diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..5bfc329 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "shared-components"] + path = shared-components + url = https://bitbucket.org/atlassian-docker/docker-shared-components.git diff --git a/Dockerfile b/Dockerfile index c35fb03..ef140a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ ARG BASE_IMAGE=adoptopenjdk:11-hotspot FROM $BASE_IMAGE -ENV RUN_USER confluence -ENV RUN_GROUP confluence -ENV RUN_UID 2002 -ENV RUN_GID 2002 +ENV RUN_USER confluence +ENV RUN_GROUP confluence +ENV RUN_UID 2002 +ENV RUN_GID 2002 # https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html -ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence -ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence +ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence +ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence WORKDIR $CONFLUENCE_HOME @@ -20,8 +20,8 @@ CMD ["/entrypoint.py", "-fg"] ENTRYPOINT ["/sbin/tini", "--"] RUN apt-get update \ - && apt-get install -y --no-install-recommends fontconfig python3 python3-jinja2 \ - && apt-get clean autoclean && apt-get autoremove -y && rm -rf /var/lib/apt/lists/* + && apt-get install -y --no-install-recommends fontconfig python3 python3-jinja2 \ + && apt-get clean autoclean && apt-get autoremove -y && rm -rf /var/lib/apt/lists/* ARG TINI_VERSION=v0.18.0 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini @@ -34,18 +34,20 @@ RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \ && useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} --shell /bin/bash ${RUN_USER} \ && echo PATH=$PATH > /etc/environment \ \ - && mkdir -p ${CONFLUENCE_INSTALL_DIR} \ - && curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \ - && chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \ - && chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \ + && mkdir -p ${CONFLUENCE_INSTALL_DIR} \ + && curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \ + && chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \ + && chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \ \ && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh VOLUME ["${CONFLUENCE_HOME}"] # Must be declared after setting perms -COPY entrypoint.py /entrypoint.py -COPY config/* /opt/atlassian/etc/ +COPY entrypoint.py \ + shared-components/image/entrypoint_helpers.py / +COPY shared-components/support /opt/atlassian/support +COPY config/* /opt/atlassian/etc/ diff --git a/Dockerfile-alpine b/Dockerfile-alpine index 5cf626c..d2a48db 100644 --- a/Dockerfile-alpine +++ b/Dockerfile-alpine @@ -1,13 +1,13 @@ FROM adoptopenjdk/openjdk8:alpine -ENV RUN_USER confluence -ENV RUN_GROUP confluence -ENV RUN_UID 2002 -ENV RUN_GID 2002 +ENV RUN_USER confluence +ENV RUN_GROUP confluence +ENV RUN_UID 2002 +ENV RUN_GID 2002 # https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html -ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence -ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence +ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence +ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence WORKDIR $CONFLUENCE_HOME @@ -32,18 +32,20 @@ ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/dow RUN addgroup -g ${RUN_GID} ${RUN_GROUP} \ && adduser -u ${RUN_UID} -G ${RUN_GROUP} -h ${CONFLUENCE_HOME} -s /bin/bash -D ${RUN_USER} \ \ - && mkdir -p ${CONFLUENCE_INSTALL_DIR} \ - && curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \ - && chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \ - && chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \ - && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \ + && mkdir -p ${CONFLUENCE_INSTALL_DIR} \ + && curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \ + && chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \ + && chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \ + && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_HOME} \ \ && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh VOLUME ["${CONFLUENCE_HOME}"] # Must be declared after setting perms -COPY entrypoint.py /entrypoint.py -COPY config/* /opt/atlassian/etc/ +COPY entrypoint.py \ + shared-components/image/entrypoint_helpers.py / +COPY shared-components/support /opt/atlassian/support +COPY config/* /opt/atlassian/etc/ diff --git a/entrypoint.py b/entrypoint.py index 22b0cbc..e0bfd40 100755 --- a/entrypoint.py +++ b/entrypoint.py @@ -1,89 +1,19 @@ #!/usr/bin/python3 -import sys -import os -import shutil -import logging -import jinja2 as j2 +from entrypoint_helpers import env, gen_cfg, str2bool, start_app -###################################################################### -# Utils +RUN_USER = env['run_user'] +RUN_GROUP = env['run_group'] +CONFLUENCE_INSTALL_DIR = env['confluence_install_dir'] +CONFLUENCE_HOME = env['confluence_home'] -logging.basicConfig(level=logging.DEBUG) +gen_cfg('server.xml.j2', f'{CONFLUENCE_INSTALL_DIR}/conf/server.xml') +gen_cfg('seraph-config.xml.j2', + f'{CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/seraph-config.xml') +gen_cfg('confluence-init.properties.j2', + f'{CONFLUENCE_INSTALL_DIR}/confluence/WEB-INF/classes/confluence-init.properties') +gen_cfg('confluence.cfg.xml.j2', f'{CONFLUENCE_HOME}/confluence.cfg.xml', + user=RUN_USER, group=RUN_GROUP, overwrite=False) -def set_perms(path, user, group, mode): - for dirpath, dirnames, filenames in os.walk(path): - shutil.chown(dirpath, user=user, group=group) - os.chmod(dirpath, mode) - for filename in filenames: - shutil.chown(os.path.join(dirpath, filename), user=user, group=group) - os.chmod(os.path.join(dirpath, filename), mode) - -# Setup Jinja2 for templating -jenv = j2.Environment( - loader=j2.FileSystemLoader('/opt/atlassian/etc/'), - autoescape=j2.select_autoescape(['xml'])) - -def gen_cfg(tmpl, target, env, user='root', group='root', mode=0o644, overwrite=True): - if not overwrite and os.path.exists(target): - logging.info(f"{target} exists; skipping.") - return - - logging.info(f"Generating {target} from template {tmpl}") - cfg = jenv.get_template(tmpl).render(env) - with open(target, 'w') as fd: - fd.write(cfg) - set_perms(target, user, group, mode) - - -###################################################################### -# Setup inputs and outputs - -# Import all ATL_* and Dockerfile environment variables. We lower-case -# these for compatability with Ansible template convention. We also -# support CATALINA variables from older versions of the Docker images -# for backwards compatability, if the new version is not set. -env = {k.lower(): v - for k, v in os.environ.items() - if k.startswith(('ATL_', 'CONFLUENCE_', 'RUN_', 'CATALINA_'))} - - -###################################################################### -# Generate all configuration files for Confluence - -if os.getuid() == 0: - gen_cfg('server.xml.j2', - f"{env['confluence_install_dir']}/conf/server.xml", env) - - gen_cfg('seraph-config.xml.j2', - f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/seraph-config.xml", env) - - gen_cfg('confluence-init.properties.j2', - f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/confluence-init.properties", env) -else: - logging.warning("Container not started as root. Tomcat, seraph-config.xml, confluence-init.properties boostrapping will be skipped.") - -gen_cfg('confluence.cfg.xml.j2', - f"{env['confluence_home']}/confluence.cfg.xml", env, - user=env['run_user'], group=env['run_group'], mode=0o640, - overwrite=False) - - -###################################################################### -# Start Confluence as the correct user - -start_cmd = f"{env['confluence_install_dir']}/bin/start-confluence.sh" -if os.getuid() == 0: - logging.info(f"User is currently root. Will change directory ownership to {env['run_user']} then downgrade permissions") - set_perms(env['confluence_home'], env['run_user'], env['run_group'], 0o700) - - cmd = '/bin/su' - start_cmd = ' '.join([start_cmd] + sys.argv[1:]) - args = [cmd, env['run_user'], '-c', start_cmd] -else: - cmd = start_cmd - args = [start_cmd] + sys.argv[1:] - -logging.info(f"Running Confluence with command '{cmd}', arguments {args}") -os.execv(cmd, args) +start_app(f'{CONFLUENCE_INSTALL_DIR}/bin/start-confluence.sh -fg', CONFLUENCE_HOME, name='Confluence') diff --git a/shared-components b/shared-components new file mode 160000 index 0000000..30c9a5a --- /dev/null +++ b/shared-components @@ -0,0 +1 @@ +Subproject commit 30c9a5a1ca25ad8fcd3057481694b335fbf92370