This is an automated email from the ASF dual-hosted git repository. robbie pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/main by this push: new 77a06a89d6 QPID-8352: [Broker-J] Official Docker image for Broker-J 77a06a89d6 is described below commit 77a06a89d64470b94fcd1bc93e95ed6cf57a49ea Author: Daniil Kirilyuk <daniel.kiril...@gmail.com> AuthorDate: Mon Nov 13 16:07:32 2023 +0100 QPID-8352: [Broker-J] Official Docker image for Broker-J --- .../org/apache/qpid/server/util/FileHelper.java | 6 +- .../src/main/markdown/release-instructions.md | 1 + .../src/docbkx/Apache-Qpid-Broker-J-Book.xml | 1 + doc/java-broker/src/docbkx/Java-Broker-Docker.xml | 471 +++++++++++++++++++++ qpid-docker/Containerfile | 88 ++++ qpid-docker/README.md | 242 +++++++++++ qpid-docker/broker.acl | 19 + qpid-docker/config.json | 102 +++++ qpid-docker/default.json | 14 + qpid-docker/docker-build.sh | 181 ++++++++ qpid-docker/entrypoint.sh | 36 ++ qpid-docker/preferences.json | 3 + qpid-docker/userPreferences.json | 3 + 13 files changed, 1166 insertions(+), 1 deletion(-) diff --git a/broker-core/src/main/java/org/apache/qpid/server/util/FileHelper.java b/broker-core/src/main/java/org/apache/qpid/server/util/FileHelper.java index e780a8fc36..038cdcfda3 100644 --- a/broker-core/src/main/java/org/apache/qpid/server/util/FileHelper.java +++ b/broker-core/src/main/java/org/apache/qpid/server/util/FileHelper.java @@ -62,7 +62,11 @@ public class FileHelper if (permissions != null) { - Files.setPosixFilePermissions(backupFile, permissions); + final Set<PosixFilePermission> backupPermissions = Files.getPosixFilePermissions(backupFile); + if (!backupPermissions.equals(permissions)) + { + Files.setPosixFilePermissions(backupFile, permissions); + } } atomicFileMoveOrReplace(tmpFile, targetFile); diff --git a/doc/developer-guide/src/main/markdown/release-instructions.md b/doc/developer-guide/src/main/markdown/release-instructions.md index 3068e27e13..b59dd08c4f 100644 --- a/doc/developer-guide/src/main/markdown/release-instructions.md +++ b/doc/developer-guide/src/main/markdown/release-instructions.md @@ -183,3 +183,4 @@ Sources are kept in a Git repository. Thus a git client is required. 14. Remove the previous release binaries from <https://dist.apache.org/repos/dist/release/qpid/broker-j> when a new one is announced. 15. Update jenkins jobs if required. +16. Docker images can be build and pushed to the container registry according to the qpid-docker [README.md](https://github.com/apache/qpid-broker-j/tree/main/qpid-docker#readme). diff --git a/doc/java-broker/src/docbkx/Apache-Qpid-Broker-J-Book.xml b/doc/java-broker/src/docbkx/Apache-Qpid-Broker-J-Book.xml index a8d04dfd18..eadef22eaa 100644 --- a/doc/java-broker/src/docbkx/Apache-Qpid-Broker-J-Book.xml +++ b/doc/java-broker/src/docbkx/Apache-Qpid-Broker-J-Book.xml @@ -42,4 +42,5 @@ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Appendix-Miscellaneous.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Appendix-Queue-Declaration-Arguments.xml"/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Appendix-BDB-HA-Initial-Configuration.xml"/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Java-Broker-Docker.xml"/> </book> diff --git a/doc/java-broker/src/docbkx/Java-Broker-Docker.xml b/doc/java-broker/src/docbkx/Java-Broker-Docker.xml new file mode 100644 index 0000000000..1b117419cf --- /dev/null +++ b/doc/java-broker/src/docbkx/Java-Broker-Docker.xml @@ -0,0 +1,471 @@ +<?xml version="1.0"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> + +<chapter xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="Java-Broker-Docker"> + <title>Docker Images</title> + + <section xml:id="Java-Broker-Docker-Building-Image"> + + <title>Building Container Image</title> + + <para> + To use an official Apache release in your image run the following command from the qpid-docker directory where + <QPID_RELEASE_VERSION> is the release version you wish to use (e.g. 9.1.0): + </para> + + <para> + <programlisting> + cd qpid-docker + </programlisting> + </para> + + <para> + <programlisting> + docker-build.sh --release <QPID_RELEASE_VERSION> + </programlisting> + </para> + + <para> + This will download the Qpid Broker-J release and copy all the files necessary to build the pre-configured + Docker image and provide you with additional instructions. Follow these instructions to finish building + the image you want based on the provided Docker file or even one of your own. + </para> + + <para> + If you would rather prefer to build the docker image from local Broker-J distribution, build the parent + project using the command + </para> + + <para> + <programlisting> + mvn clean install -DskipTests=true + </programlisting> + </para> + + <para> + Navigate to the module 'qpid-docker': + </para> + + <para> + <programlisting> + cd qpid-docker + </programlisting> + </para> + + <para> + Execute the command: + </para> + + <para> + <programlisting> + docker-build.sh --local-dist-path <PATH_TO_LOCAL_QPID_DISTRIBUTION> + </programlisting> + </para> + + <para> + This will copy all the files necessary to build the pre-configured Docker image and provide you with additional + instructions. Follow these instructions to finish building the image you want based on one of the provided + Docker file or even one of your own. + </para> + + </section> + + <section xml:id="Java-Broker-Docker-Running-The-Container"> + + <title>Running the Container</title> + + <section xml:id="Java-Broker-Docker-Container-Start"> + + <title>Container Start</title> + + <para> + Container can be started using following command: + </para> + + <para> + <programlisting> + docker run -d -p 5672:5672 -p 8080:8080 --name qpid <IMAGE_NAME> + </programlisting> + </para> + + <para> + or + </para> + + <para> + <programlisting> + podman run -d -p 5672:5672 -p 8080:8080 -v qpid_volume:/qpid-broker-j/work:Z --name qpid <IMAGE_NAME> + </programlisting> + </para> + + <para> + There are two ports exposed: 5672 for AMQP connections and 8080 for HTTP connections. + </para> + + <para> + There are following environment variables available when running the container: + </para> + + <table> + <title>Environment Variables</title> + <tgroup cols="2"> + <colspec colnum="1" colname="variable" colwidth="1*"/> + <colspec colnum="2" colname="description" colwidth="1*"/> + <thead> + <row> + <entry>Environment Variable</entry> + <entry>Description</entry> + </row> + </thead> + <tbody> + <row> + <entry>JAVA_GC</entry> + <entry>JVM Garbage Collector parameters, default value "-XX:+UseG1GC"</entry> + </row> + <row> + <entry>JAVA_MEM</entry> + <entry>JVM memory parameters, default value "-Xmx300m -XX:MaxDirectMemorySize=200m"</entry> + </row> + <row> + <entry>JAVA_OPTS</entry> + <entry>Further JVM parameters, default value is an empty string</entry> + </row> + </tbody> + </tgroup> + </table> + + </section> + + <section xml:id="Java-Broker-Docker-Container-Volume"> + + <title>Container Volume</title> + + <para> + The image will use the directory /qpid-broker-j/work to hold the configuration and the data of the + running broker. To persist the broker configuration and the data outside the container, start container + with the volume mapping: + </para> + + <para> + <programlisting> + docker run -d -p 5672:5672 -p 8080:8080 -v <BROKER_DIRECTOR_ON_HOST>:/qpid-broker-j/work --name qpid <IMAGE_NAME> + </programlisting> + </para> + + <para> + or + </para> + + <para> + <programlisting> + podman run -d -p 5672:5672 -p 8080:8080 -v <BROKER_DIRECTOR_ON_HOST>:/qpid-broker-j/work:Z --name qpid <IMAGE_NAME> + </programlisting> + </para> + + </section> + + <section xml:id="Java-Broker-Docker-Container-Stop"> + + <title>Stopping the Container</title> + + <para> + Running container can be stopped using following command: + </para> + + <para> + <programlisting> + docker stop <CONTAINER_NAME> + </programlisting> + </para> + + </section> + + </section> + + <section xml:id="Java-Broker-Docker-Broker-Users"> + + <title>Broker Users</title> + + <para> + Default configuration provides a preconfigured broker user, having read and write access to all broker objects: + </para> + + <para> + <itemizedlist> + <listitem><para>admin (default password 'admin')</para></listitem> + </itemizedlist> + </para> + + <para> + Username of the 'admin' user can be overridden be providing the variable QPID_ADMIN_USER on start, and the default + password of the 'admin' user can be overridden be providing the variable QPID_ADMIN_PASSWORD on start: + </para> + + <para> + <programlisting> + docker run -d -p 5672:5672 -p 8080:8080 -v qpid_volume:/qpid-broker-j/work -e QPID_ADMIN_USER=myuser -e QPID_ADMIN_PASSWORD=mypassword --name qpid <IMAGE_NAME> + </programlisting> + </para> + + <para> + Further broker users as well as other broker objects (queues, exchanges, keystores, truststore, ports etc.) + can be created via HTTP management interface. Description of the broker REST API can be found in broker book + (<link linkend="Java-Broker-Management-Channel-REST-API">chapter 6.3</link>). + </para> + + </section> + + <section xml:id="Java-Broker-Docker-Broker-Customization"> + + <title>Broker Customization</title> + + <para> + To customize broker before building the container image, its configuration files may be edited to start + broker with queues, exchanges, users or other objects. + </para> + + <para> + The file config.json contains definitions of the broker objects and references a file containing definitions + of virtualhost objects (exchanges and queues). + </para> + + <para> + It may be helpful first to create broker objects needed via broker web GUI or via REST API, and then + investigate the configuration files and copy the appropriate definitions to the configuration files used + for container image creation. + </para> + + <para> + An example of the default initial configuration JSON file is provided in broker book + (<link linkend="Java-Broker-Initial-Configuration">chapter 5.7</link>). + </para> + + <section xml:id="Java-Broker-Docker-Broker-Customization-Exchanges"> + + <title>Exchanges</title> + + <para> + To create exchanges a JSON element "exchanges" should be created containing an array of single + exchange definitions: + </para> + + <para> + <programlisting> + "exchanges" : [ { + "name" : "amq.direct", + "type" : "direct" + }, { + "name" : "amq.fanout", + "type" : "fanout" + }, { + "name" : "amq.match", + "type" : "headers" + }, { + "name" : "amq.topic", + "type" : "topic" + }, { + "name" : "request.QUEUE1", + "type" : "topic", + "durable" : true, + "durableBindings" : [ { + "arguments" : { }, + "destination" : "QUEUE1", + "bindingKey" : "#" + } ], + "unroutableMessageBehaviour" : "REJECT" + } ] + </programlisting> + </para> + + <para> + Information about exchanges, their types and properties can be found in broker book + (<link linkend="Java-Broker-Concepts-Exchanges">chapter 4.6</link>). + </para> + + <para> + Please note that each virtualhost pre-declares several exchanges, described in the broker book + (<link linkend="Java-Broker-Concepts-Exchanges-Predeclared">chapter 4.6.1</link>). + </para> + + </section> + + <section xml:id="Java-Broker-Docker-Broker-Customization-Queues"> + + <title>Queues</title> + + <para> + To create queue a JSON element "queues" should be created containing an array of single queue definitions: + </para> + + <para> + <programlisting> + "queues" : [ { + "name" : "QUEUE1", + "type" : "standard", + "durable" : true, + "maximumQueueDepthBytes" : 6144000, + "maximumQueueDepthMessages" : 6000, + "messageDurability" : "ALWAYS", + "overflowPolicy" : "REJECT" + }, { + "name" : "QUEUE2", + "type" : "standard", + "durable" : true, + "maximumQueueDepthBytes" : 6144000, + "maximumQueueDepthMessages" : 6000, + "messageDurability" : "ALWAYS", + "overflowPolicy" : "REJECT" + } ] + </programlisting> + </para> + + <para> + Information about queues, their types and properties can be found in broker book + (<link linkend="Java-Broker-Concepts-Queues">chapter 4.7</link>). + </para> + + </section> + + <section xml:id="Java-Broker-Docker-Broker-Customization-Users"> + + <title>Users</title> + + <para> + Users can be defined in an authentication provider. Authentication providers are defined on broker + level (file config.json). + </para> + + <para> + Information about authentication providers, their types and properties can be found in broker book + (<link linkend="Java-Broker-Security-Authentication-Providers">chapter 8.1</link>). + </para> + + <para> + Examples for most commonly used authentication providers can be found below. + </para> + + <section xml:id="Java-Broker-Docker-Broker-Customization-Users-Anonymous"> + + <title>Anonymous Authentication Provider</title> + + <para> + <programlisting> + "authenticationproviders" : [ { + "name" : "anon", + "type" : "Anonymous" + } ] + </programlisting> + </para> + + <para> + For additional details see broker book + (<link linkend="Java-Broker-Security-Anonymous-Provider">chapter 8.1.5</link>). + </para> + + </section> + + <section xml:id="Java-Broker-Docker-Broker-Customization-Users-Plain"> + + <title>Plain Authentication Provider</title> + + <para> + <programlisting> + "authenticationproviders" : [{ + "name" : "plain", + "type" : "Plain", + "secureOnlyMechanisms" : [], + "users" : [ { + "name" : "admin", + "type" : "managed", + "password" : "<PASSWORD>" + } ] + } ] + </programlisting> + </para> + + <para> + For additional details see broker book + (<link linkend="Java-Broker-Security-Plain-Provider">chapter 8.1.7</link>). + </para> + + </section> + + <section xml:id="Java-Broker-Docker-Broker-Customization-Users-ACL"> + + <title>ACL Rules</title> + + <para> + The ACL rules for users are defined in file broker.acl following the syntax: + </para> + + <para> + <programlisting> + ACL {permission} {<group-name>|<user-name>|ALL} {action|ALL} [object|ALL] [property=<property-values>] + </programlisting> + </para> + + <para> + The predefined broker.acl file contains permissions for the 'admin' user: + </para> + + <para> + <programlisting> + # account 'admin' - enabled all actions + ACL ALLOW-LOG admin ALL ALL + </programlisting> + </para> + + <para> + For additional details see broker book + (<link linkend="Java-Broker-Security-AccessControlProviders-ACLRules">chapter 8.3.2</link>). + </para> + + </section> + + </section> + + <section xml:id="Java-Broker-Docker-Broker-Customization-Override"> + + <title>Overriding Broker Configuration</title> + + <para> + Customized configuration for the Broker-J instance can be used by replacing the files residing in the work + folder with the custom ones, e.g. config.json or default.json. Put the replacement files inside a folder + and map it as a volume to: + </para> + + <para> + <programlisting> + docker run -d -p 5672:5672 -p 8080:8080 -v <DIRECTORY_ON_HOST>:/qpid-broker-j/work-override:Z --name qpid <IMAGE_NAME> + </programlisting> + </para> + + <para> + The contents of work-override folder will be copied over to work folder first time after the instance creation so that + the broker will start with user-supplied configuration. + </para> + + </section> + + </section> + +</chapter> \ No newline at end of file diff --git a/qpid-docker/Containerfile b/qpid-docker/Containerfile new file mode 100644 index 0000000000..a402cb2e32 --- /dev/null +++ b/qpid-docker/Containerfile @@ -0,0 +1,88 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +ARG OS_NAME=ubuntu + +# +# Builder images +# + +# Alpine +FROM docker.io/library/eclipse-temurin:17-jre-alpine AS builder-alpine +RUN adduser -u 1001 -G root qpid --disabled-password + +# Ubuntu +FROM docker.io/library/eclipse-temurin:17-jre AS builder-ubuntu +RUN useradd -u 1001 -G root qpid + +# +# Final image +# +FROM builder-${OS_NAME} + +ARG BROKER_VERSION="unknown" + +# Labels +LABEL description="Apache Qpid Broker-J ${BROKER_VERSION}" +LABEL io.k8s.display-name="qpid-broker-j ${BROKER_VERSION}" +LABEL io.k8s.description="Apache Qpid Broker-J ${BROKER_VERSION}" +LABEL maintainer="Apache Qpid Team, us...@qpid.apache.org" +LABEL name="Apache Qpid Broker-J" +LABEL summary="Apache Qpid Broker-J ${BROKER_VERSION}" +LABEL version="${BROKER_VERSION}" +LABEL url="https://qpid.apache.org/components/broker-j/index.html" + +# Java environment variables +ENV JAVA_GC="-XX:+UseG1GC" +ENV JAVA_MEM="-Xmx300m -XX:MaxDirectMemorySize=200m" +ENV JAVA_OPTS="" + +# Broker-J admin user credentials +ENV QPID_ADMIN_USER="admin" +ENV QPID_ADMIN_PASSWORD="admin" + +# Create work folder and subfolders +RUN mkdir -p /qpid-broker-j/etc && \ + mkdir -p /qpid-broker-j/work && \ + mkdir -p /qpid-broker-j/work-init && \ + mkdir -p /qpid-broker-j/work-override && \ + chmod -R 770 /qpid-broker-j && \ + chown -R 1001:root /qpid-broker-j + +# Declare volume +VOLUME ["/qpid-broker-j/work"] + +# Copy jar files +COPY --chown=1001:root --chmod=770 ./lib /qpid-broker-j/lib + +# Copy entrypoint script +COPY --chown=1001:root --chmod=770 entrypoint.sh /qpid-broker-j + +# Copy configuration files +COPY --chown=1001:root --chmod=660 broker.acl /qpid-broker-j/work-init +COPY --chown=1001:root --chmod=660 config.json /qpid-broker-j/work-init +COPY --chown=1001:root --chmod=660 default.json /qpid-broker-j/work-init +COPY --chown=1001:root --chmod=660 preferences.json /qpid-broker-j/work-init +COPY --chown=1001:root --chmod=660 userPreferences.json /qpid-broker-j/work-init + +WORKDIR /qpid-broker-j + +EXPOSE 5672 8080 + +USER 1001:root + +ENTRYPOINT exec /qpid-broker-j/entrypoint.sh diff --git a/qpid-docker/README.md b/qpid-docker/README.md new file mode 100644 index 0000000000..68f11fa34e --- /dev/null +++ b/qpid-docker/README.md @@ -0,0 +1,242 @@ +## Docker Image Example + +This is an example on how a Docker Image For Apache Qpid Broker-J based on Eclipse Temurin JRE image can be created. + +## Building Container Image + +To use an official Apache release in your image run the following command from the qpid-docker directory where +<QPID_RELEASE_VERSION> is the release version you wish to use (e.g. 9.1.0): + +``` +cd qpid-docker + +docker-build.sh --release <QPID_RELEASE_VERSION> +``` + +This will download the Qpid Broker-J release and copy all the files necessary to build the pre-configured Docker image +and provide you with additional instructions. Follow these instructions to finish building the image you want based on +the provided Docker file or even one of your own. + +If you would rather prefer to build the docker image from local Broker-J distribution, build the parent project using +the command + +``` +mvn clean install -DskipTests=true +``` + +Navigate to the module 'qpid-docker': + +``` +cd qpid-docker +``` + +Execute the command + +``` +docker-build.sh --local-dist-path <PATH_TO_LOCAL_QPID_DISTRIBUTION> +``` + +This will copy all the files necessary to build the pre-configured Docker image and provide you with additional +instructions. Follow these instructions to finish building the image you want based on one of the provided Docker file +or even one of your own. + +### Container Structure + +Broker-J files are copied to the folder /qpid-broker-j \ +This folder belongs to user qpid, which is part of the root group. Java process is executed under the qpid user as well. + +### Running the Container + +Container can be started using following command: +``` +docker run -d -p 5672:5672 -p 8080:8080 --name qpid <IMAGE_NAME> +``` +There are two ports exposed: 5672 for AMQP connections and 8080 for HTTP connections. + +There are following environment variables available when running the container: + +| Environment Variable | Description | +|----------------------|------------------------------------------------------------------------------| +| JAVA_GC | JVM Garbage Collector parameters, default value "-XX:+UseG1GC" | +| JAVA_MEM | JVM memory parameters, default value "-Xmx300m -XX:MaxDirectMemorySize=200m" | +| JAVA_OPTS | Further JVM parameters, empty by default | + +#### Container Volume + +The image will use the directory /qpid-broker-j/work to hold the configuration and the data of the running broker. +To persist the broker configuration and the data outside the container, start container with the volume mapping: + +``` +docker run -d -p 5672:5672 -p 8080:8080 -v <BROKER_DIRECTORY_ON_HOST>:/qpid-broker-j/work --name qpid <IMAGE_NAME> +``` +or +``` +podman run -d -p 5672:5672 -p 8080:8080 -v <BROKER_DIRECTORY_ON_HOST>:/qpid-broker-j/work:Z --name qpid <IMAGE_NAME> +``` + +### Stopping the Container + +Running container can be stopped using following command: +``` +docker stop qpid +``` + +### Broker Users + +Default configuration provides a preconfigured broker user, having read and write access to all broker objects: +- admin (default password 'admin') + +Username of the 'admin' user can be overridden be providing the variable QPID_ADMIN_USER on start, and the default +password of the 'admin' user can be overridden be providing the variable QPID_ADMIN_PASSWORD on start: + +``` +docker run -d -p 5672:5672 -p 8080:8080 -v <BROKER_DIRECTORY_ON_HOST>:/qpid-broker-j/work -e QPID_ADMIN_USER=myuser -e QPID_ADMIN_PASSWORD=mypassword --name qpid <IMAGE_NAME> +``` + +Further broker users as well as other broker objects (queues, exchanges, keystores, truststore, ports etc.) +can be created via HTTP management interface. Description of the broker REST API can be found in broker book (chapter 6.3). + +To change user password following command can be used: + +``` +curl -d '{"password": "<NEW_PASSWORD>"}' http://admin:admin@localhost:8080/api/latest/user/plain/<USERNAME> +``` + +## Broker Customization + +To customize broker before building the container image, its configuration files may be edited to start broker with +queues, exchanges, users or other objects. + +The file config.json contains definitions of the broker objects and references a file containing definitions +of virtualhost objects (exchanges and queues). + +It may be helpful first to create broker objects needed via broker web GUI or via REST API, and then investigate the +configuration files and copy the appropriate definitions to the configuration files used for container image creation. + +An example of the default initial configuration JSON file is provided in broker book (chapter 5.7). + +### Exchanges + +To create exchanges a JSON element "exchanges" should be created containing an array of single exchange definitions: + +``` +"exchanges" : [ { + "name" : "amq.direct", + "type" : "direct" + }, { + "name" : "amq.fanout", + "type" : "fanout" + }, { + "name" : "amq.match", + "type" : "headers" + }, { + "name" : "amq.topic", + "type" : "topic" + }, { + "name" : "request.QUEUE1", + "type" : "topic", + "durable" : true, + "durableBindings" : [ { + "arguments" : { }, + "destination" : "QUEUE1", + "bindingKey" : "#" + } ], + "unroutableMessageBehaviour" : "REJECT" + } +] +``` + +Information about exchanges, their types and properties can be found in broker book (chapter 4.6). + +Please note that each virtualhost pre-declares several exchanges, described in the broker book (chapter 4.6.1). + +### Queues + +To create queue a JSON element "queues" should be created containing an array of single queue definitions: + +``` +"queues" : [ { + "name" : "QUEUE1", + "type" : "standard", + "durable" : true, + "maximumQueueDepthBytes" : 6144000, + "maximumQueueDepthMessages" : 6000, + "messageDurability" : "ALWAYS", + "overflowPolicy" : "REJECT" + }, { + "name" : "QUEUE2", + "type" : "standard", + "durable" : true, + "maximumQueueDepthBytes" : 6144000, + "maximumQueueDepthMessages" : 6000, + "messageDurability" : "ALWAYS", + "overflowPolicy" : "REJECT" + } +] +``` + +Information about queues, their types and properties can be found in broker book (chapter 4.7). + +### Users + +Users can be defined in an authentication provider. Authentication providers are defined on broker level (file config.json). + +Information about authentication providers, their types and properties can be found in broker book (chapter 8.1). + +Examples for most commonly used authentication providers can be found below. + +#### Anonymous Authentication Provider + +``` +"authenticationproviders" : [ { + "name" : "anon", + "type" : "Anonymous" + } ] +``` +For additional details see broker book (chapter 8.1.5). + +#### Plain Authentication Provider + +``` +"authenticationproviders" : [{ + "name" : "plain", + "type" : "Plain", + "secureOnlyMechanisms" : [], + "users" : [ { + "name" : "admin", + "type" : "managed", + "password" : "<PASSWORD>" + } ] + } ] +``` + +For additional details see broker book (chapter 8.1.7). + +#### ACL Rules + +The ACL rules for users are defined in file broker.acl following the syntax: + +``` +ACL {permission} {<group-name>|<user-name>|ALL} {action|ALL} [object|ALL] [property=<property-values>] +``` + +The predefined broker.acl file contains permissions for the 'admin' user: + +``` +# account 'admin' - enabled all actions +ACL ALLOW-LOG QPID_ADMIN_USER ALL ALL +``` + +For additional details see broker book (chapter 8.3.2). + +### Overriding Broker Configuration + +Customized configuration for the Broker-J instance can be used by replacing the files residing in the work folder with +the custom ones, e.g. config.json or default.json. Put the replacement files inside a folder and map it as a volume to: + +``` +docker run -d -p 5672:5672 -p 8080:8080 -v <DIRECTORY_ON_HOST>:/qpid-broker-j/work-override:Z --name qpid <IMAGE_NAME> +``` + +The contents of work-override folder will be copied over to work folder first time after the instance creation so that +the broker will start with user-supplied configuration. \ No newline at end of file diff --git a/qpid-docker/broker.acl b/qpid-docker/broker.acl new file mode 100644 index 0000000000..7ab82ca278 --- /dev/null +++ b/qpid-docker/broker.acl @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# account 'admin' - enabled all actions +ACL ALLOW-LOG QPID_ADMIN_USER ALL ALL diff --git a/qpid-docker/config.json b/qpid-docker/config.json new file mode 100644 index 0000000000..68565c573c --- /dev/null +++ b/qpid-docker/config.json @@ -0,0 +1,102 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +{ + "name" : "${broker.name}", + "modelVersion" : "9.0", + "accesscontrolproviders" : [ { + "name" : "brokerAcl", + "type" : "AclFile", + "path" : "/qpid-broker-j/work/broker.acl" + } ], + "authenticationproviders" : [ { + "name" : "plain", + "type" : "Plain", + "secureOnlyMechanisms" : [], + "users" : [ { + "name" : "${QPID_ADMIN_USER}", + "type" : "managed", + "password" : "${QPID_ADMIN_PASSWORD}" + }] + } ], + "brokerloggers" : [ { + "name" : "console", + "type" : "Console", + "brokerloginclusionrules" : [ { + "name" : "Operational", + "type" : "NameAndLevel", + "level" : "INFO", + "loggerName" : "qpid.message.*" + }, { + "name" : "Qpid", + "type" : "NameAndLevel", + "level" : "INFO", + "loggerName" : "org.apache.qpid.*" + }, { + "name" : "Root", + "type" : "NameAndLevel", + "level" : "INFO", + "loggerName" : "ROOT" + }, { + "name" : "Statistics", + "type" : "NameAndLevel", + "level" : "INFO", + "loggerName" : "qpid.statistics.*" + } ] + } ], + "plugins" : [ { + "type" : "MANAGEMENT-HTTP", + "name" : "httpManagement", + "httpBasicAuthenticationEnabled": true + } ], + "ports" : [ { + "name" : "AMQP", + "port" : "${qpid.amqp_port}", + "authenticationProvider" : "plain", + "virtualhostaliases" : [ { + "name" : "defaultAlias", + "type" : "defaultAlias" + }, { + "name" : "hostnameAlias", + "type" : "hostnameAlias" + }, { + "name" : "nameAlias", + "type" : "nameAlias" + } ] + }, { + "name" : "HTTP", + "port" : "${qpid.http_port}", + "authenticationProvider" : "plain", + "protocols" : [ "HTTP" ] + } ], + "virtualhostnodes" : [ { + "name" : "default", + "type" : "JSON", + "defaultVirtualHostNode" : "true", + "preferenceStoreAttributes" : { + "type" : "JSON", + "attributes" : { + "path" : "/qpid-broker-j/work" + } + }, + "storePath" : "/qpid-broker-j/work", + "virtualHostInitialConfiguration" : "{}" + } ] +} diff --git a/qpid-docker/default.json b/qpid-docker/default.json new file mode 100644 index 0000000000..9ec681dfdc --- /dev/null +++ b/qpid-docker/default.json @@ -0,0 +1,14 @@ +{ + "name" : "default", + "modelVersion" : "9.0", + "type" : "BDB", + "storePath" : "/qpid-broker-j/work/messages", + "storeUnderfullSize" : "0", + "storeOverfullSize" : "0", + "context" : { + "qpid.broker.bdbCommiterNotifyThreshold" : "8", + "qpid.broker.bdbCommiterWaitTimeout" : "500", + "queue.defaultMaximumQueueDepthMessages" : "1000", + "queue.defaultMaximumQueueDepthBytes" : "1048576" + } +} \ No newline at end of file diff --git a/qpid-docker/docker-build.sh b/qpid-docker/docker-build.sh new file mode 100644 index 0000000000..41103233ff --- /dev/null +++ b/qpid-docker/docker-build.sh @@ -0,0 +1,181 @@ +#!/bin/sh +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +from_local_dist= +from_release= +local_dist_path= +qpid_version= +MY_NAME=$(basename "$0") + +print_help() +{ + cat << END_OF_HELP +Usage: $MY_NAME [OPTION]... + + options: + + --release Apache Qpid Broker-J release version to build with + --local-dist-path Path to the local Apache Qpid Broker-J distribution to build with + --help, -h, -? Print this help and exit + +END_OF_HELP +} + +parse_parameters() +{ + while [ $# -gt 0 ]; do + case $1 in + --local-dist-path) + from_local_dist=true + local_dist_path=$2 + shift;; + --release) + from_release=true + qpid_version=$2 + shift;; + --help | -h | -?) + print_help; exit 0;; + *) + echo "Unknown parameter '$1'" + exit 2;; + esac + shift + done + + if [ -n "${local_dist_path}" ] && [ -n "${qpid_version}" ]; then + echo "Please specify either building image from local installation or from a particular release version, but not both" + exit 2 + fi + + if [ -z "${local_dist_path}" ] && [ -z "${qpid_version}" ]; then + print_help + echo "Please specify either building image from local installation or from a particular release version" + exit 2 + fi + + if [ -n "${local_dist_path}" ]; then + + if [ ! -f "${local_dist_path}" ]; then + echo "Local distribution file ${local_dist_path} not found" + exit 1 + fi + + if [ "$(echo ${local_dist_path} | tail -c 7)" != "tar.gz" ]; then + echo "Local distribution file ${local_dist_path} should be a tar.gz archive" + exit 1 + fi + fi +} + +install() +{ + qpid_dist_dir="./qpid-broker-j" + qpid_dist_file_name= + + # Prepare directory + if [ ! -d "${qpid_dist_dir}" ]; then + echo "Creating directory ${qpid_dist_dir}" + mkdir -p "${qpid_dist_dir}" + elif [ ! -z "$(find "${temp_dir}" -name "${qpid_version}" -type d -mmin +60)" ]; then + echo "Cleaning up directory ${qpid_dist_dir}" + rm -rf ${qpid_dist_dir}/* + else + echo "Using directory ${qpid_dist_dir}" + fi + + if [ -n "${from_release}" ]; then + + qpid_dist_file_name="apache-qpid-broker-j-${qpid_version}-bin.tar.gz" + + # Check if the release is already available locally, if not try to download it + if [ -z "$(ls -A ${qpid_dist_dir})" ]; then + cdn="$(curl -s https://www.apache.org/dyn/closer.cgi\?preferred=true)/qpid/broker-j/${qpid_version}/binaries/" + archive="https://archive.apache.org/dist/qpid/broker-j/${qpid_version}/binaries/" + qpid_base_url=${cdn} + curl_output="${qpid_dist_dir}/${qpid_dist_file_name}" + + # Fallback to the apache archive if the version doesn't exist on the CDN anymore + if [ -z "$(curl -Is ${qpid_base_url}${qpid_dist_file_name} | head -n 1 | grep 200)" ]; then + qpid_base_url=${archive} + + # If the archive also doesn't work then report the failure and abort + if [ -z "$(curl -Is ${qpid_base_url}${qpid_dist_file_name} | head -n 1 | grep 200)" ]; then + echo "Failed to find ${qpid_dist_file_name}. Tried both ${cdn} and ${archive}." + exit 1 + fi + fi + + echo "Downloading ${qpid_dist_file_name} from ${qpid_base_url}..." + curl --progress-bar "${qpid_base_url}${qpid_dist_file_name}" --output "${curl_output}" + + fi + + elif [ -n "${from_local_dist}" ]; then + + qpid_dist_file_name=$(basename ${local_dist_path}) + qpid_version=$(echo "$qpid_dist_file_name" | sed -e 's/apache-qpid-broker-j-\(.*\)-bin.tar.gz/\1/') + + echo "Broker-J distribution file is $qpid_dist_file_name" + echo "Broker-J version is $qpid_version" + + echo "Copying ${local_dist_path} to ${qpid_dist_dir}..." + cp "$local_dist_path" "$qpid_dist_dir" + + else + exit 2 + fi + + echo "Expanding ${qpid_dist_dir}/${qpid_dist_file_name}..." + tar xzf "${qpid_dist_dir}"/"${qpid_dist_file_name}" --directory "${qpid_dist_dir}" --strip 1 + + echo "Removing ${qpid_dist_dir}/${qpid_dist_file_name}..." + rm -rf "${qpid_dist_dir}"/"${qpid_dist_file_name}" + + mkdir -p $qpid_dist_dir/${qpid_version}/docker/ + cp ./broker.acl "$qpid_dist_dir/${qpid_version}/docker/" + cp ./*.json "$qpid_dist_dir/${qpid_version}/docker/" + cp ./Containerfile "$qpid_dist_dir/${qpid_version}/docker/" + cp -r $qpid_dist_dir/${qpid_version}/lib "$qpid_dist_dir/${qpid_version}/docker/" + cp ./entrypoint.sh "$qpid_dist_dir/${qpid_version}/docker/" +} + +print_instruction() +{ + cat <<HERE + +Well done! Now you can continue with building the Docker image: + + # Go to $qpid_dist_dir/${qpid_version}/docker/ + $ cd $qpid_dist_dir/${qpid_version}/docker/ + + # For Ubuntu with JRE 17 + $ docker build -f ./Containerfile -t qpid-ubuntu . + + # For Alpine with JRE 17 + $ docker build -f ./Containerfile --build-arg OS_NAME=alpine -t qpid-alpine . + +Note: -t qpid-ubuntu and -t qpid-alpine are just a tag names for the purpose of this guide + +For more info see README.md + +HERE + exit 0 +} + +# main +parse_parameters "$@" && install && print_instruction diff --git a/qpid-docker/entrypoint.sh b/qpid-docker/entrypoint.sh new file mode 100644 index 0000000000..8af2430a58 --- /dev/null +++ b/qpid-docker/entrypoint.sh @@ -0,0 +1,36 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# This is the entry point for the docker images. +# This file is executed when "docker container create" or "docker run" is called. + +set -e + +if ! [ -f ./work/config.json ]; then + if [ -d ./work-init ]; then + for file in `ls ./work-init`; do echo copying file to work folder: $file; cp ./work-init/$file ./work || :; done + fi + sed -i "s/QPID_ADMIN_USER/${QPID_ADMIN_USER}/g" /qpid-broker-j/work/broker.acl + if [ -d ./work-override ]; then + for file in `ls ./work-override`; do echo copying file to work folder: $file; cp ./work-override/$file ./work || :; done + fi +else + echo "skipping broker instance creation; instance already exists" +fi + +exec java -server $JAVA_GC $JAVA_MEM $JAVA_OPTS -DQPID_HOME=/qpid-broker-j -DQPID_WORK=/qpid-broker-j/work -cp "/qpid-broker-j/lib/*" org.apache.qpid.server.Main \ No newline at end of file diff --git a/qpid-docker/preferences.json b/qpid-docker/preferences.json new file mode 100644 index 0000000000..22809bbbac --- /dev/null +++ b/qpid-docker/preferences.json @@ -0,0 +1,3 @@ +{ + "version" : "9.0" +} \ No newline at end of file diff --git a/qpid-docker/userPreferences.json b/qpid-docker/userPreferences.json new file mode 100644 index 0000000000..22809bbbac --- /dev/null +++ b/qpid-docker/userPreferences.json @@ -0,0 +1,3 @@ +{ + "version" : "9.0" +} \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org