From 48bcfb9d4b03ac3e2e6915f7bdf72599c8794d43 Mon Sep 17 00:00:00 2001 From: ChrisC Date: Tue, 17 Mar 2020 14:23:42 +0100 Subject: AAF non-root update AAF service dockerfiles to run as user AAF, reusing existing script infra Issue-ID: AAF-1102 Signed-off-by: ChrisC , JulienBe Change-Id: I2d9feef65a98d4545e407825533cd1741f891b45 --- auth/auth-cass/cass_init/cmd.sh | 13 +++++++------ auth/auth-cass/cass_init/restore.sh | 2 +- auth/auth-cass/docker/Dockerfile.cass | 13 +++++++++---- auth/auth-cass/docker/dbuild.sh | 4 ++-- auth/auth-cass/docker/dcqlsh.sh | 2 +- 5 files changed, 20 insertions(+), 14 deletions(-) (limited to 'auth/auth-cass') diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh index 7569440f..f605a472 100644 --- a/auth/auth-cass/cass_init/cmd.sh +++ b/auth/auth-cass/cass_init/cmd.sh @@ -24,6 +24,7 @@ DIR="/opt/app/aaf/status" INSTALLED_VERSION=/var/lib/cassandra/AAF_VERSION AAF_INIT_DATA=/var/lib/cassandra/AAF_INIT_DATA +CQLSH=${CQLSH:=/opt/cassandra/bin/cqlsh} if [ ! -e /aaf_cmd ]; then ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd @@ -71,7 +72,7 @@ function wait_start { function wait_cql { status wait for keyspace to be initialized for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do - if [ -n "$(cqlsh -e 'describe keyspaces' | grep authz)" ]; then + if [ -n "$($CQLSH -e 'describe keyspaces' | grep authz)" ]; then break else echo "Waiting for Keyspaces to be loaded... Sleep 10" @@ -96,11 +97,11 @@ function wait_ready { function install_cql { wait_start cassandra responsive # Now, make sure data exists - if [ ! -e $INSTALLED_VERSION ] && [ -n "$(cqlsh -e 'describe keyspaces' | grep authz)" ]; then - cqlsh --request-timeout=60 -e 'DROP KEYSPACE authz' + if [ ! -e $INSTALLED_VERSION ] && [ -n "$($CQLSH -e 'describe keyspaces' | grep authz)" ]; then + $CQLSH --request-timeout=60 -e 'DROP KEYSPACE authz' fi - if [ -z "`cqlsh --request-timeout 60 -e 'describe keyspaces' | grep authz`" ]; then + if [ -z "$($CQLSH --request-timeout 60 -e 'describe keyspaces' | grep authz)" ]; then status install echo "Initializing Cassandra DB" echo "Docker Installed Basic Cassandra on aaf.cass. Executing the following " @@ -109,10 +110,10 @@ function install_cql { echo " cd /opt/app/aaf/cass_init" cd /opt/app/aaf/cass_init echo " cqlsh -f keyspace.cql" - cqlsh --request-timeout=100 -f keyspace.cql + $CQLSH --request-timeout=100 -f keyspace.cql status keyspace installed echo " cqlsh -f init.cql" - cqlsh --request-timeout=100 -f init.cql + $CQLSH --request-timeout=100 -f init.cql status data initialized echo "" echo "The following will give you a temporary identity with which to start working, or emergency" diff --git a/auth/auth-cass/cass_init/restore.sh b/auth/auth-cass/cass_init/restore.sh index abc6a7cc..ba2c49eb 100644 --- a/auth/auth-cass/cass_init/restore.sh +++ b/auth/auth-cass/cass_init/restore.sh @@ -4,7 +4,7 @@ echo `date` ENV=DOCKER -CQLSH="cqlsh -k authz" +CQLSH="${CQLSH:=/opt/cassandra/bin/cqlsh} -k authz" cd dats if [ "$*" = "" ]; then diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass index 0f12d8c8..5d9c3db9 100644 --- a/auth/auth-cass/docker/Dockerfile.cass +++ b/auth/auth-cass/docker/Dockerfile.cass @@ -32,11 +32,16 @@ COPY aaf-auth-batch-*-full.jar /opt/app/aaf/cass_init/ COPY cass_data/*.dat /opt/app/aaf/cass_init/dats/ COPY sample.identities.dat /opt/app/aaf/cass_init/data/identites.dat -RUN mkdir -p /opt/app/aaf/status && chmod 777 /opt/app/aaf/status && \ - addgroup ${USER} && adduser --no-create-home --ingroup ${USER} --disabled-password --gecos "" --shell /bin/bash ${USER} && \ - chown -R ${USER}:${USER} /opt/app/aaf/cass_init - +RUN mkdir -p /opt/app/aaf/status &&\ + chmod 777 /opt/app/aaf/status && \ + addgroup ${DUSER} && adduser --ingroup cassandra --disabled-password --gecos "" --shell /bin/bash ${DUSER} && \ + chown -R ${DUSER}:cassandra /opt/app/aaf/cass_init &&\ + chown -R ${DUSER}:cassandra /etc/cassandra &&\ + mkdir -p /var/lib/cassandra/data && chown -R ${DUSER}:cassandra /var/lib/cassandra &&\ + chown -R ${DUSER}:cassandra /var/log/cassandra &&\ + ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd && chmod a+x /aaf_cmd +USER ${DUSER} ENTRYPOINT ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh"] CMD ["start"] # Default is to start up with CQL setup only diff --git a/auth/auth-cass/docker/dbuild.sh b/auth/auth-cass/docker/dbuild.sh index 7e2ac7c5..6a1ae1c1 100644 --- a/auth/auth-cass/docker/dbuild.sh +++ b/auth/auth-cass/docker/dbuild.sh @@ -25,7 +25,7 @@ if [ -e ../../docker/d.props ]; then . ../../docker/d.props fi DOCKER=${DOCKER:-docker} - + function SCP() { SANS=${1/-SNAPSHOT/} echo $1 = $SANS @@ -52,7 +52,7 @@ echo "$0: DOCKER_PULL_REGISTRY=${DOCKER_REGISTRY}" DIR=$(pwd) cd .. sed -e 's/${AAF_VERSION}/'${VERSION/-SNAPSHOT/}'/g' \ - -e 's/${USER}/'${USER}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \ $DIR/Dockerfile.cass > Dockerfile cd .. diff --git a/auth/auth-cass/docker/dcqlsh.sh b/auth/auth-cass/docker/dcqlsh.sh index 2518eb90..c8708d75 100644 --- a/auth/auth-cass/docker/dcqlsh.sh +++ b/auth/auth-cass/docker/dcqlsh.sh @@ -22,5 +22,5 @@ if [ -e ../../docker/d.props ]; then . ../../docker/d.props fi -${DOCKER:=docker} exec -it aaf-cass /usr/bin/cqlsh -k authz +${DOCKER:=docker} exec -it aaf-cass ${CQLSH:=/usr/bin/cqlsh} -k authz -- cgit 1.2.3-korg