summaryrefslogtreecommitdiffstats
path: root/auth/docker
diff options
context:
space:
mode:
Diffstat (limited to 'auth/docker')
-rw-r--r--auth/docker/Dockerfile.base1
-rw-r--r--auth/docker/Dockerfile.client2
-rw-r--r--auth/docker/Dockerfile.config6
-rw-r--r--auth/docker/Dockerfile.core1
-rw-r--r--auth/docker/Dockerfile.ms1
-rw-r--r--auth/docker/README.txt6
-rw-r--r--auth/docker/aaf.sh5
-rwxr-xr-xauth/docker/dbuild.sh3
-rw-r--r--auth/docker/drun.sh1
9 files changed, 23 insertions, 3 deletions
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index 623d18d4..1d74362d 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -23,4 +23,5 @@ MAINTAINER AAF Team, AT&T 2018
LABEL description="aaf_base"
RUN apk add --no-cache bash
RUN apk add --no-cache openssl
+RUN addgroup aaf && adduser aaf -G aaf -D -s /bin/bash
diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client
index c2e1d787..f662aace 100644
--- a/auth/docker/Dockerfile.client
+++ b/auth/docker/Dockerfile.client
@@ -31,4 +31,6 @@ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/
COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
+RUN chown -R aaf:aaf /opt/app/aaf_config
+
CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"]
diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config
index d1b6b237..ca3df765 100644
--- a/auth/docker/Dockerfile.config
+++ b/auth/docker/Dockerfile.config
@@ -35,7 +35,9 @@ COPY logs /opt/app/aaf_config/logs
COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh
COPY bin/pod_wait.sh /opt/app/aaf_config/bin/
COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
-
+COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/
+
+RUN chown -R aaf:aaf /opt/app/aaf_config && mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf
+
CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
-#CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
CMD []
diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core
index a15039aa..7237a00d 100644
--- a/auth/docker/Dockerfile.core
+++ b/auth/docker/Dockerfile.core
@@ -30,4 +30,5 @@ COPY lib /opt/app/aaf/lib
COPY bin /opt/app/aaf/bin
COPY theme /opt/app/aaf/theme
+RUN chown -R aaf:aaf /opt/app/aaf
diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms
index 1eee1eec..222816c6 100644
--- a/auth/docker/Dockerfile.ms
+++ b/auth/docker/Dockerfile.ms
@@ -25,6 +25,7 @@ LABEL description="aaf_${AAF_COMPONENT}"
LABEL version=${AAF_VERSION}
COPY bin/pod_wait.sh /opt/app/aaf/bin/
+RUN mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf && chown -R aaf:aaf /opt/app/aaf/bin
#CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"]
CMD []
diff --git a/auth/docker/README.txt b/auth/docker/README.txt
index f0d5ca57..d81fec84 100644
--- a/auth/docker/README.txt
+++ b/auth/docker/README.txt
@@ -57,3 +57,9 @@ bash drun.sh
# watch logs in Agent Window
cd ../logs
sh taillog
+
+
+#Running as ROOT
+# docker gets the non-root user in its config during kubernetes
+# install
https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh#n90

+# sudo usermod -aG docker $USERNAME
where $USERNAME can be ubuntu
diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh
index 3ed7eafb..a039be8a 100644
--- a/auth/docker/aaf.sh
+++ b/auth/docker/aaf.sh
@@ -22,10 +22,15 @@
. ./d.props
DOCKER=${DOCKER:=docker}
+# if something, may not want CASS attached all the tim
+LINKS="--link $CASSANDRA_DOCKER"
+
function run_it() {
$DOCKER run $@ \
+ --user aaf \
-v "aaf_config:$CONF_ROOT_DIR" \
-v "aaf_status:/opt/app/aaf/status" \
+ $LINKS \
--env aaf_locator_container=docker \
--env aaf_locator_fqdn=${HOSTNAME} \
--env aaf_locate_url=https://aaf-locate:8095 \
diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh
index 924feea0..fd59ed49 100755
--- a/auth/docker/dbuild.sh
+++ b/auth/docker/dbuild.sh
@@ -47,6 +47,7 @@ rm Dockerfile
# Create the AAF Config (Security) Images
cd ..
cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin
+cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin
cp -Rf ../conf/CA sample
@@ -70,7 +71,7 @@ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/$
$DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest
# Clean up
-rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
+rm sample/Dockerfile sample/bin/aaf-*-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar
rm -Rf sample/CA
cd -
diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh
index 32660760..6fc3a9a6 100644
--- a/auth/docker/drun.sh
+++ b/auth/docker/drun.sh
@@ -94,6 +94,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do
# $ADD_HOST \
$DOCKER run \
-d \
+ --user aaf \
--name aaf-$AAF_COMPONENT \
${LINKS} \
--env AAF_ENV=${AAF_ENV} \