From 114892fb5e033f00d45ab231ef0d0ea9018ee122 Mon Sep 17 00:00:00 2001 From: Dinith Herath Date: Mon, 17 Jun 2024 15:44:05 +0530 Subject: [PATCH 1/2] Add rockylinux based docker containers --- dockerfiles/rocky/apim/Dockerfile | 122 +++++++++++++++++ dockerfiles/rocky/apim/README.md | 141 ++++++++++++++++++++ dockerfiles/rocky/apim/docker-entrypoint.sh | 73 ++++++++++ 3 files changed, 336 insertions(+) create mode 100755 dockerfiles/rocky/apim/Dockerfile create mode 100755 dockerfiles/rocky/apim/README.md create mode 100755 dockerfiles/rocky/apim/docker-entrypoint.sh diff --git a/dockerfiles/rocky/apim/Dockerfile b/dockerfiles/rocky/apim/Dockerfile new file mode 100755 index 00000000..3ee394bd --- /dev/null +++ b/dockerfiles/rocky/apim/Dockerfile @@ -0,0 +1,122 @@ +# ------------------------------------------------------------------------ +# +# Copyright 2018 WSO2, Inc. (http://wso2.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License +# +# ------------------------------------------------------------------------ + +# set base Docker image to Rocky Linux +FROM rockylinux:9.3 + +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' + +# install dependencies +RUN yum install -y tzdata openssl curl ca-certificates fontconfig gzip tar nc unzip wget \ + && yum clean all + +ENV JAVA_VERSION jdk-17.0.6+10 + +# install Temurin OpenJDK 17 +RUN set -eux; \ + ARCH="$(objdump="$(command -v objdump)" && objdump --file-headers "$objdump" | awk -F '[:,]+[[:space:]]+' '$1 == "architecture" { print $2 }')"; \ + case "${ARCH}" in \ + aarch64|arm64) \ + ESUM='9e0e88bbd9fa662567d0c1e22d469268c68ac078e9e5fe5a7244f56fec71f55f'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.6%2B10/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.6_10.tar.gz'; \ + ;; \ + ppc64el|powerpc:common64) \ + ESUM='cb772c3fdf3f9fed56f23a37472acf2b80de20a7113fe09933891c6ef0ecde95'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.6%2B10/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.6_10.tar.gz'; \ + ;; \ + amd64|i386:x86-64) \ + ESUM='a0b1b9dd809d51a438f5fa08918f9aca7b2135721097f0858cf29f77a35d4289'; \ + BINARY_URL='https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.6%2B10/OpenJDK17U-jdk_x64_linux_hotspot_17.0.6_10.tar.gz'; \ + ;; \ + *) \ + echo "Unsupported arch: ${ARCH}"; \ + exit 1; \ + ;; \ + esac; \ + curl -LfsSo /tmp/openjdk.tar.gz ${BINARY_URL}; \ + echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ + mkdir -p /opt/java/openjdk; \ + cd /opt/java/openjdk; \ + tar -xf /tmp/openjdk.tar.gz --strip-components=1; \ + rm -rf /tmp/openjdk.tar.gz; + +ENV JAVA_HOME=/opt/java/openjdk \ + PATH="/opt/java/openjdk/bin:$PATH" + +LABEL maintainer="WSO2 Docker Maintainers " \ + com.wso2.docker.source="https://github.com/wso2/docker-apim/releases/tag/v4.2.0.1" + +# set Docker image build arguments +# build arguments for user/group configurations +ARG USER=wso2carbon +ARG USER_ID=802 +ARG USER_GROUP=wso2 +ARG USER_GROUP_ID=802 +ARG USER_HOME=/home/${USER} +# build arguments for WSO2 product installation +ARG WSO2_SERVER_NAME=wso2am +ARG WSO2_SERVER_VERSION=4.2.0 +ARG WSO2_SERVER_REPOSITORY=product-apim +ARG WSO2_SERVER=${WSO2_SERVER_NAME}-${WSO2_SERVER_VERSION} +ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER} +ARG WSO2_SERVER_DIST_URL= +# build argument for MOTD +ARG MOTD='printf "\n\ +Welcome to WSO2 Docker resources.\n\ +------------------------------------ \n\ +This Docker container comprises of a WSO2 product, running with its latest GA release \n\ +which is under the Apache License, Version 2.0. \n\ +Read more about Apache License, Version 2.0 here @ http://www.apache.org/licenses/LICENSE-2.0.\n\n"' + +# create the non-root user and group and set MOTD login message +RUN \ + groupadd --system -g ${USER_GROUP_ID} ${USER_GROUP} \ + && useradd --system --create-home --home-dir ${USER_HOME} --no-log-init -g ${USER_GROUP_ID} -u ${USER_ID} ${USER} \ + && echo ${MOTD} > /etc/profile.d/motd.sh + +# copy init script to user home +COPY --chown=wso2carbon:wso2 docker-entrypoint.sh ${USER_HOME}/ + +# add the WSO2 product distribution to user's home directory +RUN \ + wget -O ${WSO2_SERVER}.zip "${WSO2_SERVER_DIST_URL}" \ + && unzip -d ${USER_HOME} ${WSO2_SERVER}.zip \ + && chown wso2carbon:wso2 -R ${WSO2_SERVER_HOME} \ + && mkdir ${USER_HOME}/wso2-tmp \ + && bash -c 'mkdir -p ${USER_HOME}/solr/{indexed-data,database}' \ + && chown wso2carbon:wso2 -R ${USER_HOME}/solr \ + && cp -r ${WSO2_SERVER_HOME}/repository/deployment/server/synapse-configs ${USER_HOME}/wso2-tmp \ + && cp -r ${WSO2_SERVER_HOME}/repository/deployment/server/executionplans ${USER_HOME}/wso2-tmp \ + && rm -f ${WSO2_SERVER}.zip + +# remove unnecesary packages +RUN yum remove -y nc unzip wget + +# set the user and work directory +USER ${USER_ID} +WORKDIR ${USER_HOME} + +# set environment variables +ENV WORKING_DIRECTORY=${USER_HOME} \ + WSO2_SERVER_HOME=${WSO2_SERVER_HOME} + +# expose ports +EXPOSE 9763 9443 9999 11111 8280 8243 5672 9711 9611 9099 + +# initiate container and start WSO2 Carbon server +ENTRYPOINT ["/home/wso2carbon/docker-entrypoint.sh"] diff --git a/dockerfiles/rocky/apim/README.md b/dockerfiles/rocky/apim/README.md new file mode 100755 index 00000000..0bb85895 --- /dev/null +++ b/dockerfiles/rocky/apim/README.md @@ -0,0 +1,141 @@ +# Dockerfile for WSO2 API Manager # + +This section defines the step-by-step instructions to build an [Rocky Linux](https://hub.docker.com/_/rockylinux) based Docker image for WSO2 API Manager 4.2.0. + +## Prerequisites + +* [Docker](https://www.docker.com/get-docker) v20.10.x or above +* [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) client + + +## How to build an image and run + +#### 1. Checkout this repository into your local machine using the following Git client command. + +``` +git clone https://github.com/wso2/docker-apim.git +``` + +> The local copy of the `dockerfiles/rocky/apim` directory will be referred to as `AM_DOCKERFILE_HOME` from this point onwards. + +#### 2. Build the Docker image. + +- Download wso2am-4.2.0.zip from [here](https://wso2.com/api-management/install/) +- Host the product pack using a webserver. +- Navigate to `` directory.
+- Execute `docker build` command as shown below. + +``` +docker build -t wso2am:4.2.0-rocky . +``` +> If you encounter issue related to downloading the product pack from hosted webserver, use the IP address of the network interface instead of `localhost` or `127.0.0.1` in the `WSO2_SERVER_DIST_URL`. + +> By default, the Docker image will prepackage the General Availability (GA) release version of the relevant WSO2 product. + +#### 3. Running the Docker image. + +``` +docker run -it -p 9443:9443 -p 8243:8243 wso2am:4.2.0-rocky +``` + +> Here, only port 9443 (HTTPS servlet transport) and port 8243 (Passthrough or NIO HTTPS transport) have been mapped to Docker host ports. +You may map other container service ports, which have been exposed to Docker host ports, as desired. + +#### 4. Accessing management console. + +- To access the management console, use the docker host IP and port 9443. + + `https://:9443/carbon` + +> In here, refers to hostname or IP of the host machine on top of which containers are spawned. + +## How to update configurations + +Configurations would lie on the Docker host machine and they can be volume mounted to the container.
+As an example, steps required to change the port offset using `deployment.toml` is as follows: + +#### 1. Stop the API Manager container if it's already running. + +In WSO2 API Manager version 4.2.0 product distribution, `deployment.toml` configuration file
+can be found at `/repository/conf`. Copy the file to some suitable location of the host machine,
+referred to as `/deployment.toml` and change the offset value (`[server]->offset`) to 1. + +#### 2. Grant read permission to `other` users for `/deployment.toml`. + +``` +chmod o+r /deployment.toml +``` + +#### 3. Run the image by mounting the file to container as follows: + +``` +docker run -it \ +-p 9444:9444 \ +-p 8244:8244 \ +--volume /deployment.toml:/deployment.toml \ +wso2am:4.2.0-rocky +``` + +> In here, refers to /home/wso2carbon/wso2am-4.3.0/repository/conf folder of the container. + +## Running official Ubuntu wso2am images +It is possible to use official wso2am images without building them from the scratch. + +- To run on amd64 or Apple Silicon (arm64) +``` +docker run -it -p 9443:9443 -p 8243:8243 wso2/wso2am:4.2.0-rocky +``` +> This official image is built for amd64 thus it will not run on Apple silicon natively. But it will run on emulated docker on Rosetta. + +## How to build a Docker image with multi architecture support + +The above wso2am:4.2.0 image will only be supported for the CPU architecture of your current machine. Docker buildx plugin can be used to build wso2am:4.2.0 image to support any CPU architecture. + +#### 1. Install [Docker Buildx](https://docs.docker.com/buildx/working-with-buildx/) + +#### 2. Install [QEMU Emulators](https://github.com/tonistiigi/binfmt) +``` +docker run -it --rm --privileged tonistiigi/binfmt --install all +``` + +#### 3. Create, switch and inspect a new builder +``` +docker buildx create --name wso2ambuilder +``` +``` +docker buildx use wso2ambuilder +``` +``` +docker buildx inspect --bootstrap +``` +#### 4. Build and push + +``` +docker buildx build --platform linux/amd64,linux/arm64 -t /wso2am:4.2.0-rocky --push . +``` + +> - Here is a valid Docker or Dockerhub username. +> - Use command "docker login" to authenticate first if it fails to push. +> - You can specify any number of platforms to support --platform flag +> - Use command "docker buildx ls" to see list of existing builders and supported platforms. +> - Please note we have only tested this for linux/amd64 and linux/arm64 platforms only + +#### 5. Run +``` +docker run -it -p 9443:9443 -p 8243:8243 /wso2am:4.2.0-rocky +``` +> Docker will pull the suitable image for the architecture and run + +> **Note** +> If you are using Rancher to run the Docker image, you will not be able to use port 9443, which is already allocated by Rancher. As a workaround, you can follow the instructions given in [How to update configurations](#how-to-update-configurations) to run the APIM image in a different port. + +## WSO2 Private Docker images + +If you have a valid WSO2 subscription you can have access to WSO2 private Docker images. These images will get updated frequently with bug fixes, security fixes and new improvements. To view available images visit [WSO2 Docker Repositories](https://docker.wso2.com/) + +## Docker command usage references + +* [Docker build command reference](https://docs.docker.com/engine/reference/commandline/build/) +* [Docker run command reference](https://docs.docker.com/engine/reference/run/) +* [Dockerfile reference](https://docs.docker.com/engine/reference/builder/) +* [Docker multi architecture build reference](https://docs.docker.com/desktop/multi-arch/) +* [Docker buildx reference](https://docs.docker.com/buildx/working-with-buildx/) diff --git a/dockerfiles/rocky/apim/docker-entrypoint.sh b/dockerfiles/rocky/apim/docker-entrypoint.sh new file mode 100755 index 00000000..2bf2dcfc --- /dev/null +++ b/dockerfiles/rocky/apim/docker-entrypoint.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# ------------------------------------------------------------------------ +# Copyright 2018 WSO2, Inc. (http://wso2.com) +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License +# ------------------------------------------------------------------------ + +set -e + +# volume mounts +config_volume=${WORKING_DIRECTORY}/wso2-config-volume +artifact_volume=${WORKING_DIRECTORY}/wso2-artifact-volume +# home of the directories to be artifact synced within the WSO2 product home +deployment_volume=${WSO2_SERVER_HOME}/repository/deployment/server +# home of the directories with preserved, default deployment artifacts +original_deployment_artifacts=${WORKING_DIRECTORY}/wso2-tmp + +# check if the WSO2 non-root user home exists +test ! -d ${WORKING_DIRECTORY} && echo "WSO2 Docker non-root user home does not exist" && exit 1 + +# check if the WSO2 product home exists +test ! -d ${WSO2_SERVER_HOME} && echo "WSO2 Docker product home does not exist" && exit 1 + +# shared artifact directories +directories=("executionplans" "synapse-configs") +# if the original directory locations of artifacts to be synced between nodes are empty, +# copy the preserved, default content of these folders to these original locations +for shared_directory in ${directories[@]}; do + if test -d ${original_deployment_artifacts}/${shared_directory}; + then + if [[ -z "$(ls -A ${deployment_volume}/${shared_directory})" ]]; then + if ! cp -R ${original_deployment_artifacts}/${shared_directory}/* ${deployment_volume}/${shared_directory}; + then + echo "Failed to copy the preserved, default artifacts to original location (${deployment_volume}/${shared_directory})" + exit 1 + fi + echo "Successfully copied the preserved, default artifacts to original location (${deployment_volume}/${shared_directory})" + fi + fi +done + +# optimize WSO2 Carbon Server, if the profile name is defined as an environment variable +if [[ ! -z "${PROFILE_NAME}" ]] +then + echo "Optimizing WSO2 Carbon Server" >&2 + sh ${WSO2_SERVER_HOME}/bin/profileSetup.sh -Dprofile=${PROFILE_NAME} +fi + +# copy any configuration changes mounted to config_volume +test -d ${config_volume} && [[ "$(ls -A ${config_volume})" ]] && cp -RL ${config_volume}/* ${WSO2_SERVER_HOME}/ +# copy any artifact changes mounted to artifact_volume +test -d ${artifact_volume} && [[ "$(ls -A ${artifact_volume})" ]] && cp -RL ${artifact_volume}/* ${WSO2_SERVER_HOME}/ + +# start WSO2 Carbon server +echo "Start WSO2 Carbon server" >&2 +if [[ -z "${PROFILE_NAME}" ]] +then + # start the server with the provided startup arguments + sh ${WSO2_SERVER_HOME}/bin/api-manager.sh "$@" +else + # start the server with the specified profile and provided startup arguments + sh ${WSO2_SERVER_HOME}/bin/api-manager.sh -Dprofile=${PROFILE_NAME} "$@" +fi From 273e6e0f4bb6978b45c7bc31658bbe9c9ae3b305 Mon Sep 17 00:00:00 2001 From: Dinith Herath Date: Mon, 17 Jun 2024 15:44:37 +0530 Subject: [PATCH 2/2] Update instructions to solve network issue in building containers --- dockerfiles/alpine/apim/README.md | 1 + dockerfiles/centos/apim/README.md | 1 + dockerfiles/jdk11/alpine/apim/README.md | 1 + dockerfiles/jdk11/centos/apim/README.md | 1 + dockerfiles/jdk11/ubuntu/apim/README.md | 1 + 5 files changed, 5 insertions(+) diff --git a/dockerfiles/alpine/apim/README.md b/dockerfiles/alpine/apim/README.md index 149c9396..e00da583 100755 --- a/dockerfiles/alpine/apim/README.md +++ b/dockerfiles/alpine/apim/README.md @@ -42,6 +42,7 @@ docker buildx build --platform linux/amd64 -t wso2am:4.2.0-alpine . ``` docker run -it -p 9443:9443 -p 8243:8243 wso2am:4.2.0-alpine ``` +> If you encounter issue related to downloading the product pack from hosted webserver, use the IP address of the network interface instead of `localhost` or `127.0.0.1` in the `WSO2_SERVER_DIST_URL`. > Here, only port 9443 (HTTPS servlet transport) and port 8243 (Passthrough or NIO HTTPS transport) have been mapped to Docker host ports. You may map other container service ports, which have been exposed to Docker host ports, as desired. diff --git a/dockerfiles/centos/apim/README.md b/dockerfiles/centos/apim/README.md index 1ab9eb11..e3ff4d9d 100755 --- a/dockerfiles/centos/apim/README.md +++ b/dockerfiles/centos/apim/README.md @@ -29,6 +29,7 @@ git clone https://github.com/wso2/docker-apim.git ``` docker build -t wso2am:4.2.0-centos . ``` +> If you encounter issue related to downloading the product pack from hosted webserver, use the IP address of the network interface instead of `localhost` or `127.0.0.1` in the `WSO2_SERVER_DIST_URL`. > By default, the Docker image will prepackage the General Availability (GA) release version of the relevant WSO2 product. diff --git a/dockerfiles/jdk11/alpine/apim/README.md b/dockerfiles/jdk11/alpine/apim/README.md index 213265ba..a16df405 100755 --- a/dockerfiles/jdk11/alpine/apim/README.md +++ b/dockerfiles/jdk11/alpine/apim/README.md @@ -28,6 +28,7 @@ git clone https://github.com/wso2/docker-apim.git ``` docker build -t wso2am:4.2.0-alpine-jdk11 . ``` +> If you encounter issue related to downloading the product pack from hosted webserver, use the IP address of the network interface instead of `localhost` or `127.0.0.1` in the `WSO2_SERVER_DIST_URL`. > By default, the Docker image will prepackage the General Availability (GA) release version of the relevant WSO2 product. diff --git a/dockerfiles/jdk11/centos/apim/README.md b/dockerfiles/jdk11/centos/apim/README.md index c75fec87..2bb22e28 100755 --- a/dockerfiles/jdk11/centos/apim/README.md +++ b/dockerfiles/jdk11/centos/apim/README.md @@ -29,6 +29,7 @@ git clone https://github.com/wso2/docker-apim.git ``` docker build -t wso2am:4.2.0-centos-jdk11 . ``` +> If you encounter issue related to downloading the product pack from hosted webserver, use the IP address of the network interface instead of `localhost` or `127.0.0.1` in the `WSO2_SERVER_DIST_URL`. > By default, the Docker image will prepackage the General Availability (GA) release version of the relevant WSO2 product. diff --git a/dockerfiles/jdk11/ubuntu/apim/README.md b/dockerfiles/jdk11/ubuntu/apim/README.md index c3d54e05..fbd0b35c 100755 --- a/dockerfiles/jdk11/ubuntu/apim/README.md +++ b/dockerfiles/jdk11/ubuntu/apim/README.md @@ -35,6 +35,7 @@ docker build -t wso2am:4.2.0-jdk11 . ``` docker run -it -p 9443:9443 -p 8243:8243 wso2am:4.2.0-jdk11 ``` +> If you encounter issue related to downloading the product pack from hosted webserver, use the IP address of the network interface instead of `localhost` or `127.0.0.1` in the `WSO2_SERVER_DIST_URL`. > Here, only port 9443 (HTTPS servlet transport) and port 8243 (Passthrough or NIO HTTPS transport) have been mapped to Docker host ports. You may map other container service ports, which have been exposed to Docker host ports, as desired.