build(docker): change docker base image to debian, and add new tag for alpine image

.github/workflows/build_packages.yaml

@@ -344,7 +344,8 @@ jobs:
       fail-fast: false
       matrix:
         os:
-          - alpine3.15.1
+          - [alpine3.15.1, "alpine:3.15.1", "deploy/docker/Dockerfile.alpine"]
+          - [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
         profile: ${{ fromJson(needs.prepare.outputs.BUILD_PROFILES) }}
         # NOTE: for docker, only support latest otp and elixir
         # versions, not a matrix
@@ -368,7 +369,7 @@ jobs:
           - arch: amd64
             build_machine: aws-arm64
         include:
-          - os: alpine3.15.1
+          - os: [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
             profile: emqx
             otp: 24.2.1-1
             elixir: 1.13.4
@@ -376,7 +377,7 @@ jobs:
             build_elixir: no_elixir
             build_machine: ubuntu-20.04
             registry: public.ecr.aws
-          - os: alpine3.15.1
+          - os: [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
             profile: emqx
             otp: 24.2.1-1
             elixir: 1.13.4
@@ -402,7 +403,7 @@ jobs:
         path: |
           source/_build/default/lib/quicer/
           source/deps/quicer/
-        key: ${{ matrix.os }}-${{ matrix.otp }}-${{ matrix.arch }}-${{ needs.prepare.outputs.DEP_QUICER_REF }}
+        key: ${{ matrix.os[0] }}-${{ matrix.otp }}-${{ matrix.arch }}-${{ needs.prepare.outputs.DEP_QUICER_REF }}
 
     - name: Login for docker.
       uses: docker/login-action@v1
@@ -423,7 +424,6 @@ jobs:
     - name: prepare for docker-action-parms
       id: pre-meta
       run: |
-        img=$(echo ${{ matrix.os }} | sed 's#\([0-9.]\+\)$#:\1#g')
         emqx_name=${{ matrix.profile }}
         img_suffix=${{ matrix.arch }}
         img_labels="org.opencontainers.image.otp.version=${{ matrix.otp }}"
@@ -433,7 +433,9 @@ jobs:
           img_suffix="elixir-${{ matrix.arch }}"
           img_labels="org.opencontainers.image.elixir.version=${{ matrix.elixir }}\n${img_labels}"
         fi
-        echo "::set-output name=img::${img}"
+        if [[ ${{ matrix.os[0] }} =~ "alpine" ]]; then
+          img_suffix="${img_suffix}-alpine"
+        fi
         echo "::set-output name=emqx_name::${emqx_name}"
         echo "::set-output name=img_suffix::${img_suffix}"
         echo "::set-output name=img_labels::${img_labels}"
@@ -465,10 +467,10 @@ jobs:
         tags: ${{ steps.meta.outputs.tags }}
         labels: ${{ steps.meta.outputs.labels }}
         build-args: |
-          BUILD_FROM=ghcr.io/emqx/emqx-builder/5.0-16:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}
-          RUN_FROM=${{ steps.pre-meta.outputs.img }}
+          BUILD_FROM=ghcr.io/emqx/emqx-builder/5.0-16:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os[0] }}
+          RUN_FROM=${{ matrix.os[1] }}
           EMQX_NAME=${{ steps.pre-meta.outputs.emqx_name }}
-        file: source/deploy/docker/Dockerfile
+        file: source/${{ matrix.os[2] }}
         context: source
 
   docker-push-multi-arch-manifest:
@@ -483,6 +485,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        os:
+          - [alpine3.15.1, "alpine:3.15.1", "deploy/docker/Dockerfile.alpine"]
+          - [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
         profile: ${{ fromJson(needs.prepare.outputs.BUILD_PROFILES) }}
         # NOTE: for docker, only support latest otp version, not a matrix
         otp:
@@ -506,7 +511,7 @@ jobs:
           - arch: amd64
             build_machine: aws-arm64
         include:
-          - os: alpine3.15.1
+          - os: [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
             profile: emqx
             otp: 24.2.1-1
             elixir: 1.13.4
@@ -514,7 +519,7 @@ jobs:
             build_elixir: no_elixir
             build_machine: ubuntu-20.04
             registry: public.ecr.aws
-          - os: alpine3.15.1
+          - os: [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
             profile: emqx
             otp: 24.2.1-1
             elixir: 1.13.4
@@ -551,7 +556,6 @@ jobs:
       - name: prepare for docker-action-parms
         id: pre-meta
         run: |
-          img=$(echo ${{ matrix.os }} | sed 's#\([0-9.]\+\)$#:\1#g')
           emqx_name=${{ matrix.profile }}
           img_suffix=${{ matrix.arch }}
           img_labels="org.opencontainers.image.otp.version=${{ matrix.otp }}"
@@ -561,6 +565,9 @@ jobs:
             img_suffix="elixir-${{ matrix.arch }}"
             img_labels="org.opencontainers.image.elixir.version=${{ matrix.elixir }}\n$img_labels"
           fi
+          if [[ ${{ matrix.os[0] }} =~ "alpine" ]]; then
+            img_suffix="${img_suffix}-alpine"
+          fi
           echo "::set-output name=img::${img}"
           echo "::set-output name=emqx_name::${emqx_name}"
           echo "::set-output name=img_suffix::${img_suffix}"

.github/workflows/run_fvt_tests.yaml

@@ -47,7 +47,7 @@ jobs:
           - mnesia
           - rlog
         os:
-          - alpine3.15.1
+          - ["alpine3.15.1", "alpine:3.15.1"]
         otp:
           - 24.2.1-1
         elixir:
@@ -78,12 +78,13 @@ jobs:
         path: |
           source/_build/default/lib/quicer/
           source/deps/quicer/
-        key: ${{ matrix.os }}-${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.arch }}-${{ steps.deps-refs.outputs.DEP_QUICER_REF }}
+        key: ${{ matrix.os[0] }}-${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.arch }}-${{ steps.deps-refs.outputs.DEP_QUICER_REF }}
 
     - name: make docker image
       working-directory: source
       env:
-        EMQX_BUILDER: ghcr.io/emqx/emqx-builder/5.0-16:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}
+        EMQX_BUILDER: ghcr.io/emqx/emqx-builder/5.0-16:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os[0] }}
+        EMQX_RUNNER: ${{ matrix.os[1] }}
       run: |
         make ${{ matrix.profile }}-docker
     - name: run emqx
@@ -128,7 +129,7 @@ jobs:
         profile:
         - emqx
         os:
-          - alpine3.15.1
+          - ["debian11", "debian:11-slim"]
         otp:
           - 24.2.1-1
         elixir:
@@ -158,12 +159,13 @@ jobs:
       uses: actions/cache@v2
       with:
         path: source/_build/default/lib/quicer/
-        key: ${{ matrix.os }}-${{ matrix.otp }}-${{ matrix.arch }}-${{ steps.deps-refs.outputs.DEP_QUICER_REF }}
+        key: ${{ matrix.os[0] }}-${{ matrix.otp }}-${{ matrix.arch }}-${{ steps.deps-refs.outputs.DEP_QUICER_REF }}
 
     - name: make docker image
       working-directory: source
       env:
-        EMQX_BUILDER: ghcr.io/emqx/emqx-builder/5.0-16:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}
+        EMQX_BUILDER: ghcr.io/emqx/emqx-builder/5.0-16:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os[0] }}
+        EMQX_RUNNER: ${{ matrix.os[1] }}
       run: |
         make ${{ matrix.profile }}-docker
         echo "TARGET=emqx/${{ matrix.profile }}" >> $GITHUB_ENV

Makefile

@@ -3,12 +3,11 @@ REBAR = $(CURDIR)/rebar3
 BUILD = $(CURDIR)/build
 SCRIPTS = $(CURDIR)/scripts
 export EMQX_RELUP ?= true
-export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.0-16:1.13.4-24.2.1-1-alpine3.15.1
-export EMQX_DEFAULT_RUNNER = alpine:3.15.1
+export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.0-16:1.13.4-24.2.1-1-debian11
+export EMQX_DEFAULT_RUNNER = debian:11-slim
 export OTP_VSN ?= $(shell $(CURDIR)/scripts/get-otp-vsn.sh)
 export ELIXIR_VSN ?= $(shell $(CURDIR)/scripts/get-elixir-vsn.sh)
 export EMQX_DASHBOARD_VERSION ?= v0.35.0
-export DOCKERFILE := deploy/docker/Dockerfile
 export EMQX_REL_FORM ?= tgz
 ifeq ($(OS),Windows_NT)
 	export REBAR_COLOR=none

build

@@ -209,13 +209,18 @@ make_tgz() {
     log "Tarball sha256sum: $(cat "${target}.sha256")"
 }
 
-## This function builds the default docker image based on alpine:3.15.1 (by default)
+## This function builds the default docker image based on debian 11
 make_docker() {
     EMQX_BUILDER="${EMQX_BUILDER:-${EMQX_DEFAULT_BUILDER}}"
     EMQX_RUNNER="${EMQX_RUNNER:-${EMQX_DEFAULT_RUNNER}}"
-
-    if [[ "$PROFILE" = *-elixir ]]
-    then
+    if [ -z "${EMQX_DOCKERFILE:-}" ]; then
+        if [[ "$EMQX_BUILDER" =~ "alpine" ]]; then
+            EMQX_DOCKERFILE='deploy/docker/Dockerfile.alpine'
+        else
+            EMQX_DOCKERFILE='deploy/docker/Dockerfile'
+        fi
+    fi
+    if [[ "$PROFILE" = *-elixir ]]; then
       PKG_VSN="$PKG_VSN-elixir"
     fi
 
@@ -225,7 +230,7 @@ make_docker() {
        --build-arg RUN_FROM="${EMQX_RUNNER}" \
        --build-arg EMQX_NAME="$PROFILE" \
        --tag "emqx/${PROFILE%%-elixir}:${PKG_VSN}" \
-       -f "${DOCKERFILE}" .
+       -f "${EMQX_DOCKERFILE}" .
 }
 
 function join {

deploy/docker/Dockerfile

@@ -1,28 +1,7 @@
-ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.0-16:1.13.4-24.2.1-1-alpine3.15.1
-ARG RUN_FROM=alpine:3.15.1
+ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.0-16:1.13.4-24.2.1-1-debian11
+ARG RUN_FROM=debian:11-slim
 FROM ${BUILD_FROM} AS builder
 
-RUN apk add --no-cache \
-    autoconf \
-    automake \
-    bash \
-    bison \
-    bsd-compat-headers \
-    coreutils \
-    curl \
-    flex \
-    g++ \
-    gcc \
-    git \
-    jq \
-    libc-dev \
-    libstdc++ \
-    libtool \
-    make \
-    ncurses-dev \
-    openssl-dev \
-    perl
-
 COPY . /emqx
 
 ARG EMQX_NAME=emqx
@@ -45,15 +24,18 @@ COPY deploy/docker/docker-entrypoint.sh /usr/bin/
 COPY --from=builder /emqx-rel/emqx /opt/emqx
 
 RUN ln -s /opt/emqx/bin/* /usr/local/bin/
-RUN apk add --no-cache curl ncurses-libs openssl sudo libstdc++ bash
 
-WORKDIR /opt/emqx
+RUN apt-get update; \
+    apt-get install -y --no-install-recommends ca-certificates procps; \
+    rm -rf /var/lib/apt/lists/*
 
-RUN adduser -D -u 1000 emqx \
-    && echo "emqx ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers
+WORKDIR /opt/emqx
 
-RUN chgrp -Rf emqx /opt/emqx && chmod -Rf g+w /opt/emqx \
-    && chown -Rf emqx /opt/emqx
+RUN groupadd -r -g 1000 emqx; \
+    useradd -r -m -u 1000 -g emqx emqx; \
+    chgrp -Rf emqx /opt/emqx; \
+    chmod -Rf g+w /opt/emqx; \
+    chown -Rf emqx /opt/emqx
 
 USER emqx
 

deploy/docker/Dockerfile.alpine

@@ -0,0 +1,77 @@
+ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.0-15:1.13.3-24.2.1-1-alpine3.15.1
+ARG RUN_FROM=alpine:3.15.1
+FROM ${BUILD_FROM} AS builder
+
+RUN apk add --no-cache \
+    autoconf \
+    automake \
+    bash \
+    bison \
+    bsd-compat-headers \
+    coreutils \
+    curl \
+    flex \
+    g++ \
+    gcc \
+    git \
+    jq \
+    libc-dev \
+    libstdc++ \
+    libtool \
+    make \
+    ncurses-dev \
+    openssl-dev \
+    perl
+
+COPY . /emqx
+
+ARG EMQX_NAME=emqx
+ENV EMQX_RELUP=false
+
+RUN export PROFILE="$EMQX_NAME" \
+    && export EMQX_NAME=${EMQX_NAME%%-elixir} \
+    && export EMQX_LIB_PATH="_build/$EMQX_NAME/lib" \
+    && export EMQX_REL_PATH="/emqx/_build/$EMQX_NAME/rel/emqx" \
+    && export EMQX_REL_FORM='docker' \
+    && cd /emqx \
+    && rm -rf $EMQX_LIB_PATH \
+    && make $PROFILE \
+    && mkdir -p /emqx-rel \
+    && mv $EMQX_REL_PATH /emqx-rel
+
+FROM $RUN_FROM
+
+COPY deploy/docker/docker-entrypoint.sh /usr/bin/
+COPY --from=builder /emqx-rel/emqx /opt/emqx
+
+RUN ln -s /opt/emqx/bin/* /usr/local/bin/
+RUN apk add --no-cache curl ncurses-libs openssl sudo libstdc++ bash
+
+WORKDIR /opt/emqx
+
+RUN adduser -D -u 1000 emqx \
+    && echo "emqx ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers
+
+RUN chgrp -Rf emqx /opt/emqx && chmod -Rf g+w /opt/emqx \
+    && chown -Rf emqx /opt/emqx
+
+USER emqx
+
+VOLUME ["/opt/emqx/log", "/opt/emqx/data"]
+
+# emqx will occupy these port:
+# - 1883 port for MQTT
+# - 8081 for mgmt API
+# - 8083 for WebSocket/HTTP
+# - 8084 for WSS/HTTPS
+# - 8883 port for MQTT(SSL)
+# - 11883 port for internal MQTT/TCP
+# - 18083 for dashboard
+# - 4370 default Erlang distrbution port
+# - 5369 for gen_rpc port mapping
+# - 6369 6370 for distributed node
+EXPOSE 1883 8081 8083 8084 8883 11883 18083 4370 5369 6369 6370
+
+ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
+
+CMD ["/opt/emqx/bin/emqx", "foreground"]