Alex Dadgar
GitHub
commit
21e170c0d2
37
dev/docker-clients/build/Dockerfile
Normal file
37
dev/docker-clients/build/Dockerfile
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
FROM alpine:3.6
|
||||
|
||||
RUN addgroup nomad && \
|
||||
adduser -S -G nomad nomad
|
||||
|
||||
ENV GLIBC_VERSION "2.25-r0"
|
||||
ENV GOSU_VERSION 1.10
|
||||
ENV DUMB_INIT_VERSION 1.2.0
|
||||
|
||||
RUN set -x && \
|
||||
apk --update add --no-cache --virtual .gosu-deps tzdata dpkg curl ca-certificates gnupg libcap openssl && \
|
||||
curl -Ls https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk > /tmp/glibc-${GLIBC_VERSION}.apk && \
|
||||
apk add --allow-untrusted /tmp/glibc-${GLIBC_VERSION}.apk && \
|
||||
rm -rf /tmp/glibc-${GLIBC_VERSION}.apk /var/cache/apk/* && \
|
||||
wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_amd64 && \
|
||||
chmod +x /usr/local/bin/dumb-init && \
|
||||
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" && \
|
||||
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" && \
|
||||
export GNUPGHOME="$(mktemp -d)" && \
|
||||
chmod +x /usr/local/bin/gosu && \
|
||||
gosu nobody true && \
|
||||
apk del .gosu-deps
|
||||
|
||||
ENV NOMAD_VERSION 0.7.0-beta1
|
||||
ENV NOMAD_SHA256 174794d96d2617252875e2e2ff9e496120acc4a97be54965c324b9a5d11b37ab
|
||||
|
||||
COPY nomad /bin/nomad
|
||||
|
||||
RUN mkdir -p /nomad/data && \
|
||||
mkdir -p /etc/nomad && \
|
||||
chown -R nomad:nomad /nomad
|
||||
|
||||
EXPOSE 4646 4647 4648
|
||||
|
||||
ADD start.sh /usr/local/bin/start.sh
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/start.sh"]
|
||||
65
dev/docker-clients/build/start.sh
Normal file
65
dev/docker-clients/build/start.sh
Normal file
|
|
@ -0,0 +1,65 @@
|
|||
#!/usr/local/bin/dumb-init /bin/sh
|
||||
# Script created following Hashicorp's model for Consul:
|
||||
# https://github.com/hashicorp/docker-consul/blob/master/0.X/docker-entrypoint.sh
|
||||
# Comments in this file originate from the project above, simply replacing 'Consul' with 'Nomad'.
|
||||
set -e
|
||||
|
||||
# Note above that we run dumb-init as PID 1 in order to reap zombie processes
|
||||
# as well as forward signals to all processes in its session. Normally, sh
|
||||
# wouldn't do either of these functions so we'd leak zombies as well as do
|
||||
# unclean termination of all our sub-processes.
|
||||
|
||||
# NOMAD_DATA_DIR is exposed as a volume for possible persistent storage. The
|
||||
# NOMAD_CONFIG_DIR isn't exposed as a volume but you can compose additional
|
||||
# config files in there if you use this image as a base, or use NOMAD_LOCAL_CONFIG
|
||||
# below.
|
||||
NOMAD_DATA_DIR=/nomad/data
|
||||
NOMAD_CONFIG_DIR=/etc/nomad
|
||||
|
||||
# You can also set the NOMAD_LOCAL_CONFIG environemnt variable to pass some
|
||||
# Nomad configuration JSON without having to bind any volumes.
|
||||
if [ -n "$NOMAD_LOCAL_CONFIG" ]; then
|
||||
echo "$NOMAD_LOCAL_CONFIG" > "$NOMAD_CONFIG_DIR/local.json"
|
||||
fi
|
||||
|
||||
# If the user is trying to run Nomad directly with some arguments, then
|
||||
# pass them to Nomad.
|
||||
if [ "${1:0:1}" = '-' ]; then
|
||||
set -- nomad "$@"
|
||||
fi
|
||||
|
||||
# Look for Nomad subcommands.
|
||||
if [ "$1" = 'agent' ]; then
|
||||
shift
|
||||
set -- nomad agent \
|
||||
-data-dir="$NOMAD_DATA_DIR" \
|
||||
-config="$NOMAD_CONFIG_DIR" \
|
||||
"$@"
|
||||
elif [ "$1" = 'version' ]; then
|
||||
# This needs a special case because there's no help output.
|
||||
set -- nomad "$@"
|
||||
elif nomad --help "$1" 2>&1 | grep -q "nomad $1"; then
|
||||
# We can't use the return code to check for the existence of a subcommand, so
|
||||
# we have to use grep to look for a pattern in the help output.
|
||||
set -- nomad "$@"
|
||||
fi
|
||||
|
||||
# If we are running Nomad, make sure it executes as the proper user.
|
||||
if [ "$1" = 'nomad' ]; then
|
||||
# If the data or config dirs are bind mounted then chown them.
|
||||
# Note: This checks for root ownership as that's the most common case.
|
||||
if [ "$(stat -c %u /nomad/data)" != "$(id -u root)" ]; then
|
||||
chown root:root /etc/nomad
|
||||
fi
|
||||
|
||||
# If requested, set the capability to bind to privileged ports before
|
||||
# we drop to the non-root user. Note that this doesn't work with all
|
||||
# storage drivers (it won't work with AUFS).
|
||||
if [ ! -z ${NOMAD+x} ]; then
|
||||
setcap "cap_net_bind_service=+ep" /bin/nomad
|
||||
fi
|
||||
|
||||
set -- gosu root "$@"
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
Loading…
Reference in a new issue