From fdfe7b30dbd1288f00dbd4c77f4a58192056cc69 Mon Sep 17 00:00:00 2001 From: yangyan Date: Thu, 5 Mar 2020 10:57:26 +0800 Subject: Remove sudo capability for onap user for VF-C resmanagement docker Change-Id: Iee12bf6a1211cab2a97ea9985eeec883e9ecdff5 Issue-ID: VFC-1640 Signed-off-by: yangyan --- ResmanagementService/docker/Dockerfile | 61 ++------------------- ResmanagementService/docker/docker-entrypoint.sh | 4 +- ResmanagementService/docker/docker-env-config.sh | 67 ++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 58 deletions(-) create mode 100644 ResmanagementService/docker/docker-env-config.sh diff --git a/ResmanagementService/docker/Dockerfile b/ResmanagementService/docker/Dockerfile index e2097cc..1b71e77 100644 --- a/ResmanagementService/docker/Dockerfile +++ b/ResmanagementService/docker/Dockerfile @@ -1,62 +1,11 @@ -# -# This file was auto-generated by gen-all-dockerfiles.sh; do not modify manually. -# -# nfvo-resmanagement/target/Dockerfile -# - -# 10-basebuild.txt - FROM centos:7 - -RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf -RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo -RUN yum update -y - -RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless -RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security ENV JAVA_HOME /usr/lib/jvm/jre - +ENV CATALINA_HOME /service +ADD . /service WORKDIR /service - -# 20-mysq.txt - -# Set up mysql -RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm -RUN yum -y update -RUN yum -y install -y mysql-server -RUN mysql_install_db --user=mysql --datadir=/var/lib/mysql - +RUN bash docker-env-config.sh VOLUME /var/lib/mysql - -COPY init-mysql.sh . - -# 30-tomcat.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY -# Set up tomcat -RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && rm -f apache-tomcat-8.5.30.tar.gz && rm -rf webapps && mkdir -p webapps/ROOT -RUN echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh -ENV CATALINA_HOME /service - -# 50-microservice.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY - -# Set up microservice - -RUN wget -q -O nfvo-resmanagement.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.resmanagement&a=vfc-nfvo-resmanagement-deployment&v=LATEST&e=zip" && unzip -q -o -B nfvo-resmanagement.zip && rm -f nfvo-resmanagement.zip -# Set permissions -RUN find . -type d -exec chmod o-w {} \; -RUN find . -name "*.sh" -exec chmod +x {} \; EXPOSE 8480 - - - -# 90-entrypoint.txt - -RUN yum clean all - -COPY instance-config.sh . -COPY instance-init.sh . -COPY instance-run.sh . -COPY instance-workaround.sh . -COPY docker-entrypoint.sh . +USER onap +WORKDIR /service ENTRYPOINT /service/docker-entrypoint.sh - -COPY LICENSE ./ONAP_LICENSE diff --git a/ResmanagementService/docker/docker-entrypoint.sh b/ResmanagementService/docker/docker-entrypoint.sh index c2cf899..5bf25a6 100644 --- a/ResmanagementService/docker/docker-entrypoint.sh +++ b/ResmanagementService/docker/docker-entrypoint.sh @@ -36,7 +36,7 @@ echo # Wait for MSB initialization echo Wait for MSB initialization -for i in {1..10}; do +for i in {1..5}; do curl -sS -m 1 $MSB_ADDR > /dev/null && break sleep $i done @@ -47,7 +47,7 @@ echo ./instance-config.sh # Start mysql -su mysql -c /usr/bin/mysqld_safe & +/usr/bin/mysqld_safe & # Perform one-time config if [ ! -e init.log ]; then diff --git a/ResmanagementService/docker/docker-env-config.sh b/ResmanagementService/docker/docker-env-config.sh new file mode 100644 index 0000000..b187d0b --- /dev/null +++ b/ResmanagementService/docker/docker-env-config.sh @@ -0,0 +1,67 @@ +#!/bin/bash + +add_user(){ + + useradd onap +} + +set_up_mysql_jdk(){ + + sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf + sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo + yum update -y + + yum install -y wget unzip socat java-1.8.0-openjdk-headless + sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security + + # Set up mysql + wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && \ + rpm -ivh mysql-community-release-el7-5.noarch.rpm && \ + rm -f mysql-community-release-el7-5.noarch.rpm + yum -y update + yum -y install -y mysql-server + mysql_install_db --user=onap --datadir=/var/lib/mysql + chown onap:onap -R /var/run/mysqld + chmod g+s /var/run/mysqld + setfacl -d --set u:onap:rwx /var/run/mysqld + chown onap:onap /var/log/mysqld.log + chmod g+s /var/log/mysqld.log + chown onap:onap -R /var/lib/mysql-files + chmod g+s /var/lib/mysql-files + setfacl -d --set u:onap:rwx /var/lib/mysql-files + chown onap:onap /etc/my.cnf +} + +set_up_tomcat(){ + # Set up tomcat + wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \ + tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \ + rm -f apache-tomcat-8.5.30.tar.gz && + rm -rf webapps && \ + mkdir -p webapps/ROOT + echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh + + #wget -q -O nfvo-resmanagement.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.resmanagement&a=vfc-nfvo-resmanagement-deployment&v=LATEST&e=zip" && \ + unzip -q -o -B nfvo-resmanagement.zip && \ + rm -f nfvo-resmanagement.zip + # Set permissions + find . -type d -exec chmod o-w {} \; + find . -name "*.sh" -exec chmod +x {} \; + chown onap:onap -R /service + chmod g+s /service + setfacl -d --set u:onap:rwx /service + +} + +clean_sf_cache(){ + + yum clean all +} + +add_user +set_up_mysql_jdk +wait +set_up_tomcat +wait +clean_sf_cache + -- cgit 1.2.3-korg