames are not the same, use long hostnames +if [ "$(hostname)" != "$(hostname -s)" ]; then + : "${RABBITMQ_USE_LONGNAME:=true}" +fi + +if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then + cookieFile='/var/lib/rabbitmq/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile" + fi + chmod 600 "$cookieFile" +fi + +# prints "$2$1$3$1...$N" +join() { + local sep="$1"; shift + local out; printf -v out "${sep//%/%%}%s" "$@" + echo "${out#$sep}" +} +indent() { + if [ "$#" -gt 0 ]; then + echo "$@" + else + cat + fi | sed 's/^/\t/g' +} +rabbit_array() { + echo -n '[' + case "$#" in + 0) echo -n ' ' ;; + 1) echo -n " $1 " ;; + *) + local vals="$(join $',\n' "$@")" + echo + indent "$vals" + esac + echo -n ']' +} +rabbit_string() { + local val="$1"; shift + # fire up erlang directly to have it do the proper escaping for us + erl -noinput -eval 'io:format("~p\n", init:get_plain_arguments()), init:stop().' -- "$val" +} +rabbit_env_config() { + local prefix="$1"; shift + + local ret=() + local conf + for conf; do + local var="rabbitmq${prefix:+_$prefix}_$conf" + var="${var^^}" + + local val="${!var:-}" + + local rawVal= + case "$conf" in + verify|fail_if_no_peer_cert|depth) + [ "$val" ] || continue + rawVal="$val" + ;; + + hipe_compile) + [ "$val" ] && rawVal='true' || rawVal='false' + ;; + + cacertfile|certfile|keyfile) + [ "$val" ] || continue + rawVal="$(rabbit_string "$val")" + ;; + + *) + [ "$val" ] || continue + rawVal="<<$(rabbit_string "$val")>>" + ;; + esac + [ "$rawVal" ] || continue + + ret+=( "{ $conf, $rawVal }" ) + done + + join $'\n' "${ret[@]}" +} + +shouldWriteConfig="$haveConfig" +if [ ! -f /etc/rabbitmq/rabbitmq.config ]; then + shouldWriteConfig=1 +fi + +if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then + fullConfig=() + + rabbitConfig=( + "{ loopback_users, $(rabbit_array) }" + ) + + # determine whether to set "vm_memory_high_watermark" (based on cgroups) + memTotalKb= + if [ -r /proc/meminfo ]; then + memTotalKb="$(awk -F ':? +' '$1 == "MemTotal" { print $2; exit }' /proc/meminfo)" + fi + memLimitB= + if [ -r /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then + # "18446744073709551615" is a valid value for "memory.limit_in_bytes", which is too big for Bash math to handle + # "$(( 18446744073709551615 / 1024 ))" = 0; "$(( 18446744073709551615 * 40 / 100 ))" = 0 + memLimitB="$(awk -v totKb="$memTotalKb" '{ + limB = $0; + limKb = limB / 1024; + if (!totKb || limKb < totKb) { + printf "%.0f\n", limB; + } + }' /sys/fs/cgroup/memory/memory.limit_in_bytes)" + fi + if [ -n "$memLimitB" ]; then + # if we have a cgroup memory limit, let's inform RabbitMQ of what it is (so it can calculate vm_memory_high_watermark properly) + # https://github.com/rabbitmq/rabbitmq-server/pull/1234 + rabbitConfig+=( "{ total_memory_available_override_value, $memLimitB }" ) + fi + if [ "${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-}" ]; then + # https://github.com/docker-library/rabbitmq/pull/105#issuecomment-242165822 + vmMemoryHighWatermark="$( + awk ' + /^[0-9]*[.][0-9]+$|^[0-9]+([.][0-9]+)?%$/ { + perc = $0; + if (perc ~ /%$/) { + gsub(/%$/, "", perc); + perc = perc / 100; + } + if (perc > 1.0 || perc <= 0.0) { + printf "error: invalid percentage for vm_memory_high_watermark: %s (must be > 0%%, <= 100%%)\n", $0 > "/dev/stderr"; + exit 1; + } + printf "%0.03f\n", perc; + next; + } + /^[0-9]+$/ { + printf "{ absolute, %s }\n", $0; + next; + } + /^[0-9]+([.][0-9]+)?[a-zA-Z]+$/ { + printf "{ absolute, \"%s\" }\n", $0; + next; + } + { + printf "error: unexpected input for vm_memory_high_watermark: %s\n", $0; + exit 1; + } + ' <(echo "$RABBITMQ_VM_MEMORY_HIGH_WATERMARK") + )" + if [ "$vmMemoryHighWatermark" ]; then + # https://www.rabbitmq.com/memory.html#memsup-usage + rabbitConfig+=( "{ vm_memory_high_watermark, $vmMemoryHighWatermark }" ) + fi + fi + + if [ "$haveSslConfig" ]; then + IFS=$'\n' + rabbitSslOptions=( $(rabbit_env_config 'ssl' "${sslConfigKeys[@]}") ) + unset IFS + + rabbitConfig+=( + "{ tcp_listeners, $(rabbit_array) }" + "{ ssl_listeners, $(rabbit_array 5671) }" + "{ ssl_options, $(rabbit_array "${rabbitSslOptions[@]}") }" + ) + else + rabbitConfig+=( + "{ tcp_listeners, $(rabbit_array 5672) }" + "{ ssl_listeners, $(rabbit_array) }" + ) + fi + + IFS=$'\n' + rabbitConfig+=( $(rabbit_env_config '' "${rabbitConfigKeys[@]}") ) + unset IFS + + fullConfig+=( "{ rabbit, $(rabbit_array "${rabbitConfig[@]}") }" ) + + # if management plugin is installed, generate config for it + # https://www.rabbitmq.com/management.html#configuration + if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then + rabbitManagementConfig=() + + if [ "$haveManagementSslConfig" ]; then + IFS=$'\n' + rabbitManagementSslOptions=( $(rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}") ) + unset IFS + + rabbitManagementListenerConfig+=( + '{ port, 15671 }' + '{ ssl, true }' + "{ ssl_opts, $(rabbit_array "${rabbitManagementSslOptions[@]}") }" + ) + else + rabbitManagementListenerConfig+=( + '{ port, 15672 }' + '{ ssl, false }' + ) + fi + rabbitManagementConfig+=( + "{ listener, $(rabbit_array "${rabbitManagementListenerConfig[@]}") }" + ) + + # if definitions file exists, then load it + # https://www.rabbitmq.com/management.html#load-definitions + managementDefinitionsFile='/etc/rabbitmq/definitions.json' + if [ -f "${managementDefinitionsFile}" ]; then + # see also https://github.com/docker-library/rabbitmq/pull/112#issuecomment-271485550 + rabbitManagementConfig+=( + "{ load_definitions, \"$managementDefinitionsFile\" }" + ) + fi + + fullConfig+=( + "{ rabbitmq_management, $(rabbit_array "${rabbitManagementConfig[@]}") }" + ) + fi + + echo "$(rabbit_array "${fullConfig[@]}")." > /etc/rabbitmq/rabbitmq.config +fi + +combinedSsl='/tmp/combined.pem' +if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then + # Create combined cert + cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl" + chmod 0400 "$combinedSsl" +fi +if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then + # More ENV vars for make clustering happiness + # we don't handle clustering in this script, but these args should ensure + # clustered SSL-enabled members will talk nicely + export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)" + sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true" + export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="${RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS:-} $sslErlArgs" + export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs" +fi + +exec "$@" diff --git a/3.7/alpine/Dockerfile b/3.7/alpine/Dockerfile new file mode 100644 index 00000000..b77868e9 --- /dev/null +++ b/3.7/alpine/Dockerfile @@ -0,0 +1,93 @@ +FROM alpine:3.7 + +# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added +RUN addgroup -S rabbitmq && adduser -S -h /var/lib/rabbitmq -G rabbitmq rabbitmq + +# grab su-exec for easy step-down from root +RUN apk add --no-cache 'su-exec>=0.2' + +RUN apk add --no-cache \ +# Bash for docker-entrypoint + bash \ +# Procps for rabbitmqctl + procps \ +# Erlang for RabbitMQ + erlang-asn1 \ + erlang-hipe \ + erlang-crypto \ + erlang-eldap \ + erlang-inets \ + erlang-mnesia \ + erlang \ + erlang-os-mon \ + erlang-public-key \ + erlang-sasl \ + erlang-ssl \ + erlang-syntax-tools \ + erlang-xmerl + +# get logs to stdout (thanks @dumbbell for pushing this upstream! :D) +ENV RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=- +# https://github.com/rabbitmq/rabbitmq-server/commit/53af45bf9a162dec849407d114041aad3d84feaf + +ENV RABBITMQ_HOME /opt/rabbitmq +ENV PATH $RABBITMQ_HOME/sbin:$PATH + +# gpg: key 6026DFCA: public key "RabbitMQ Release Signing Key " imported +ENV RABBITMQ_GPG_KEY 0A9AF2115F4687BD29803A206B73A36E6026DFCA + +ENV RABBITMQ_VERSION 3.7.0 +ENV RABBITMQ_GITHUB_TAG v3.7.0 + +RUN set -ex; \ + \ + apk add --no-cache --virtual .build-deps \ + ca-certificates \ + gnupg \ + libressl \ + xz \ + ; \ + \ + wget -O rabbitmq-server.tar.xz.asc "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz.asc"; \ + wget -O rabbitmq-server.tar.xz "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server-generic-unix-${RABBITMQ_VERSION}.tar.xz"; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$RABBITMQ_GPG_KEY"; \ + gpg --batch --verify rabbitmq-server.tar.xz.asc rabbitmq-server.tar.xz; \ + rm -rf "$GNUPGHOME"; \ + \ + mkdir -p "$RABBITMQ_HOME"; \ + tar \ + --extract \ + --verbose \ + --file rabbitmq-server.tar.xz \ + --directory "$RABBITMQ_HOME" \ + --strip-components 1 \ + ; \ + rm -f rabbitmq-server.tar.xz*; \ + \ +# update SYS_PREFIX (first making sure it's set to what we expect it to be) + grep -qE '^SYS_PREFIX=\$\{RABBITMQ_HOME\}$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \ + sed -ri 's!^(SYS_PREFIX=).*$!\1!g' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \ + grep -qE '^SYS_PREFIX=$' "$RABBITMQ_HOME/sbin/rabbitmq-defaults"; \ + \ + apk del .build-deps + +# set home so that any `--user` knows where to put the erlang cookie +ENV HOME /var/lib/rabbitmq + +RUN mkdir -p /var/lib/rabbitmq /etc/rabbitmq /var/log/rabbitmq \ + && chown -R rabbitmq:rabbitmq /var/lib/rabbitmq /etc/rabbitmq /var/log/rabbitmq \ + && chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq /var/log/rabbitmq +VOLUME /var/lib/rabbitmq + +# add a symlink to the .erlang.cookie in /root so we can "docker exec rabbitmqctl ..." without gosu +RUN ln -sf /var/lib/rabbitmq/.erlang.cookie /root/ + +RUN ln -sf "$RABBITMQ_HOME/plugins" /plugins + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 4369 5671 5672 25672 +CMD ["rabbitmq-server"] diff --git a/3.7/alpine/docker-entrypoint.sh b/3.7/alpine/docker-entrypoint.sh new file mode 100755 index 00000000..aefb5639 --- /dev/null +++ b/3.7/alpine/docker-entrypoint.sh @@ -0,0 +1,379 @@ +#!/bin/bash +set -eu + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# allow the container to be started with `--user` +if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then + if [ "$1" = 'rabbitmq-server' ]; then + chown -R rabbitmq /var/lib/rabbitmq + fi + exec su-exec rabbitmq "$BASH_SOURCE" "$@" +fi + +# backwards compatibility for old environment variables +: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}" +: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}" +: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}" + +# "management" SSL config should default to using the same certs +: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}" + +# Allowed env vars that will be read from mounted files (i.e. Docker Secrets): +fileEnvKeys=( + default_user + default_pass +) + +# https://www.rabbitmq.com/configure.html +sslConfigKeys=( + cacertfile + certfile + depth + fail_if_no_peer_cert + keyfile + verify +) +managementConfigKeys=( + "${sslConfigKeys[@]/#/ssl_}" +) +rabbitConfigKeys=( + default_pass + default_user + default_vhost + hipe_compile + vm_memory_high_watermark +) +fileConfigKeys=( + management_ssl_cacertfile + management_ssl_certfile + management_ssl_keyfile + ssl_cacertfile + ssl_certfile + ssl_keyfile +) +allConfigKeys=( + "${managementConfigKeys[@]/#/management_}" + "${rabbitConfigKeys[@]}" + "${sslConfigKeys[@]/#/ssl_}" +) + +declare -A configDefaults=( + [management_ssl_fail_if_no_peer_cert]='false' + [management_ssl_verify]='verify_none' + + [ssl_fail_if_no_peer_cert]='true' + [ssl_verify]='verify_peer' +) + +haveConfig= +haveSslConfig= +haveManagementSslConfig= +for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done +for conf in "${allConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var:-}" + if [ "$val" ]; then + if [ "${configDefaults[$conf]:-}" ] && [ "${configDefaults[$conf]}" = "$val" ]; then + # if the value set is the same as the default, treat it as if it isn't set + continue + fi + haveConfig=1 + case "$conf" in + ssl_*) haveSslConfig=1 ;; + management_ssl_*) haveManagementSslConfig=1 ;; + esac + fi +done +if [ "$haveSslConfig" ]; then + missing=() + for sslConf in cacertfile certfile keyfile; do + var="RABBITMQ_SSL_${sslConf^^}" + val="${!var}" + if [ -z "$val" ]; then + missing+=( "$var" ) + fi + done + if [ "${#missing[@]}" -gt 0 ]; then + { + echo + echo 'error: SSL requested, but missing required configuration' + for miss in "${missing[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 + fi +fi +missingFiles=() +for conf in "${fileConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var}" + if [ "$val" ] && [ ! -f "$val" ]; then + missingFiles+=( "$val ($var)" ) + fi +done +if [ "${#missingFiles[@]}" -gt 0 ]; then + { + echo + echo 'error: files specified, but missing' + for miss in "${missingFiles[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 +fi + +# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off) +for conf in "${!configDefaults[@]}"; do + default="${configDefaults[$conf]}" + var="RABBITMQ_${conf^^}" + [ -z "${!var:-}" ] || continue + eval "export $var=\"\$default\"" +done + +# if long and short hostnames are not the same, use long hostnames +if [ "$(hostname)" != "$(hostname -s)" ]; then + : "${RABBITMQ_USE_LONGNAME:=true}" +fi + +if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then + cookieFile='/var/lib/rabbitmq/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile" + fi + chmod 600 "$cookieFile" +fi + +configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}" +oldConfigFile="$configBase.config" +newConfigFile="$configBase.conf" + +shouldWriteConfig="$haveConfig" +if [ -n "$shouldWriteConfig" ] && [ -f "$oldConfigFile" ]; then + { + echo "error: Docker configuration environment variables specified, but old-style (Erlang syntax) configuration file '$oldConfigFile' exists" + echo " Suggested fixes: (choose one)" + echo " - remove '$oldConfigFile'" + echo " - remove any Docker-specific 'RABBITMQ_...' environment variables" + echo " - convert '$oldConfigFile' to the newer sysctl format ('$newConfigFile'); see https://www.rabbitmq.com/configure.html#config-file" + } >&2 + exit 1 +fi +if [ -z "$shouldWriteConfig" ] && [ ! -f "$oldConfigFile" ] && [ ! -f "$newConfigFile" ]; then + # no config files, we should write one + shouldWriteConfig=1 +fi + +# http://stackoverflow.com/a/2705678/433558 +sed_escape_lhs() { + echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g' +} +sed_escape_rhs() { + echo "$@" | sed -e 's/[\/&]/\\&/g' +} +rabbit_set_config() { + local key="$1"; shift + local val="$1"; shift + + [ -e "$newConfigFile" ] || touch "$newConfigFile" + + local sedKey="$(sed_escape_lhs "$key")" + local sedVal="$(sed_escape_rhs "$val")" + sed -ri \ + "s/^[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*)\S.*\$/\1${sedVal}/" \ + "$newConfigFile" + if ! grep -qE "^${sedKey}[[:space:]]*=" "$newConfigFile"; then + echo "$key = $val" >> "$newConfigFile" + fi +} +rabbit_comment_config() { + local key="$1"; shift + + [ -e "$newConfigFile" ] || touch "$newConfigFile" + + local sedKey="$(sed_escape_lhs "$key")" + sed -ri \ + "s/^[[:space:]]*#?[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*\S.*)\$/# \1/" \ + "$newConfigFile" +} +rabbit_env_config() { + local prefix="$1"; shift + + local conf + for conf; do + local var="rabbitmq${prefix:+_$prefix}_$conf" + var="${var^^}" + + local key="$conf" + case "$prefix" in + ssl) key="ssl_options.$key" ;; + management_ssl) key="management.listener.ssl_opts.$key" ;; + esac + + local val="${!var:-}" + local rawVal="$val" + case "$conf" in + verify|fail_if_no_peer_cert|depth|hipe_compile) + [ -n "$val" ] && rawVal='true' || rawVal='false' + ;; + + vm_memory_high_watermark) continue ;; # handled separately + esac + + if [ -n "$rawVal" ]; then + rabbit_set_config "$key" "$rawVal" + else + rabbit_comment_config "$key" + fi + done +} + +if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then + rabbit_set_config 'loopback_users.guest' 'false' + + # determine whether to set "vm_memory_high_watermark" (based on cgroups) + memTotalKb= + if [ -r /proc/meminfo ]; then + memTotalKb="$(awk -F ':? +' '$1 == "MemTotal" { print $2; exit }' /proc/meminfo)" + fi + memLimitB= + if [ -r /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then + # "18446744073709551615" is a valid value for "memory.limit_in_bytes", which is too big for Bash math to handle + # "$(( 18446744073709551615 / 1024 ))" = 0; "$(( 18446744073709551615 * 40 / 100 ))" = 0 + memLimitB="$(awk -v totKb="$memTotalKb" '{ + limB = $0; + limKb = limB / 1024; + if (!totKb || limKb < totKb) { + printf "%.0f\n", limB; + } + }' /sys/fs/cgroup/memory/memory.limit_in_bytes)" + fi + if [ -n "$memLimitB" ]; then + # if we have a cgroup memory limit, let's inform RabbitMQ of what it is (so it can calculate vm_memory_high_watermark properly) + # https://github.com/rabbitmq/rabbitmq-server/pull/1234 + :# TODO rabbit_set_config 'total_memory_available_override_value' "$memLimitB" + # TODO https://github.com/rabbitmq/rabbitmq-server/issues/1445 (missing in 3.7.0) + fi + # https://www.rabbitmq.com/memory.html#memsup-usage + if [ "${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-}" ]; then + # https://github.com/docker-library/rabbitmq/pull/105#issuecomment-242165822 + vmMemoryHighWatermark="$( + echo "$RABBITMQ_VM_MEMORY_HIGH_WATERMARK" | awk ' + /^[0-9]*[.][0-9]+$|^[0-9]+([.][0-9]+)?%$/ { + perc = $0; + if (perc ~ /%$/) { + gsub(/%$/, "", perc); + perc = perc / 100; + } + if (perc > 1.0 || perc <= 0.0) { + printf "error: invalid percentage for vm_memory_high_watermark: %s (must be > 0%%, <= 100%%)\n", $0 > "/dev/stderr"; + exit 1; + } + printf "vm_memory_high_watermark.relative %0.03f\n", perc; + next; + } + /^[0-9]+$/ { + printf "vm_memory_high_watermark.absolute %s\n", $0; + next; + } + /^[0-9]+([.][0-9]+)?[a-zA-Z]+$/ { + printf "vm_memory_high_watermark.absolute %s\n", $0; + next; + } + { + printf "error: unexpected input for vm_memory_high_watermark: %s\n", $0; + exit 1; + } + ' + )" + if [ "$vmMemoryHighWatermark" ]; then + vmMemoryHighWatermarkKey="${vmMemoryHighWatermark%% *}" + vmMemoryHighWatermarkVal="${vmMemoryHighWatermark#$vmMemoryHighWatermarkKey }" + rabbit_set_config "$vmMemoryHighWatermarkKey" "$vmMemoryHighWatermarkVal" + case "$vmMemoryHighWatermarkKey" in + # make sure we only set one or the other + 'vm_memory_high_watermark.absolute') rabbit_comment_config 'vm_memory_high_watermark.relative' ;; + 'vm_memory_high_watermark.relative') rabbit_comment_config 'vm_memory_high_watermark.absolute' ;; + esac + fi + fi + + if [ "$haveSslConfig" ]; then + rabbit_set_config 'listeners.ssl.default' 5671 + rabbit_env_config 'ssl' "${sslConfigKeys[@]}" + else + rabbit_set_config 'listeners.tcp.default' 5672 + fi + + rabbit_env_config '' "${rabbitConfigKeys[@]}" + + # if management plugin is installed, generate config for it + # https://www.rabbitmq.com/management.html#configuration + if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then + if [ "$haveManagementSslConfig" ]; then + rabbit_set_config 'management.listener.port' 15671 + rabbit_set_config 'management.listener.ssl' 'true' + rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}" + else + rabbit_set_config 'management.listener.port' 15672 + rabbit_set_config 'management.listener.ssl' 'false' + fi + + # if definitions file exists, then load it + # https://www.rabbitmq.com/management.html#load-definitions + managementDefinitionsFile='/etc/rabbitmq/definitions.json' + if [ -f "$managementDefinitionsFile" ]; then + # see also https://github.com/docker-library/rabbitmq/pull/112#issuecomment-271485550 + rabbit_set_config 'management.load_definitions' "$managementDefinitionsFile" + fi + fi +fi + +combinedSsl='/tmp/combined.pem' +if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then + # Create combined cert + cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl" + chmod 0400 "$combinedSsl" +fi +if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then + # More ENV vars for make clustering happiness + # we don't handle clustering in this script, but these args should ensure + # clustered SSL-enabled members will talk nicely + export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)" + sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true" + export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="${RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS:-} $sslErlArgs" + export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs" +fi + +exec "$@" diff --git a/3.7/alpine/management/Dockerfile b/3.7/alpine/management/Dockerfile new file mode 100644 index 00000000..9afa9f16 --- /dev/null +++ b/3.7/alpine/management/Dockerfile @@ -0,0 +1,5 @@ +FROM rabbitmq:alpine + +RUN rabbitmq-plugins enable --offline rabbitmq_management + +EXPOSE 15671 15672 diff --git a/3.7/debian/Dockerfile b/3.7/debian/Dockerfile new file mode 100644 index 00000000..c52ec77a --- /dev/null +++ b/3.7/debian/Dockerfile @@ -0,0 +1,144 @@ +FROM debian:stretch-slim + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + gnupg \ + dirmngr \ + ; \ + rm -rf /var/lib/apt/lists/* + +# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added +RUN groupadd -r rabbitmq && useradd -r -d /var/lib/rabbitmq -m -g rabbitmq rabbitmq + +# grab gosu for easy step-down from root +ENV GOSU_VERSION 1.10 +RUN set -eux; \ + \ + fetchDeps=' \ + ca-certificates \ + wget \ + '; \ + apt-get update; \ + apt-get install -y --no-install-recommends $fetchDeps; \ + rm -rf /var/lib/apt/lists/*; \ + \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + \ + chmod +x /usr/local/bin/gosu; \ +# verify that the binary works + gosu nobody true; \ + \ + apt-get purge -y --auto-remove $fetchDeps + +# RabbitMQ 3.6.15+ requires Erlang 19.3+ (and Stretch only has 19.2); https://www.rabbitmq.com/which-erlang.html +# so we'll pull Erlang from Buster instead (not using Erlang Solutions since their multiarch support is extremely limited) +RUN set -eux; \ +# add buster sources.list + sed 's/stretch/buster/g' /etc/apt/sources.list \ + | tee /etc/apt/sources.list.d/buster.list; \ +# update apt-preferences such that we get only erlang* from buster (and erlang* only from buster) + { \ + echo 'Package: *'; \ + echo 'Pin: release n=buster*'; \ + echo 'Pin-Priority: -10'; \ + echo; \ + echo 'Package: erlang*'; \ + echo 'Pin: release n=buster*'; \ + echo 'Pin-Priority: 999'; \ + echo; \ + echo 'Package: erlang*'; \ + echo 'Pin: release n=stretch*'; \ + echo 'Pin-Priority: -10'; \ + } | tee /etc/apt/preferences.d/buster-erlang + +# install Erlang +RUN set -eux; \ + apt-get update; \ +# "erlang-base-hipe" is optional (and only supported on a few arches) +# so, only install it if it's available for our current arch + if apt-cache show erlang-base-hipe 2>/dev/null | grep -q 'Package: erlang-base-hipe'; then \ + apt-get install -y --no-install-recommends \ + erlang-base-hipe \ + ; \ + fi; \ +# we start with "erlang-base-hipe" because it and "erlang-base" (non-hipe) are exclusive + apt-get install -y --no-install-recommends \ + erlang-asn1 \ + erlang-crypto \ + erlang-eldap \ + erlang-inets \ + erlang-mnesia \ + erlang-nox \ + erlang-os-mon \ + erlang-public-key \ + erlang-ssl \ + erlang-xmerl \ + ; \ + rm -rf /var/lib/apt/lists/* + +# get logs to stdout (thanks @dumbbell for pushing this upstream! :D) +ENV RABBITMQ_LOGS=- RABBITMQ_SASL_LOGS=- +# https://github.com/rabbitmq/rabbitmq-server/commit/53af45bf9a162dec849407d114041aad3d84feaf + +# /usr/sbin/rabbitmq-server has some irritating behavior, and only exists to "su - rabbitmq /usr/lib/rabbitmq/bin/rabbitmq-server ..." +ENV PATH /usr/lib/rabbitmq/bin:$PATH + +# gpg: key 6026DFCA: public key "RabbitMQ Release Signing Key " imported +ENV RABBITMQ_GPG_KEY 0A9AF2115F4687BD29803A206B73A36E6026DFCA + +ENV RABBITMQ_VERSION 3.7.0 +ENV RABBITMQ_GITHUB_TAG v3.7.0 +ENV RABBITMQ_DEBIAN_VERSION 3.7.0-1 + +RUN set -eux; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends ca-certificates wget; \ + \ + wget -O rabbitmq-server.deb.asc "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server_${RABBITMQ_DEBIAN_VERSION}_all.deb.asc"; \ + wget -O rabbitmq-server.deb "https://github.com/rabbitmq/rabbitmq-server/releases/download/$RABBITMQ_GITHUB_TAG/rabbitmq-server_${RABBITMQ_DEBIAN_VERSION}_all.deb"; \ + \ + apt-get purge -y --auto-remove ca-certificates wget; \ + \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$RABBITMQ_GPG_KEY"; \ + gpg --batch --verify rabbitmq-server.deb.asc rabbitmq-server.deb; \ + rm -rf "$GNUPGHOME"; \ + \ + apt install -y --no-install-recommends ./rabbitmq-server.deb; \ + dpkg -l | grep rabbitmq-server; \ + rm -f rabbitmq-server.deb*; \ + \ + rm -rf /var/lib/apt/lists/* + +# warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell) +ENV LANG C.UTF-8 + +# set home so that any `--user` knows where to put the erlang cookie +ENV HOME /var/lib/rabbitmq + +RUN mkdir -p /var/lib/rabbitmq /etc/rabbitmq \ + && chown -R rabbitmq:rabbitmq /var/lib/rabbitmq /etc/rabbitmq \ + && chmod -R 777 /var/lib/rabbitmq /etc/rabbitmq +VOLUME /var/lib/rabbitmq + +# add a symlink to the .erlang.cookie in /root so we can "docker exec rabbitmqctl ..." without gosu +RUN ln -sf /var/lib/rabbitmq/.erlang.cookie /root/ + +RUN ln -sf "/usr/lib/rabbitmq/lib/rabbitmq_server-$RABBITMQ_VERSION/plugins" /plugins + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 4369 5671 5672 25672 +CMD ["rabbitmq-server"] diff --git a/3.7/debian/docker-entrypoint.sh b/3.7/debian/docker-entrypoint.sh new file mode 100755 index 00000000..4c8fa3d6 --- /dev/null +++ b/3.7/debian/docker-entrypoint.sh @@ -0,0 +1,379 @@ +#!/bin/bash +set -eu + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# allow the container to be started with `--user` +if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then + if [ "$1" = 'rabbitmq-server' ]; then + chown -R rabbitmq /var/lib/rabbitmq + fi + exec gosu rabbitmq "$BASH_SOURCE" "$@" +fi + +# backwards compatibility for old environment variables +: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}" +: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}" +: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}" + +# "management" SSL config should default to using the same certs +: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}" + +# Allowed env vars that will be read from mounted files (i.e. Docker Secrets): +fileEnvKeys=( + default_user + default_pass +) + +# https://www.rabbitmq.com/configure.html +sslConfigKeys=( + cacertfile + certfile + depth + fail_if_no_peer_cert + keyfile + verify +) +managementConfigKeys=( + "${sslConfigKeys[@]/#/ssl_}" +) +rabbitConfigKeys=( + default_pass + default_user + default_vhost + hipe_compile + vm_memory_high_watermark +) +fileConfigKeys=( + management_ssl_cacertfile + management_ssl_certfile + management_ssl_keyfile + ssl_cacertfile + ssl_certfile + ssl_keyfile +) +allConfigKeys=( + "${managementConfigKeys[@]/#/management_}" + "${rabbitConfigKeys[@]}" + "${sslConfigKeys[@]/#/ssl_}" +) + +declare -A configDefaults=( + [management_ssl_fail_if_no_peer_cert]='false' + [management_ssl_verify]='verify_none' + + [ssl_fail_if_no_peer_cert]='true' + [ssl_verify]='verify_peer' +) + +haveConfig= +haveSslConfig= +haveManagementSslConfig= +for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done +for conf in "${allConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var:-}" + if [ "$val" ]; then + if [ "${configDefaults[$conf]:-}" ] && [ "${configDefaults[$conf]}" = "$val" ]; then + # if the value set is the same as the default, treat it as if it isn't set + continue + fi + haveConfig=1 + case "$conf" in + ssl_*) haveSslConfig=1 ;; + management_ssl_*) haveManagementSslConfig=1 ;; + esac + fi +done +if [ "$haveSslConfig" ]; then + missing=() + for sslConf in cacertfile certfile keyfile; do + var="RABBITMQ_SSL_${sslConf^^}" + val="${!var}" + if [ -z "$val" ]; then + missing+=( "$var" ) + fi + done + if [ "${#missing[@]}" -gt 0 ]; then + { + echo + echo 'error: SSL requested, but missing required configuration' + for miss in "${missing[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 + fi +fi +missingFiles=() +for conf in "${fileConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var}" + if [ "$val" ] && [ ! -f "$val" ]; then + missingFiles+=( "$val ($var)" ) + fi +done +if [ "${#missingFiles[@]}" -gt 0 ]; then + { + echo + echo 'error: files specified, but missing' + for miss in "${missingFiles[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 +fi + +# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off) +for conf in "${!configDefaults[@]}"; do + default="${configDefaults[$conf]}" + var="RABBITMQ_${conf^^}" + [ -z "${!var:-}" ] || continue + eval "export $var=\"\$default\"" +done + +# if long and short hostnames are not the same, use long hostnames +if [ "$(hostname)" != "$(hostname -s)" ]; then + : "${RABBITMQ_USE_LONGNAME:=true}" +fi + +if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then + cookieFile='/var/lib/rabbitmq/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile" + fi + chmod 600 "$cookieFile" +fi + +configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}" +oldConfigFile="$configBase.config" +newConfigFile="$configBase.conf" + +shouldWriteConfig="$haveConfig" +if [ -n "$shouldWriteConfig" ] && [ -f "$oldConfigFile" ]; then + { + echo "error: Docker configuration environment variables specified, but old-style (Erlang syntax) configuration file '$oldConfigFile' exists" + echo " Suggested fixes: (choose one)" + echo " - remove '$oldConfigFile'" + echo " - remove any Docker-specific 'RABBITMQ_...' environment variables" + echo " - convert '$oldConfigFile' to the newer sysctl format ('$newConfigFile'); see https://www.rabbitmq.com/configure.html#config-file" + } >&2 + exit 1 +fi +if [ -z "$shouldWriteConfig" ] && [ ! -f "$oldConfigFile" ] && [ ! -f "$newConfigFile" ]; then + # no config files, we should write one + shouldWriteConfig=1 +fi + +# http://stackoverflow.com/a/2705678/433558 +sed_escape_lhs() { + echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g' +} +sed_escape_rhs() { + echo "$@" | sed -e 's/[\/&]/\\&/g' +} +rabbit_set_config() { + local key="$1"; shift + local val="$1"; shift + + [ -e "$newConfigFile" ] || touch "$newConfigFile" + + local sedKey="$(sed_escape_lhs "$key")" + local sedVal="$(sed_escape_rhs "$val")" + sed -ri \ + "s/^[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*)\S.*\$/\1${sedVal}/" \ + "$newConfigFile" + if ! grep -qE "^${sedKey}[[:space:]]*=" "$newConfigFile"; then + echo "$key = $val" >> "$newConfigFile" + fi +} +rabbit_comment_config() { + local key="$1"; shift + + [ -e "$newConfigFile" ] || touch "$newConfigFile" + + local sedKey="$(sed_escape_lhs "$key")" + sed -ri \ + "s/^[[:space:]]*#?[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*\S.*)\$/# \1/" \ + "$newConfigFile" +} +rabbit_env_config() { + local prefix="$1"; shift + + local conf + for conf; do + local var="rabbitmq${prefix:+_$prefix}_$conf" + var="${var^^}" + + local key="$conf" + case "$prefix" in + ssl) key="ssl_options.$key" ;; + management_ssl) key="management.listener.ssl_opts.$key" ;; + esac + + local val="${!var:-}" + local rawVal="$val" + case "$conf" in + verify|fail_if_no_peer_cert|depth|hipe_compile) + [ -n "$val" ] && rawVal='true' || rawVal='false' + ;; + + vm_memory_high_watermark) continue ;; # handled separately + esac + + if [ -n "$rawVal" ]; then + rabbit_set_config "$key" "$rawVal" + else + rabbit_comment_config "$key" + fi + done +} + +if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then + rabbit_set_config 'loopback_users.guest' 'false' + + # determine whether to set "vm_memory_high_watermark" (based on cgroups) + memTotalKb= + if [ -r /proc/meminfo ]; then + memTotalKb="$(awk -F ':? +' '$1 == "MemTotal" { print $2; exit }' /proc/meminfo)" + fi + memLimitB= + if [ -r /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then + # "18446744073709551615" is a valid value for "memory.limit_in_bytes", which is too big for Bash math to handle + # "$(( 18446744073709551615 / 1024 ))" = 0; "$(( 18446744073709551615 * 40 / 100 ))" = 0 + memLimitB="$(awk -v totKb="$memTotalKb" '{ + limB = $0; + limKb = limB / 1024; + if (!totKb || limKb < totKb) { + printf "%.0f\n", limB; + } + }' /sys/fs/cgroup/memory/memory.limit_in_bytes)" + fi + if [ -n "$memLimitB" ]; then + # if we have a cgroup memory limit, let's inform RabbitMQ of what it is (so it can calculate vm_memory_high_watermark properly) + # https://github.com/rabbitmq/rabbitmq-server/pull/1234 + :# TODO rabbit_set_config 'total_memory_available_override_value' "$memLimitB" + # TODO https://github.com/rabbitmq/rabbitmq-server/issues/1445 (missing in 3.7.0) + fi + # https://www.rabbitmq.com/memory.html#memsup-usage + if [ "${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-}" ]; then + # https://github.com/docker-library/rabbitmq/pull/105#issuecomment-242165822 + vmMemoryHighWatermark="$( + echo "$RABBITMQ_VM_MEMORY_HIGH_WATERMARK" | awk ' + /^[0-9]*[.][0-9]+$|^[0-9]+([.][0-9]+)?%$/ { + perc = $0; + if (perc ~ /%$/) { + gsub(/%$/, "", perc); + perc = perc / 100; + } + if (perc > 1.0 || perc <= 0.0) { + printf "error: invalid percentage for vm_memory_high_watermark: %s (must be > 0%%, <= 100%%)\n", $0 > "/dev/stderr"; + exit 1; + } + printf "vm_memory_high_watermark.relative %0.03f\n", perc; + next; + } + /^[0-9]+$/ { + printf "vm_memory_high_watermark.absolute %s\n", $0; + next; + } + /^[0-9]+([.][0-9]+)?[a-zA-Z]+$/ { + printf "vm_memory_high_watermark.absolute %s\n", $0; + next; + } + { + printf "error: unexpected input for vm_memory_high_watermark: %s\n", $0; + exit 1; + } + ' + )" + if [ "$vmMemoryHighWatermark" ]; then + vmMemoryHighWatermarkKey="${vmMemoryHighWatermark%% *}" + vmMemoryHighWatermarkVal="${vmMemoryHighWatermark#$vmMemoryHighWatermarkKey }" + rabbit_set_config "$vmMemoryHighWatermarkKey" "$vmMemoryHighWatermarkVal" + case "$vmMemoryHighWatermarkKey" in + # make sure we only set one or the other + 'vm_memory_high_watermark.absolute') rabbit_comment_config 'vm_memory_high_watermark.relative' ;; + 'vm_memory_high_watermark.relative') rabbit_comment_config 'vm_memory_high_watermark.absolute' ;; + esac + fi + fi + + if [ "$haveSslConfig" ]; then + rabbit_set_config 'listeners.ssl.default' 5671 + rabbit_env_config 'ssl' "${sslConfigKeys[@]}" + else + rabbit_set_config 'listeners.tcp.default' 5672 + fi + + rabbit_env_config '' "${rabbitConfigKeys[@]}" + + # if management plugin is installed, generate config for it + # https://www.rabbitmq.com/management.html#configuration + if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then + if [ "$haveManagementSslConfig" ]; then + rabbit_set_config 'management.listener.port' 15671 + rabbit_set_config 'management.listener.ssl' 'true' + rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}" + else + rabbit_set_config 'management.listener.port' 15672 + rabbit_set_config 'management.listener.ssl' 'false' + fi + + # if definitions file exists, then load it + # https://www.rabbitmq.com/management.html#load-definitions + managementDefinitionsFile='/etc/rabbitmq/definitions.json' + if [ -f "$managementDefinitionsFile" ]; then + # see also https://github.com/docker-library/rabbitmq/pull/112#issuecomment-271485550 + rabbit_set_config 'management.load_definitions' "$managementDefinitionsFile" + fi + fi +fi + +combinedSsl='/tmp/combined.pem' +if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then + # Create combined cert + cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl" + chmod 0400 "$combinedSsl" +fi +if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then + # More ENV vars for make clustering happiness + # we don't handle clustering in this script, but these args should ensure + # clustered SSL-enabled members will talk nicely + export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)" + sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true" + export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="${RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS:-} $sslErlArgs" + export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs" +fi + +exec "$@" diff --git a/3.7/debian/management/Dockerfile b/3.7/debian/management/Dockerfile new file mode 100644 index 00000000..48727d2d --- /dev/null +++ b/3.7/debian/management/Dockerfile @@ -0,0 +1,5 @@ +FROM rabbitmq + +RUN rabbitmq-plugins enable --offline rabbitmq_management + +EXPOSE 15671 15672 diff --git a/3.7/docker-entrypoint.sh b/3.7/docker-entrypoint.sh new file mode 100755 index 00000000..4c8fa3d6 --- /dev/null +++ b/3.7/docker-entrypoint.sh @@ -0,0 +1,379 @@ +#!/bin/bash +set -eu + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +# allow the container to be started with `--user` +if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then + if [ "$1" = 'rabbitmq-server' ]; then + chown -R rabbitmq /var/lib/rabbitmq + fi + exec gosu rabbitmq "$BASH_SOURCE" "$@" +fi + +# backwards compatibility for old environment variables +: "${RABBITMQ_SSL_CERTFILE:=${RABBITMQ_SSL_CERT_FILE:-}}" +: "${RABBITMQ_SSL_KEYFILE:=${RABBITMQ_SSL_KEY_FILE:-}}" +: "${RABBITMQ_SSL_CACERTFILE:=${RABBITMQ_SSL_CA_FILE:-}}" + +# "management" SSL config should default to using the same certs +: "${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:=$RABBITMQ_SSL_CACERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_CERTFILE:=$RABBITMQ_SSL_CERTFILE}" +: "${RABBITMQ_MANAGEMENT_SSL_KEYFILE:=$RABBITMQ_SSL_KEYFILE}" + +# Allowed env vars that will be read from mounted files (i.e. Docker Secrets): +fileEnvKeys=( + default_user + default_pass +) + +# https://www.rabbitmq.com/configure.html +sslConfigKeys=( + cacertfile + certfile + depth + fail_if_no_peer_cert + keyfile + verify +) +managementConfigKeys=( + "${sslConfigKeys[@]/#/ssl_}" +) +rabbitConfigKeys=( + default_pass + default_user + default_vhost + hipe_compile + vm_memory_high_watermark +) +fileConfigKeys=( + management_ssl_cacertfile + management_ssl_certfile + management_ssl_keyfile + ssl_cacertfile + ssl_certfile + ssl_keyfile +) +allConfigKeys=( + "${managementConfigKeys[@]/#/management_}" + "${rabbitConfigKeys[@]}" + "${sslConfigKeys[@]/#/ssl_}" +) + +declare -A configDefaults=( + [management_ssl_fail_if_no_peer_cert]='false' + [management_ssl_verify]='verify_none' + + [ssl_fail_if_no_peer_cert]='true' + [ssl_verify]='verify_peer' +) + +haveConfig= +haveSslConfig= +haveManagementSslConfig= +for fileEnvKey in "${fileEnvKeys[@]}"; do file_env "RABBITMQ_${fileEnvKey^^}"; done +for conf in "${allConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var:-}" + if [ "$val" ]; then + if [ "${configDefaults[$conf]:-}" ] && [ "${configDefaults[$conf]}" = "$val" ]; then + # if the value set is the same as the default, treat it as if it isn't set + continue + fi + haveConfig=1 + case "$conf" in + ssl_*) haveSslConfig=1 ;; + management_ssl_*) haveManagementSslConfig=1 ;; + esac + fi +done +if [ "$haveSslConfig" ]; then + missing=() + for sslConf in cacertfile certfile keyfile; do + var="RABBITMQ_SSL_${sslConf^^}" + val="${!var}" + if [ -z "$val" ]; then + missing+=( "$var" ) + fi + done + if [ "${#missing[@]}" -gt 0 ]; then + { + echo + echo 'error: SSL requested, but missing required configuration' + for miss in "${missing[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 + fi +fi +missingFiles=() +for conf in "${fileConfigKeys[@]}"; do + var="RABBITMQ_${conf^^}" + val="${!var}" + if [ "$val" ] && [ ! -f "$val" ]; then + missingFiles+=( "$val ($var)" ) + fi +done +if [ "${#missingFiles[@]}" -gt 0 ]; then + { + echo + echo 'error: files specified, but missing' + for miss in "${missingFiles[@]}"; do + echo " - $miss" + done + echo + } >&2 + exit 1 +fi + +# set defaults for missing values (but only after we're done with all our checking so we don't throw any of that off) +for conf in "${!configDefaults[@]}"; do + default="${configDefaults[$conf]}" + var="RABBITMQ_${conf^^}" + [ -z "${!var:-}" ] || continue + eval "export $var=\"\$default\"" +done + +# if long and short hostnames are not the same, use long hostnames +if [ "$(hostname)" != "$(hostname -s)" ]; then + : "${RABBITMQ_USE_LONGNAME:=true}" +fi + +if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then + cookieFile='/var/lib/rabbitmq/.erlang.cookie' + if [ -e "$cookieFile" ]; then + if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then + echo >&2 + echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE" + echo >&2 + fi + else + echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile" + fi + chmod 600 "$cookieFile" +fi + +configBase="${RABBITMQ_CONFIG_FILE:-/etc/rabbitmq/rabbitmq}" +oldConfigFile="$configBase.config" +newConfigFile="$configBase.conf" + +shouldWriteConfig="$haveConfig" +if [ -n "$shouldWriteConfig" ] && [ -f "$oldConfigFile" ]; then + { + echo "error: Docker configuration environment variables specified, but old-style (Erlang syntax) configuration file '$oldConfigFile' exists" + echo " Suggested fixes: (choose one)" + echo " - remove '$oldConfigFile'" + echo " - remove any Docker-specific 'RABBITMQ_...' environment variables" + echo " - convert '$oldConfigFile' to the newer sysctl format ('$newConfigFile'); see https://www.rabbitmq.com/configure.html#config-file" + } >&2 + exit 1 +fi +if [ -z "$shouldWriteConfig" ] && [ ! -f "$oldConfigFile" ] && [ ! -f "$newConfigFile" ]; then + # no config files, we should write one + shouldWriteConfig=1 +fi + +# http://stackoverflow.com/a/2705678/433558 +sed_escape_lhs() { + echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g' +} +sed_escape_rhs() { + echo "$@" | sed -e 's/[\/&]/\\&/g' +} +rabbit_set_config() { + local key="$1"; shift + local val="$1"; shift + + [ -e "$newConfigFile" ] || touch "$newConfigFile" + + local sedKey="$(sed_escape_lhs "$key")" + local sedVal="$(sed_escape_rhs "$val")" + sed -ri \ + "s/^[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*)\S.*\$/\1${sedVal}/" \ + "$newConfigFile" + if ! grep -qE "^${sedKey}[[:space:]]*=" "$newConfigFile"; then + echo "$key = $val" >> "$newConfigFile" + fi +} +rabbit_comment_config() { + local key="$1"; shift + + [ -e "$newConfigFile" ] || touch "$newConfigFile" + + local sedKey="$(sed_escape_lhs "$key")" + sed -ri \ + "s/^[[:space:]]*#?[[:space:]]*(${sedKey}[[:space:]]*=[[:space:]]*\S.*)\$/# \1/" \ + "$newConfigFile" +} +rabbit_env_config() { + local prefix="$1"; shift + + local conf + for conf; do + local var="rabbitmq${prefix:+_$prefix}_$conf" + var="${var^^}" + + local key="$conf" + case "$prefix" in + ssl) key="ssl_options.$key" ;; + management_ssl) key="management.listener.ssl_opts.$key" ;; + esac + + local val="${!var:-}" + local rawVal="$val" + case "$conf" in + verify|fail_if_no_peer_cert|depth|hipe_compile) + [ -n "$val" ] && rawVal='true' || rawVal='false' + ;; + + vm_memory_high_watermark) continue ;; # handled separately + esac + + if [ -n "$rawVal" ]; then + rabbit_set_config "$key" "$rawVal" + else + rabbit_comment_config "$key" + fi + done +} + +if [ "$1" = 'rabbitmq-server' ] && [ "$shouldWriteConfig" ]; then + rabbit_set_config 'loopback_users.guest' 'false' + + # determine whether to set "vm_memory_high_watermark" (based on cgroups) + memTotalKb= + if [ -r /proc/meminfo ]; then + memTotalKb="$(awk -F ':? +' '$1 == "MemTotal" { print $2; exit }' /proc/meminfo)" + fi + memLimitB= + if [ -r /sys/fs/cgroup/memory/memory.limit_in_bytes ]; then + # "18446744073709551615" is a valid value for "memory.limit_in_bytes", which is too big for Bash math to handle + # "$(( 18446744073709551615 / 1024 ))" = 0; "$(( 18446744073709551615 * 40 / 100 ))" = 0 + memLimitB="$(awk -v totKb="$memTotalKb" '{ + limB = $0; + limKb = limB / 1024; + if (!totKb || limKb < totKb) { + printf "%.0f\n", limB; + } + }' /sys/fs/cgroup/memory/memory.limit_in_bytes)" + fi + if [ -n "$memLimitB" ]; then + # if we have a cgroup memory limit, let's inform RabbitMQ of what it is (so it can calculate vm_memory_high_watermark properly) + # https://github.com/rabbitmq/rabbitmq-server/pull/1234 + :# TODO rabbit_set_config 'total_memory_available_override_value' "$memLimitB" + # TODO https://github.com/rabbitmq/rabbitmq-server/issues/1445 (missing in 3.7.0) + fi + # https://www.rabbitmq.com/memory.html#memsup-usage + if [ "${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-}" ]; then + # https://github.com/docker-library/rabbitmq/pull/105#issuecomment-242165822 + vmMemoryHighWatermark="$( + echo "$RABBITMQ_VM_MEMORY_HIGH_WATERMARK" | awk ' + /^[0-9]*[.][0-9]+$|^[0-9]+([.][0-9]+)?%$/ { + perc = $0; + if (perc ~ /%$/) { + gsub(/%$/, "", perc); + perc = perc / 100; + } + if (perc > 1.0 || perc <= 0.0) { + printf "error: invalid percentage for vm_memory_high_watermark: %s (must be > 0%%, <= 100%%)\n", $0 > "/dev/stderr"; + exit 1; + } + printf "vm_memory_high_watermark.relative %0.03f\n", perc; + next; + } + /^[0-9]+$/ { + printf "vm_memory_high_watermark.absolute %s\n", $0; + next; + } + /^[0-9]+([.][0-9]+)?[a-zA-Z]+$/ { + printf "vm_memory_high_watermark.absolute %s\n", $0; + next; + } + { + printf "error: unexpected input for vm_memory_high_watermark: %s\n", $0; + exit 1; + } + ' + )" + if [ "$vmMemoryHighWatermark" ]; then + vmMemoryHighWatermarkKey="${vmMemoryHighWatermark%% *}" + vmMemoryHighWatermarkVal="${vmMemoryHighWatermark#$vmMemoryHighWatermarkKey }" + rabbit_set_config "$vmMemoryHighWatermarkKey" "$vmMemoryHighWatermarkVal" + case "$vmMemoryHighWatermarkKey" in + # make sure we only set one or the other + 'vm_memory_high_watermark.absolute') rabbit_comment_config 'vm_memory_high_watermark.relative' ;; + 'vm_memory_high_watermark.relative') rabbit_comment_config 'vm_memory_high_watermark.absolute' ;; + esac + fi + fi + + if [ "$haveSslConfig" ]; then + rabbit_set_config 'listeners.ssl.default' 5671 + rabbit_env_config 'ssl' "${sslConfigKeys[@]}" + else + rabbit_set_config 'listeners.tcp.default' 5672 + fi + + rabbit_env_config '' "${rabbitConfigKeys[@]}" + + # if management plugin is installed, generate config for it + # https://www.rabbitmq.com/management.html#configuration + if [ "$(rabbitmq-plugins list -m -e rabbitmq_management)" ]; then + if [ "$haveManagementSslConfig" ]; then + rabbit_set_config 'management.listener.port' 15671 + rabbit_set_config 'management.listener.ssl' 'true' + rabbit_env_config 'management_ssl' "${sslConfigKeys[@]}" + else + rabbit_set_config 'management.listener.port' 15672 + rabbit_set_config 'management.listener.ssl' 'false' + fi + + # if definitions file exists, then load it + # https://www.rabbitmq.com/management.html#load-definitions + managementDefinitionsFile='/etc/rabbitmq/definitions.json' + if [ -f "$managementDefinitionsFile" ]; then + # see also https://github.com/docker-library/rabbitmq/pull/112#issuecomment-271485550 + rabbit_set_config 'management.load_definitions' "$managementDefinitionsFile" + fi + fi +fi + +combinedSsl='/tmp/combined.pem' +if [ "$haveSslConfig" ] && [[ "$1" == rabbitmq* ]] && [ ! -f "$combinedSsl" ]; then + # Create combined cert + cat "$RABBITMQ_SSL_CERTFILE" "$RABBITMQ_SSL_KEYFILE" > "$combinedSsl" + chmod 0400 "$combinedSsl" +fi +if [ "$haveSslConfig" ] && [ -f "$combinedSsl" ]; then + # More ENV vars for make clustering happiness + # we don't handle clustering in this script, but these args should ensure + # clustered SSL-enabled members will talk nicely + export ERL_SSL_PATH="$(erl -eval 'io:format("~p", [code:lib_dir(ssl, ebin)]),halt().' -noshell)" + sslErlArgs="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_opt server_certfile $combinedSsl -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true" + export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="${RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS:-} $sslErlArgs" + export RABBITMQ_CTL_ERL_ARGS="${RABBITMQ_CTL_ERL_ARGS:-} $sslErlArgs" +fi + +exec "$@" diff --git a/update.sh b/update.sh index c6c9cbb9..fd127143 100755 --- a/update.sh +++ b/update.sh @@ -58,7 +58,11 @@ for version in "${versions[@]}"; do -e 's/^(ENV RABBITMQ_GITHUB_TAG) .*/\1 '"$githubTag"'/' \ -e 's/^(ENV RABBITMQ_DEBIAN_VERSION) .*/\1 '"$debianVersion"'/' \ "$version/$variant/Dockerfile" + cp -va "$version/docker-entrypoint.sh" "$version/$variant/" ) + if [ "$variant" = 'alpine' ]; then + sed -i 's/gosu/su-exec/g' "$version/$variant/docker-entrypoint.sh" + fi travisEnv='\n - VERSION='"$version"' VARIANT='"$variant$travisEnv" done