diff options
Diffstat (limited to 'auth/docker')
| -rw-r--r-- | auth/docker/.gitignore | 1 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.base | 2 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.client | 6 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.config | 10 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.core | 1 | ||||
| -rw-r--r-- | auth/docker/Dockerfile.ms | 5 | ||||
| -rw-r--r-- | auth/docker/README.txt | 6 | ||||
| -rw-r--r-- | auth/docker/aaf.sh | 11 | ||||
| -rw-r--r-- | auth/docker/agent.sh | 56 | ||||
| -rw-r--r-- | auth/docker/d.props.init | 2 | ||||
| -rwxr-xr-x | auth/docker/dbuild.sh | 8 | ||||
| -rw-r--r-- | auth/docker/drun.sh | 9 | ||||
| -rw-r--r-- | auth/docker/dstop.sh | 4 |
13 files changed, 99 insertions, 22 deletions
diff --git a/auth/docker/.gitignore b/auth/docker/.gitignore index 1c98ea37..ad950a43 100644 --- a/auth/docker/.gitignore +++ b/auth/docker/.gitignore @@ -8,3 +8,4 @@ /*.orig /.curl_auth /test.sh +/*.tgz diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base index 623d18d4..af29b951 100644 --- a/auth/docker/Dockerfile.base +++ b/auth/docker/Dockerfile.base @@ -23,4 +23,6 @@ MAINTAINER AAF Team, AT&T 2018 LABEL description="aaf_base" RUN apk add --no-cache bash RUN apk add --no-cache openssl +RUN apk add --no-cache curl +RUN if [ -n "${DUSER}" ]; then addgroup ${DUSER} && adduser ${DUSER} -G ${DUSER} -D -s /bin/bash; fi diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client index c2e1d787..111c3774 100644 --- a/auth/docker/Dockerfile.client +++ b/auth/docker/Dockerfile.client @@ -25,10 +25,12 @@ ENV VERSION=${AAF_VERSION} LABEL description="aaf_agent" LABEL version=${AAF_VERSION} -COPY logs /opt/app/aaf_config/logs COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/ +COPY logs /opt/app/aaf_config/logs COPY cert/*trust*.b64 /opt/app/aaf_config/cert/ -CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"] +RUN if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi + +CMD [] diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config index d1b6b237..7e442b2a 100644 --- a/auth/docker/Dockerfile.config +++ b/auth/docker/Dockerfile.config @@ -28,14 +28,16 @@ LABEL version=${AAF_VERSION} COPY data/sample.identities.dat /opt/app/aaf_config/data/ COPY etc /opt/app/aaf_config/etc COPY local /opt/app/aaf_config/local +COPY logs /opt/app/aaf_config/logs COPY cert /opt/app/aaf_config/cert COPY public /opt/app/aaf_config/public COPY CA /opt/app/aaf_config/CA -COPY logs /opt/app/aaf_config/logs COPY bin/service.sh /opt/app/aaf_config/bin/agent.sh COPY bin/pod_wait.sh /opt/app/aaf_config/bin/ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ - +COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ + +RUN mkdir -p /opt/app/osaaf +RUN if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi + CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] -#CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] -CMD [] diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core index a15039aa..f74e9fbd 100644 --- a/auth/docker/Dockerfile.core +++ b/auth/docker/Dockerfile.core @@ -30,4 +30,5 @@ COPY lib /opt/app/aaf/lib COPY bin /opt/app/aaf/bin COPY theme /opt/app/aaf/theme +RUN if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms index 1eee1eec..ead958b3 100644 --- a/auth/docker/Dockerfile.ms +++ b/auth/docker/Dockerfile.ms @@ -25,6 +25,11 @@ LABEL description="aaf_${AAF_COMPONENT}" LABEL version=${AAF_VERSION} COPY bin/pod_wait.sh /opt/app/aaf/bin/ +RUN mkdir -p /opt/app/osaaf +RUN mkdir -p /opt/app/aaf/status +RUN if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \ + && chown ${DUSER}:${DUSER} /opt/app/osaaf \ + && chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi #CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"] CMD [] diff --git a/auth/docker/README.txt b/auth/docker/README.txt index f0d5ca57..d81fec84 100644 --- a/auth/docker/README.txt +++ b/auth/docker/README.txt @@ -57,3 +57,9 @@ bash drun.sh # watch logs in Agent Window cd ../logs sh taillog + + +#Running as ROOT +# docker gets the non-root user in its config during kubernetes +# install
https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh#n90
+# sudo usermod -aG docker $USERNAME
where $USERNAME can be ubuntu diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh index 3ed7eafb..02d258f8 100644 --- a/auth/docker/aaf.sh +++ b/auth/docker/aaf.sh @@ -22,14 +22,23 @@ . ./d.props DOCKER=${DOCKER:=docker} +# if something, may not want CASS attached all the tim +LINKS="--link $CASSANDRA_DOCKER" + function run_it() { + if [ -n "${DUSER}" ]; then + USER_LINE="--user ${DUSER}" + fi $DOCKER run $@ \ + $USER_LINE \ -v "aaf_config:$CONF_ROOT_DIR" \ -v "aaf_status:/opt/app/aaf/status" \ + $LINKS \ --env aaf_locator_container=docker \ + --env aaf_locator_container_ns=${NAMESPACE} \ --env aaf_locator_fqdn=${HOSTNAME} \ --env aaf_locate_url=https://aaf-locate:8095 \ - --env aaf_locator_public_hostname=$HOSTNAME \ + --env aaf_locator_public_hostname=${HOSTNAME} \ --env AAF_ENV=${AAF_ENV} \ --env LATITUDE=${LATITUDE} \ --env LONGITUDE=${LONGITUDE} \ diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh index 86fee5f6..7340d30d 100644 --- a/auth/docker/agent.sh +++ b/auth/docker/agent.sh @@ -30,13 +30,13 @@ fi DOCKER=${DOCKER:=docker} CADI_VERSION=${CADI_VERSION:=2.1.10-SNAPSHOT} -for V in VERSION DOCKER_REPOSITORY HOSTNAME AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do +for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do if [ "$(grep $V ./aaf.props)" = "" ]; then unset DEF case $V in DOCKER_REPOSITORY) PROMPT="Docker Repo" - DEF="" + DEF="nexus3.onap.org:10003" ;; HOSTNAME) PROMPT="HOSTNAME (blank for Default)" @@ -47,12 +47,25 @@ for V in VERSION DOCKER_REPOSITORY HOSTNAME AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_ AAF_FQDN_IP) # Need AAF_FQDN's IP, because not might not be available in mini-container PROMPT="AAF FQDN IP" - DEF=$(host $AAF_FQDN | grep "has address" | tail -1 | cut -f 4 -d ' ') + LOOKUP=$(host "${AAF_FQDN}" | grep "has address") + if [ -n "${LOOKUP}" ]; then + DEF=$(echo ${LOOKUP} | tail -1 | cut -f 4 -d ' ') + fi ;; - APP_FQI) PROMPT="App's FQI";; - APP_FQDN) PROMPT="App's Root FQDN";; - VOLUME) PROMPT="APP's AAF Configuration Volume";; + APP_FQDN) PROMPT="App's Root FQDN";; + APP_FQI) PROMPT="App's FQI" + if [[ "${APP_FQDN}" != *"."* ]]; then + DEF="${APP_FQDN}@${APP_FQDN}.onap.org" + fi + ;; + VOLUME) PROMPT="APP's AAF Configuration Volume" + if [[ "${APP_FQDN}" != *"."* ]]; then + DEF="${APP_FQDN}_config" + fi + ;; DRIVER) PROMPT=$V;DEF=local;; + CONTAINER_NS) + PROMPT=$V;DEF=onap;; VERSION) PROMPT="CADI Version";DEF=$CADI_VERSION;; LATITUDE|LONGITUDE) PROMPT="$V of Node";; *) PROMPT=$V;; @@ -74,6 +87,7 @@ for V in VERSION DOCKER_REPOSITORY HOSTNAME AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_ fi fi echo "$V=$VAR" >> ./aaf.props + declare "$V"="$VAR" fi done . ./aaf.props @@ -90,9 +104,12 @@ else PREFIX="" fi -$DOCKER run \ - -it \ - --rm \ +function run_it() { + if [ -n "${DUSER}" ]; then + USER_LINE="--user ${DUSER}" + fi + $DOCKER run -it --rm \ + ${USER_LINE} \ -v "${VOLUME}:/opt/app/osaaf" \ --add-host="$AAF_FQDN:$AAF_FQDN_IP" \ --env AAF_FQDN=${AAF_FQDN} \ @@ -102,6 +119,23 @@ $DOCKER run \ --env APP_FQDN=${APP_FQDN} \ --env LATITUDE=${LATITUDE} \ --env LONGITUDE=${LONGITUDE} \ - --name aaf_agent_$USER \ + --env aaf_locator_container_ns=${CONTAINER_NS} \ + --name aaf-agent-$USER \ "$PREFIX"onap/aaf/aaf_agent:$VERSION \ - /bin/bash "$@" + bash -c "bash /opt/app/aaf_config/bin/agent.sh $PARAMS" +} + +PARAMS=$@ +case "$1" in + bash) + PARAMS="&& cd /opt/app/osaaf/local && exec bash" + run_it -it --rm + ;; + taillog) + run_it -it --rm + ;; + *) + run_it --rm + ;; +esac + diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init index c406b81c..bc5d3583 100644 --- a/auth/docker/d.props.init +++ b/auth/docker/d.props.init @@ -26,6 +26,7 @@ CONF_ROOT_DIR=/opt/app/osaaf # For local builds, set PREFIX= PREFIX="$DOCKER_REPOSITORY/" NAMESPACE=onap +DUSER=aaf # HOSTNAME=aaf.osaaf.org @@ -38,7 +39,6 @@ LONGITUDE= CADI_X509_ISSUERS="CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US" AAF_INITIAL_X509_P12= AAF_INITIAL_X509_PASSWORD= -CADI_X509_ISSUERS= # CA info (leave blank unless functioning as CA) CM_CA_LOCAL= diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 924feea0..3f9bfdaf 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -38,6 +38,7 @@ cd - # AAF Base version - set the core image, etc sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ Dockerfile.base > Dockerfile $DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} . $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION} @@ -47,6 +48,7 @@ rm Dockerfile # Create the AAF Config (Security) Images cd .. cp auth-cmd/target/aaf-auth-cmd-$VERSION-full.jar sample/bin +cp auth-batch/target/aaf-auth-batch-$VERSION-full.jar sample/bin cp -Rf ../conf/CA sample @@ -54,6 +56,7 @@ cp -Rf ../conf/CA sample sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ docker/Dockerfile.config > sample/Dockerfile $DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION} @@ -64,13 +67,14 @@ cp ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar s sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ docker/Dockerfile.client > sample/Dockerfile $DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION} $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest # Clean up -rm sample/Dockerfile sample/bin/aaf-auth-cmd-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar +rm sample/Dockerfile sample/bin/aaf-*-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar rm -Rf sample/CA cd - @@ -81,6 +85,7 @@ echo Building aaf_$AAF_COMPONENT... sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ Dockerfile.core >../aaf_${VERSION}/Dockerfile cd .. $DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_${VERSION} @@ -104,6 +109,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ Dockerfile.ms >../aaf_${VERSION}/Dockerfile cd .. $DOCKER build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 32660760..994bb556 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -91,14 +91,21 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do #ADD_HOST="$ADD_HOST --add-host=$CASS_HOST" #fi #--hostname="${AAF_COMPONENT}.${NAMESPACE}" \ + # --env aaf_locate_url=https://aaf-locate:8095 \ # $ADD_HOST \ + if [ -n "${DUSER}" ]; then + THE_USER="--user $DUSER" + fi $DOCKER run \ -d \ + ${THE_USER} \ --name aaf-$AAF_COMPONENT \ ${LINKS} \ --env AAF_ENV=${AAF_ENV} \ --env aaf_locator_container=docker \ - --env aaf_locator_fqdn=$HOSTNAME \ + --env aaf_locator_container_ns=${NAMESPACE} \ + --env aaf_locator_fqdn=${HOSTNAME} \ + --env aaf_locator_public_hostname=${HOSTNAME} \ --env LATITUDE=${LATITUDE} \ --env LONGITUDE=${LONGITUDE} \ --env CASSANDRA_CLUSTER=${CASSANDRA_CLUSTER} \ diff --git a/auth/docker/dstop.sh b/auth/docker/dstop.sh index 256385d5..fce79226 100644 --- a/auth/docker/dstop.sh +++ b/auth/docker/dstop.sh @@ -23,7 +23,9 @@ DOCKER=${DOCKER:=docker} if [ "$1" == "" ]; then - AAF_COMPONENTS=$(tail -r components) + for C in $(cat components); do + AAF_COMPONENTS="$C $AAF_COMPONENTS" + done else AAF_COMPONENTS="$@" fi |