Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace Alpine 3.18 by Debian 12 as the base image #201

Merged
merged 2 commits into from
Nov 6, 2023
Merged

Replace Alpine 3.18 by Debian 12 as the base image #201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f234a1a
Replace Alpine 3.18 by Debian 12 as the base image
multani Nov 6, 2023
79a88e7
Fix startup script
multani Nov 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .hadolint.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
ignored:
- DL3018
- DL3008 # ignore unpinned Debian packages
55 changes: 26 additions & 29 deletions v1.2.x/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,47 +1,39 @@
FROM alpine:3.18.4
FROM debian:12.2-slim

SHELL ["/bin/ash", "-x", "-c", "-o", "pipefail"]
SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"]

# https://releases.hashicorp.com/nomad/
ARG NOMAD_VERSION
RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false)

# Based on https://github.com/djenriquez/nomad
LABEL maintainer="Jonathan Ballet <jon@multani.info>"

RUN addgroup nomad \
&& adduser -S -G nomad nomad \
&& mkdir -p /nomad/data \
&& mkdir -p /etc/nomad \
&& chown -R nomad:nomad /nomad /etc/nomad
RUN groupadd nomad \
&& useradd --system --gid nomad nomad \
&& mkdir --parents /nomad/data \
&& mkdir --parents /etc/nomad \
&& chown --recursive nomad:nomad /nomad /etc/nomad

# Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after.
# Install timezone data so we can run Nomad periodic jobs containing timezone information
RUN apk --update --no-cache add \
ca-certificates \
dumb-init \
libcap \
tzdata \
su-exec \
&& update-ca-certificates

# https://github.com/sgerrand/alpine-pkg-glibc/releases
ARG GLIBC_VERSION=2.34-r0

ADD https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
ADD https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
glibc.apk
RUN apk add --no-cache --force-overwrite \
glibc.apk \
&& rm glibc.apk
RUN apt-get update \
&& apt-get install --yes --no-install-recommends \
ca-certificates \
dumb-init \
libcap2 \
tzdata \
&& update-ca-certificates \
&& rm -rf /var/lib/apt/lists/*

ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \
nomad_${NOMAD_VERSION}_linux_amd64.zip
ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \
nomad_${NOMAD_VERSION}_SHA256SUMS
ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \
nomad_${NOMAD_VERSION}_SHA256SUMS.sig
RUN apk add --no-cache --virtual .nomad-deps gnupg \

RUN apt-get update \
&& apt-get install --yes --no-install-recommends \
gnupg \
unzip \
&& GNUPGHOME="$(mktemp -d)" \
&& export GNUPGHOME \
&& gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \
Expand All @@ -50,7 +42,12 @@ RUN apk add --no-cache --virtual .nomad-deps gnupg \
&& unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \
&& chmod +x /bin/nomad \
&& rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \
&& apk del .nomad-deps
&& apt-get autoremove --purge --yes \
gnupg \
unzip \
&& rm -rf /var/lib/apt/lists/*

RUN nomad version

EXPOSE 4646 4647 4648 4648/udp

Expand Down
14 changes: 8 additions & 6 deletions v1.2.x/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/usr/bin/dumb-init /bin/sh
# Script created following Hashicorp's model for Consul:
# shellcheck shell=dash
# Script created following Hashicorp's model for Consul:
# https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh
# Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'.
set -e
Expand All @@ -8,6 +9,7 @@ set -e
# as well as forward signals to all processes in its session. Normally, sh
# wouldn't do either of these functions so we'd leak zombies as well as do
# unclean termination of all our sub-processes.
# As of docker 1.13, using docker run --init achieves the same outcome.

# NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The
# NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional
Expand All @@ -24,7 +26,7 @@ fi

# If the user is trying to run Nomad directly with some arguments, then
# pass them to Nomad.
if [ "${1:0:1}" = '-' ]; then
if [ "$(cut -c 1 "$1")" = '-' ]; then
set -- nomad "$@"
fi

Expand All @@ -48,18 +50,18 @@ fi
if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then
# If the data or config dirs are bind mounted then chown them.
# Note: This checks for root ownership as that's the most common case.
if [ "$(stat -c %u $NOMAD_DATA_DIR)" != "$(id -u root)" ]; then
chown root:root $NOMAD_DATA_DIR
if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then
chown root:root "$NOMAD_DATA_DIR"
fi

# If requested, set the capability to bind to privileged ports before
# we drop to the non-root user. Note that this doesn't work with all
# storage drivers (it won't work with AUFS).
if [ -n ${NOMAD+x} ]; then
if [ -n "${NOMAD+x}" ]; then
setcap "cap_net_bind_service=+ep" /bin/nomad
fi

set -- su-exec root "$@"
exec runuser -u root -- "$@"
fi

exec "$@"
55 changes: 26 additions & 29 deletions v1.3.x/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,47 +1,39 @@
FROM alpine:3.18.4
FROM debian:12.2-slim

SHELL ["/bin/ash", "-x", "-c", "-o", "pipefail"]
SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"]

# https://releases.hashicorp.com/nomad/
ARG NOMAD_VERSION
RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false)

# Based on https://github.com/djenriquez/nomad
LABEL maintainer="Jonathan Ballet <jon@multani.info>"

RUN addgroup nomad \
&& adduser -S -G nomad nomad \
&& mkdir -p /nomad/data \
&& mkdir -p /etc/nomad \
&& chown -R nomad:nomad /nomad /etc/nomad
RUN groupadd nomad \
&& useradd --system --gid nomad nomad \
&& mkdir --parents /nomad/data \
&& mkdir --parents /etc/nomad \
&& chown --recursive nomad:nomad /nomad /etc/nomad

# Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after.
# Install timezone data so we can run Nomad periodic jobs containing timezone information
RUN apk --update --no-cache add \
ca-certificates \
dumb-init \
libcap \
tzdata \
su-exec \
&& update-ca-certificates

# https://github.com/sgerrand/alpine-pkg-glibc/releases
ARG GLIBC_VERSION=2.34-r0

ADD https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
ADD https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
glibc.apk
RUN apk add --no-cache --force-overwrite \
glibc.apk \
&& rm glibc.apk
RUN apt-get update \
&& apt-get install --yes --no-install-recommends \
ca-certificates \
dumb-init \
libcap2 \
tzdata \
&& update-ca-certificates \
&& rm -rf /var/lib/apt/lists/*

ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \
nomad_${NOMAD_VERSION}_linux_amd64.zip
ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \
nomad_${NOMAD_VERSION}_SHA256SUMS
ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \
nomad_${NOMAD_VERSION}_SHA256SUMS.sig
RUN apk add --no-cache --virtual .nomad-deps gnupg \

RUN apt-get update \
&& apt-get install --yes --no-install-recommends \
gnupg \
unzip \
&& GNUPGHOME="$(mktemp -d)" \
&& export GNUPGHOME \
&& gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \
Expand All @@ -50,7 +42,12 @@ RUN apk add --no-cache --virtual .nomad-deps gnupg \
&& unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \
&& chmod +x /bin/nomad \
&& rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \
&& apk del .nomad-deps
&& apt-get autoremove --purge --yes \
gnupg \
unzip \
&& rm -rf /var/lib/apt/lists/*

RUN nomad version

EXPOSE 4646 4647 4648 4648/udp

Expand Down
14 changes: 8 additions & 6 deletions v1.3.x/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/usr/bin/dumb-init /bin/sh
# Script created following Hashicorp's model for Consul:
# shellcheck shell=dash
# Script created following Hashicorp's model for Consul:
# https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh
# Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'.
set -e
Expand All @@ -8,6 +9,7 @@ set -e
# as well as forward signals to all processes in its session. Normally, sh
# wouldn't do either of these functions so we'd leak zombies as well as do
# unclean termination of all our sub-processes.
# As of docker 1.13, using docker run --init achieves the same outcome.

# NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The
# NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional
Expand All @@ -24,7 +26,7 @@ fi

# If the user is trying to run Nomad directly with some arguments, then
# pass them to Nomad.
if [ "${1:0:1}" = '-' ]; then
if [ "$(cut -c 1 "$1")" = '-' ]; then
set -- nomad "$@"
fi

Expand All @@ -48,18 +50,18 @@ fi
if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then
# If the data or config dirs are bind mounted then chown them.
# Note: This checks for root ownership as that's the most common case.
if [ "$(stat -c %u $NOMAD_DATA_DIR)" != "$(id -u root)" ]; then
chown root:root $NOMAD_DATA_DIR
if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then
chown root:root "$NOMAD_DATA_DIR"
fi

# If requested, set the capability to bind to privileged ports before
# we drop to the non-root user. Note that this doesn't work with all
# storage drivers (it won't work with AUFS).
if [ -n ${NOMAD+x} ]; then
if [ -n "${NOMAD+x}" ]; then
setcap "cap_net_bind_service=+ep" /bin/nomad
fi

set -- su-exec root "$@"
exec runuser -u root -- "$@"
fi

exec "$@"
55 changes: 26 additions & 29 deletions v1.4.x/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,47 +1,39 @@
FROM alpine:3.18.4
FROM debian:12.2-slim

SHELL ["/bin/ash", "-x", "-c", "-o", "pipefail"]
SHELL ["/bin/bash", "-x", "-c", "-o", "pipefail"]

# https://releases.hashicorp.com/nomad/
ARG NOMAD_VERSION
RUN test -n "$NOMAD_VERSION" || (echo "NOMAD_VERSION argument must be set" && false)

# Based on https://github.com/djenriquez/nomad
LABEL maintainer="Jonathan Ballet <jon@multani.info>"

RUN addgroup nomad \
&& adduser -S -G nomad nomad \
&& mkdir -p /nomad/data \
&& mkdir -p /etc/nomad \
&& chown -R nomad:nomad /nomad /etc/nomad
RUN groupadd nomad \
&& useradd --system --gid nomad nomad \
&& mkdir --parents /nomad/data \
&& mkdir --parents /etc/nomad \
&& chown --recursive nomad:nomad /nomad /etc/nomad

# Allow to fetch artifacts from TLS endpoint during the builds and by Nomad after.
# Install timezone data so we can run Nomad periodic jobs containing timezone information
RUN apk --update --no-cache add \
ca-certificates \
dumb-init \
libcap \
tzdata \
su-exec \
&& update-ca-certificates

# https://github.com/sgerrand/alpine-pkg-glibc/releases
ARG GLIBC_VERSION=2.34-r0

ADD https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
ADD https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
glibc.apk
RUN apk add --no-cache --force-overwrite \
glibc.apk \
&& rm glibc.apk
RUN apt-get update \
&& apt-get install --yes --no-install-recommends \
ca-certificates \
dumb-init \
libcap2 \
tzdata \
&& update-ca-certificates \
&& rm -rf /var/lib/apt/lists/*

ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip \
nomad_${NOMAD_VERSION}_linux_amd64.zip
ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS \
nomad_${NOMAD_VERSION}_SHA256SUMS
ADD https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_SHA256SUMS.sig \
nomad_${NOMAD_VERSION}_SHA256SUMS.sig
RUN apk add --no-cache --virtual .nomad-deps gnupg \

RUN apt-get update \
&& apt-get install --yes --no-install-recommends \
gnupg \
unzip \
&& GNUPGHOME="$(mktemp -d)" \
&& export GNUPGHOME \
&& gpg --keyserver pgp.mit.edu --keyserver keys.openpgp.org --keyserver keyserver.ubuntu.com --recv-keys "C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F" \
Expand All @@ -50,7 +42,12 @@ RUN apk add --no-cache --virtual .nomad-deps gnupg \
&& unzip -d /bin nomad_${NOMAD_VERSION}_linux_amd64.zip \
&& chmod +x /bin/nomad \
&& rm -rf "$GNUPGHOME" nomad_${NOMAD_VERSION}_linux_amd64.zip nomad_${NOMAD_VERSION}_SHA256SUMS nomad_${NOMAD_VERSION}_SHA256SUMS.sig \
&& apk del .nomad-deps
&& apt-get autoremove --purge --yes \
gnupg \
unzip \
&& rm -rf /var/lib/apt/lists/*

RUN nomad version

EXPOSE 4646 4647 4648 4648/udp

Expand Down
14 changes: 8 additions & 6 deletions v1.4.x/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/usr/bin/dumb-init /bin/sh
# Script created following Hashicorp's model for Consul:
# shellcheck shell=dash
# Script created following Hashicorp's model for Consul:
# https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh
# Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'.
set -e
Expand All @@ -8,6 +9,7 @@ set -e
# as well as forward signals to all processes in its session. Normally, sh
# wouldn't do either of these functions so we'd leak zombies as well as do
# unclean termination of all our sub-processes.
# As of docker 1.13, using docker run --init achieves the same outcome.

# NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The
# NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional
Expand All @@ -24,7 +26,7 @@ fi

# If the user is trying to run Nomad directly with some arguments, then
# pass them to Nomad.
if [ "${1:0:1}" = '-' ]; then
if [ "$(cut -c 1 "$1")" = '-' ]; then
set -- nomad "$@"
fi

Expand All @@ -48,18 +50,18 @@ fi
if [ "$1" = 'nomad' ] && [ -z "${NOMAD_DISABLE_PERM_MGMT+x}" ]; then
# If the data or config dirs are bind mounted then chown them.
# Note: This checks for root ownership as that's the most common case.
if [ "$(stat -c %u $NOMAD_DATA_DIR)" != "$(id -u root)" ]; then
chown root:root $NOMAD_DATA_DIR
if [ "$(stat -c %u "$NOMAD_DATA_DIR")" != "$(id -u root)" ]; then
chown root:root "$NOMAD_DATA_DIR"
fi

# If requested, set the capability to bind to privileged ports before
# we drop to the non-root user. Note that this doesn't work with all
# storage drivers (it won't work with AUFS).
if [ -n ${NOMAD+x} ]; then
if [ -n "${NOMAD+x}" ]; then
setcap "cap_net_bind_service=+ep" /bin/nomad
fi

set -- su-exec root "$@"
exec runuser -u root -- "$@"
fi

exec "$@"
Loading