diff options
Diffstat (limited to 'auth/docker')
| -rw-r--r-- | auth/docker/Dockerfile.base | 1 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.client | 2 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.config | 6 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.core | 1 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.ms | 1 | ||||
| -rw-r--r-- | auth/docker/README.txt | 6 | ||||
| -rw-r--r-- | auth/docker/aaf.sh | 5 | ||||
| -rwxr-xr-x | auth/docker/dbuild.sh | 3 | ||||
| -rw-r--r-- | auth/docker/drun.sh | 1 |
9 files changed, 23 insertions, 3 deletions
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base index 623d18d4..1d74362d 100644 --- a/auth/docker/Dockerfile.base +++ b/auth/docker/Dockerfile.base @@ -23,4 +23,5 @@ MAINTAINER AAF Team, AT&T 2018 LABEL description="aaf_base" RUN apk add --no-cache bash RUN apk add --no-cache openssl +RUN addgroup aaf && adduser aaf -G aaf -D -s /bin/bash diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client index c2e1d787..f662aace 100644 --- a/auth/docker/Dockerfile.client +++ b/auth/docker/Dockerfile.client @@ -31,4 +31,6 @@ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/ COPY cert/*trust*.b64 /opt/app/aaf_config/cert/ +RUN chown -R aaf:aaf /opt/app/aaf_config + CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"] diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config index d1b6b237..ca3df765 100644 --- a/auth/docker/Dockerfile.config +++ b/auth/docker/Dockerfile.config @@ -35,7 +35,9 @@ COPY logs /opt/app/aaf_config/logs COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh COPY bin/pod_wait.sh /opt/app/aaf_config/bin/ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ - +COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ + +RUN chown -R aaf:aaf /opt/app/aaf_config && mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf + CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] -#CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] CMD [] diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core index a15039aa..7237a00d 100644 --- a/auth/docker/Dockerfile.core +++ b/auth/docker/Dockerfile.core @@ -30,4 +30,5 @@ COPY lib /opt/app/aaf/lib COPY bin /opt/app/aaf/bin COPY theme /opt/app/aaf/theme +RUN chown -R aaf:aaf /opt/app/aaf diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms index 1eee1eec..222816c6 100644 --- a/auth/docker/Dockerfile.ms +++ b/auth/docker/Dockerfile.ms @@ -25,6 +25,7 @@ LABEL description="aaf_${AAF_COMPONENT}" LABEL version=${AAF_VERSION} COPY bin/pod_wait.sh /opt/app/aaf/bin/ +RUN mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf && chown -R aaf:aaf /opt/app/aaf/bin #CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"] CMD [] diff --git a/auth/docker/README.txt b/auth/docker/README.txt index f0d5ca57..d81fec84 100644 --- a/auth/docker/README.txt +++ b/auth/docker/README.txt @@ -57,3 +57,9 @@ bash drun.sh # watch logs in Agent Window cd ../logs sh taillog + + +#Running as ROOT +# docker gets the non-root user in its config during kubernetes +# install
https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh#n90
+# sudo usermod -aG docker $USERNAME
where $USERNAME can be ubuntu diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh index 3ed7eafb..a039be8a 100644 --- a/auth/docker/aaf.sh +++ b/auth/docker/aaf.sh @@ -22,10 +22,15 @@ . ./d.props DOCKER=${DOCKER:=docker} +# if something, may not want CASS attached all the tim +LINKS="--link $CASSANDRA_DOCKER" + function run_it() { $DOCKER run $@ \ + --user aaf \ -v "aaf_config:$CONF_ROOT_DIR" \ -v "aaf_status:/opt/app/aaf/status" \ + $LINKS \ --env aaf_locator_container=docker \ --env aaf_locator_fqdn=${HOSTNAME} \ --env aaf_locate_url=https://aaf-locate:8095 \ diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 924feea0..fd59ed49 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -47,6 +47,7 @@ rm Dockerfile # Create the AAF Config (Security) Images cd .. cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin +cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin cp -Rf ../conf/CA sample @@ -70,7 +71,7 @@ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/$ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest # Clean up -rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar +rm sample/Dockerfile sample/bin/aaf-*-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar rm -Rf sample/CA cd - diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 32660760..6fc3a9a6 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -94,6 +94,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do # $ADD_HOST \ $DOCKER run \ -d \ + --user aaf \ --name aaf-$AAF_COMPONENT \ ${LINKS} \ --env AAF_ENV=${AAF_ENV} \ |