summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWilliam Reehil <william.reehil@att.com>2022-11-10 16:00:39 +0000
committerGerrit Code Review <gerrit@onap.org>2022-11-10 16:00:39 +0000
commit3824f66ae66823d5de0be9b49f5c85113d9e20e7 (patch)
tree3ed1952d4f5fa74705b69f8527a14bb0c2df02a0
parent8b504f6db32630ae4b6774efabc87ed76a950053 (diff)
parent5548a2a5b854e8c9bb9da308e5f6aced074a9927 (diff)
Merge "Configure AAI HA Proxy to distribute the load to multiple AAI service replicas. Added some useful tools for custom image of aai haproxy"
-rw-r--r--aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile19
-rw-r--r--aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh8
2 files changed, 20 insertions, 7 deletions
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
index 3e04c92c..1508abca 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:1.7.10-alpine
+FROM haproxy:2.4.13-alpine
# For building the image in a proxy environment if necessary
ARG HTTP_PROXY
@@ -9,14 +9,17 @@ ENV HTTPS_PROXY ${HTTPS_PROXY}
ENV http_proxy ${HTTP_PROXY}
ENV https_proxy ${HTTPS_PROXY}
+# Added to execute commands which required root permission
+USER root
+
RUN apk add --no-cache \
ca-certificates \
curl \
+ bash \
+ socat \
openssl \
shadow \
util-linux && \
- groupadd haproxy -g 1000 && \
- adduser -u 1000 -S -D -G haproxy -s /bin/bash haproxy && \
chown -R haproxy:haproxy /usr/local/etc/haproxy
RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private
@@ -26,7 +29,15 @@ COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
-RUN chmod +x /docker-entrypoint.sh
+# Changing group and group permission to allow haproxy user to execute sed comamnd ot change files
+RUN chgrp haproxy /usr/local/etc/haproxy; \
+ chgrp haproxy /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
+
+RUN chmod +x /docker-entrypoint.sh; \
+ chmod g+wx /usr/local/etc/haproxy; \
+ chmod g+w /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
+
+# Reverting to haproxy use to not run the pod with root permissions
USER haproxy
ENTRYPOINT [ "/docker-entrypoint.sh" ]
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
index a56eea95..a8e521f1 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
@@ -14,9 +14,11 @@ sed -i 's/${ONAP_NAMESERVER_CLUSTER_IP}/'${NAMESERVER_IP}'/g' /usr/local/etc/hap
}
if [ "$1" = 'haproxy' ]; then
- # if the user wants "haproxy", let's use "haproxy-systemd-wrapper" instead so we can have proper reloadability implemented by upstream
- shift # "haproxy"
- set -- "$(which haproxy-systemd-wrapper)" -p /usr/local/etc/haproxy/haproxy.pid "$@"
+ shift # "haproxy"
+ # if the user wants "haproxy", let's add a couple useful flags
+ # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
+ # -db -- disables background mode
+ set -- haproxy -W -db "$@"
fi
exec "$@"