Page History
...
- The build script implements two stages to exclude installer files from the resulting image.
- Line 3: The base image is the current Alpine image at build-time.
- Line 6 - 8: The release identification is injected by build arguments. This information is used to determine the tarball to be downloaded or copied.
- Line 11 - 12: You can either download the Agent tarball directly from the SOS web site or you store the tarball with the build directory and copy from this location.
Line 14 - 16: The tarball is extracted. For Unix Agents no installer is used.
Line 19: The
entrypoint.shscript is copied from the build directory to the image. Users can apply their own version of the entrypoint script. The entrypoint script used by SOS looks like this:
Download: entrypoint.shCode Block language bash title Entrypoint Script linenumbers true collapse true #!/bin/sh JS_USER_ID=`echo $RUN_JS_USER_ID | cut -d ':' -f 1` JS_GROUP_ID=`echo $RUN_JS_USER_ID | cut -d ':' -f 2` BUILD_GROUP_ID=`cat /etc/group | grep jobscheduler | cut -d ':' -f 3` BUILD_USER_ID=`cat /etc/passwd | grep jobscheduler | cut -d ':' -f 4` if [ "$(id -u)" = "0" ] then if [ ! "$BUILD_USER_ID" = "$JS_USER_ID" ] then echo "JS7 entrypoint script preparing switch of image user id '$BUILD_USER_ID' -> '$JS_USER_ID', group id '$BUILD_GROUP_ID' -> '$JS_GROUP_ID'" sedusermod -i "s/$BUILD_GROUP_ID/u $JS_USER_ID jobscheduler groupmod -g $JS_GROUP_ID/g" /etc/group jobscheduler sedfind /var/sos-berlin.com/ -igroup "s/$BUILD_USER_ID:$BUILD_GROUP_ID/$JS_USER_ID:$JS_GROUP_ID/g" /etc/passwd -exec chgrp -h jobscheduler {} \; find /var/sos-berlin.com/ -user $BUILD_USER_ID -exec chown -h jobscheduler {} \; fi echo "JS7 entrypoint script switching to user account 'jobscheduler' to run start script" exec su jobscheduler -c "$*" else if [ "$BUILD_USER_ID" = "$JS_USER_ID" ] then if [ "$(id -u)" = "$JS_USER_ID" ] then echo "JS7 entrypoint script running for user id '$(id -u)'" else echo "JS7 entrypoint script running for user id '$(id -u)' cannot switch to user id '$JS_USER_ID', group id '$JS_GROUP_ID'" echo "JS7 entrypoint script missing permission to switch user id and group id, consider to omit the 'docker run --user' option" fi else echo "JS7 entrypoint script running for user id '$(id -u)' cannot switch image user id '$BUILD_USER_ID' -> '$JS_USER_ID', group id '$BUILD_GROUP_ID' -> '$JS_GROUP_ID'" echo "JS7 entrypoint script missing permission to switch user id and group id, consider to omit the 'docker run --user' option" fi exec sh -c "$*" fiLine 20: The
start-agent.shscript is copied from the build directory to the image. Users can apply their own version of the start script. The start script used by SOS looks like this:
Download: start-agent.shCode Block language bash title Agent Start Script linenumbers true collapse true #!/bin/sh js_http_port="" js_https_port="" js_java_options="" for option in "$@" do case "$option" in --http-port=*) js_http_port=`echo "$option" | sed 's/--http-port=//'` ;; --https-port=*) js_https_port=`echo "$option" | sed 's/--https-port=//'` ;; --java-options=*) js_java_options=`echo "$option" | sed 's/--java-options=//'` ;; *) echo "unknown argument: $option" exit 1 ;; esac done js_args="" if [ ! "$js_http_port" = "" ] && [ ! "$js_http_port" = ":" ] then js_args="$js_args --http-port=$js_http_port" fi if [ ! "$js_https_port" = "" ] && [ ! "$js_https_port" = ":" ] then js_args="$js_args --https-port=$js_https_port" fi if [ ! "$js_java_options" = "" ] then js_args="$js_args --java-options=$js_java_options" fi echo "starting Agent: /var/sos-berlin.com/js7/agent/bin/agent.sh start $js_args" /var/sos-berlin.com/js7/agent/bin/agent.sh start $js_args && tail -f /dev/null- Line 23: The
configfolder available in the build directory is copied to theconfigsub-folder in the image. The parent foldervar_<port>is determined from the HTTP port that the Agent is built for. This can be useful to create an image with individual default settings in configuration files, see JS7 - Agent Configuration Items. - Line 36 - 41: Defaults for the user id running the Agent inside the container as well as HTTP and HTTPS ports are provided. These values can be overwritten by providing the respective build arguments.
- Line 44 - 49: Environment variables are provided at run-time, not at build-time. They can be used to specify ports and Java options when running the container.
- Line 58 - 62: The image OS is updated and additional packages are installed (ps, netstat, bash).
- Line 62: The most recent Java 1.8 package available with Alpine is applied. Agents can be operated with newer Java releases, however, stick to Oracle, OpenJDK or AdoptOpenJDK as the source for your Java LTS release. Alternatively you can use your own base image and install Java 1.8 or later on top of this.
- Line 64: The
jobscheduleruser account is created and is assigned the user id and group id handed over by the respective build arguments. This translates to the fact that the account running the Agent inside the container and the account that starts the container are assigned the same user id and group id. This allows the account running the container to access any files created by the Agent in mounted volumes with identical permissions. - Line 65 - 66: The
jobscheduleruser account is made the owner of installed files and the entrypoint script and start script is made executable. - Line 69: Java releases < Java 12 make use of
/dev/randomfor random number generation. This is a bottleneck as random number generation with this file is blocking. Instead/dev/urandomshould be used that implements non-blocking behavior. The change of the random file is applied to the Java security file. - Line 77-79: The entrypoint script and start script is executed and is dynamically parameterized from environment variables that are forwarded when starting the container.
...
Overview
Content Tools