diff --git a/Makefile b/Makefile index 401d0d5c8..6a728badd 100644 --- a/Makefile +++ b/Makefile @@ -313,7 +313,7 @@ prepare: build_common: version @echo "buildging db container for photon..." - @cd $(DOCKERFILEPATH_DB) && $(DOCKERBUILD) -f $(DOCKERFILENAME_DB) -t $(DOCKERIMAGENAME_DB):$(VERSIONTAG) . + @cd $(DOCKERFILEPATH_DB) && $(DOCKERBUILD) --pull -f $(DOCKERFILENAME_DB) -t $(DOCKERIMAGENAME_DB):$(VERSIONTAG) . @echo "Done." build_photon: build_common diff --git a/make/common/db/Dockerfile b/make/common/db/Dockerfile index 89deb569c..1f6024ec6 100644 --- a/make/common/db/Dockerfile +++ b/make/common/db/Dockerfile @@ -1,5 +1,7 @@ FROM vmware/mariadb-photon:10.2.8 +HEALTHCHECK CMD mysqladmin -uroot -p$MYSQL_ROOT_PASSWORD ping + COPY registry.sql /docker-entrypoint-initdb.d/ COPY registry-flag.sh /docker-entrypoint-initdb.d/ COPY upgrade.sh /docker-entrypoint-updatedb.d/ diff --git a/make/common/mariadb/Dockerfile b/make/common/mariadb/Dockerfile index 4afe6e365..c0e669a01 100644 --- a/make/common/mariadb/Dockerfile +++ b/make/common/mariadb/Dockerfile @@ -4,7 +4,7 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y || echo \ && tdnf install -y sed shadow procps-ng gawk gzip sudo net-tools \ - && groupadd -r -g 999 mysql && useradd --no-log-init -r -g 999 -u 999 mysql \ + && groupadd -r -g 10000 mysql && useradd --no-log-init -r -g 10000 -u 10000 mysql \ && tdnf install -y mariadb-server mariadb \ && mkdir /docker-entrypoint-initdb.d /docker-entrypoint-updatedb.d \ && rm -fr /var/lib/mysql \ @@ -18,7 +18,7 @@ RUN chmod +x /usr/local/bin/docker-entrypoint.sh COPY my.cnf /etc/ RUN ln -s usr/local/bin/docker-entrypoint.sh / -VOLUME /var/lib/mysql +VOLUME /var/lib/mysql /docker-entrypoint-initdb.d /docker-entrypoint-updatedb.d /tmp /var/run/mysqld EXPOSE 3306 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] diff --git a/make/common/rsyslog/Dockerfile b/make/common/rsyslog/Dockerfile index 8616319de..cd0027005 100644 --- a/make/common/rsyslog/Dockerfile +++ b/make/common/rsyslog/Dockerfile @@ -6,6 +6,5 @@ RUN tdnf distro-sync -y || echo \ && tdnf install -y cronie rsyslog shadow tar gzip \ && mkdir /etc/rsyslog.d/ \ && mkdir /var/spool/rsyslog \ - && groupadd syslog \ - && useradd -g syslog syslog \ + && groupadd -r -g 10000 syslog && useradd --no-log-init -r -g 10000 -u 10000 syslog \ && tdnf clean all diff --git a/make/docker-compose.tpl b/make/docker-compose.tpl index 2f907f91b..18c8d6cf7 100644 --- a/make/docker-compose.tpl +++ b/make/docker-compose.tpl @@ -9,7 +9,7 @@ services: volumes: - /var/log/harbor/:/var/log/docker/:z ports: - - 127.0.0.1:1514:514 + - 127.0.0.1:1514:10514 networks: - harbor registry: diff --git a/make/photon/Makefile b/make/photon/Makefile index 1b7673ed5..fd94c6eeb 100644 --- a/make/photon/Makefile +++ b/make/photon/Makefile @@ -75,7 +75,7 @@ build: @echo "Done." @echo "building log container for photon..." - $(DOCKERBUILD) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) . + $(DOCKERBUILD) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) $(DOCKERFILEPATH_LOG) @echo "Done." cleanimage: diff --git a/make/photon/log/Dockerfile b/make/photon/log/Dockerfile index af0d78da9..1d34c93a0 100644 --- a/make/photon/log/Dockerfile +++ b/make/photon/log/Dockerfile @@ -1,16 +1,24 @@ FROM vmware/rsyslog-photon:8.15.0 -ADD make/common/log/rsyslog.conf /etc/rsyslog.conf +COPY rsyslog.conf /etc/rsyslog.conf # rotate logs weekly # notes: file name cannot contain dot, or the script will not run -ADD make/common/log/rotate.sh /etc/cron.daily/rotate +COPY rotate.sh /etc/cron.daily/rotate # rsyslog configuration file for docker -ADD make/common/log/rsyslog_docker.conf /etc/rsyslog.d/ +COPY rsyslog_docker.conf /etc/rsyslog.d/ -VOLUME /var/log/docker/ +COPY start.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/start.sh && \ + tdnf install -y sudo net-tools && \ + chown -R 10000:10000 /run -EXPOSE 514 +HEALTHCHECK CMD netstat -ltu|grep 10514 -CMD crond && rm -f /var/run/rsyslogd.pid && rsyslogd -n +VOLUME /var/log/docker/ /run/ + +EXPOSE 10514 + +#CMD crond && rm -f /var/run/rsyslogd.pid && rsyslogd -n +CMD /usr/local/bin/start.sh diff --git a/make/common/log/rotate.sh b/make/photon/log/rotate.sh similarity index 100% rename from make/common/log/rotate.sh rename to make/photon/log/rotate.sh diff --git a/make/common/log/rsyslog.conf b/make/photon/log/rsyslog.conf similarity index 91% rename from make/common/log/rsyslog.conf rename to make/photon/log/rsyslog.conf index 8b5c4fd84..056d4f271 100644 --- a/make/common/log/rsyslog.conf +++ b/make/photon/log/rsyslog.conf @@ -10,17 +10,17 @@ #### MODULES #### ################# -$ModLoad imuxsock # provides support for local system logging +#$ModLoad imuxsock # provides support for local system logging #$ModLoad imklog # provides kernel logging support #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception $ModLoad imudp -$UDPServerRun 514 +$UDPServerRun 10514 # provides TCP syslog reception $ModLoad imtcp -$InputTCPServerRun 514 +$InputTCPServerRun 10514 # Enable non-kernel facility klog messages #$KLogPermitNonKernelFacility on diff --git a/make/common/log/rsyslog_docker.conf b/make/photon/log/rsyslog_docker.conf similarity index 100% rename from make/common/log/rsyslog_docker.conf rename to make/photon/log/rsyslog_docker.conf diff --git a/make/photon/log/start.sh b/make/photon/log/start.sh new file mode 100644 index 000000000..558098129 --- /dev/null +++ b/make/photon/log/start.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e +chown -R 10000:10000 /var/log/docker +crond +rm -f /var/run/rsyslogd.pid +sudo -u \#10000 -E 'rsyslogd' '-n' +set +e diff --git a/make/photon/registry/Dockerfile b/make/photon/registry/Dockerfile index e6e54394e..6845d7127 100644 --- a/make/photon/registry/Dockerfile +++ b/make/photon/registry/Dockerfile @@ -5,17 +5,22 @@ MAINTAINER wangyan@vmware.com # The original script in the docker offical registry image. RUN tdnf distro-sync -y \ && tdnf erase vim -y \ - && tdnf clean all + && tdnf install sudo -y \ + && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor + COPY entrypoint.sh / RUN chmod u+x /entrypoint.sh -RUN mkdir -p /etc/docker/registry -COPY config.yml /etc/docker/registry/config.yml +RUN mkdir -p /etc/registry +COPY config.yml /etc/registry/config.yml COPY binary/registry /usr/bin RUN chmod u+x /usr/bin/registry +HEALTHCHECK CMD curl 127.0.0.1:5000/ + VOLUME ["/var/lib/registry"] EXPOSE 5000 ENTRYPOINT ["/entrypoint.sh"] -CMD ["/etc/docker/registry/config.yml"] +CMD ["/etc/registry/config.yml"] diff --git a/make/photon/registry/entrypoint.sh b/make/photon/registry/entrypoint.sh index f8d07d800..873f62001 100644 --- a/make/photon/registry/entrypoint.sh +++ b/make/photon/registry/entrypoint.sh @@ -2,9 +2,18 @@ set -e +if [ -d /etc/registry ]; then + chown 10000:10000 -R /etc/registry +fi +if [ -d /var/lib/registry ]; then + chown 10000:10000 -R /var/lib/registry +fi +if [ -d /storage ]; then + chown 10000:10000 -R /storage +fi case "$1" in *.yaml|*.yml) set -- registry serve "$@" ;; serve|garbage-collect|help|-*) set -- registry "$@" ;; esac -exec "$@" \ No newline at end of file +sudo -E -u \#10000 "$@"