aboutsummaryrefslogtreecommitdiffstats
path: root/aai-common-docker/aai-haproxy-image
diff options
context:
space:
mode:
Diffstat (limited to 'aai-common-docker/aai-haproxy-image')
-rw-r--r--aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile19
-rw-r--r--aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh8
2 files changed, 20 insertions, 7 deletions
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
index 3e04c92c..1508abca 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:1.7.10-alpine
+FROM haproxy:2.4.13-alpine
# For building the image in a proxy environment if necessary
ARG HTTP_PROXY
@@ -9,14 +9,17 @@ ENV HTTPS_PROXY ${HTTPS_PROXY}
ENV http_proxy ${HTTP_PROXY}
ENV https_proxy ${HTTPS_PROXY}
+# Added to execute commands which required root permission
+USER root
+
RUN apk add --no-cache \
ca-certificates \
curl \
+ bash \
+ socat \
openssl \
shadow \
util-linux && \
- groupadd haproxy -g 1000 && \
- adduser -u 1000 -S -D -G haproxy -s /bin/bash haproxy && \
chown -R haproxy:haproxy /usr/local/etc/haproxy
RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private
@@ -26,7 +29,15 @@ COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
-RUN chmod +x /docker-entrypoint.sh
+# Changing group and group permission to allow haproxy user to execute sed comamnd ot change files
+RUN chgrp haproxy /usr/local/etc/haproxy; \
+ chgrp haproxy /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
+
+RUN chmod +x /docker-entrypoint.sh; \
+ chmod g+wx /usr/local/etc/haproxy; \
+ chmod g+w /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
+
+# Reverting to haproxy use to not run the pod with root permissions
USER haproxy
ENTRYPOINT [ "/docker-entrypoint.sh" ]
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
index a56eea95..a8e521f1 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
@@ -14,9 +14,11 @@ sed -i 's/${ONAP_NAMESERVER_CLUSTER_IP}/'${NAMESERVER_IP}'/g' /usr/local/etc/hap
}
if [ "$1" = 'haproxy' ]; then
- # if the user wants "haproxy", let's use "haproxy-systemd-wrapper" instead so we can have proper reloadability implemented by upstream
- shift # "haproxy"
- set -- "$(which haproxy-systemd-wrapper)" -p /usr/local/etc/haproxy/haproxy.pid "$@"
+ shift # "haproxy"
+ # if the user wants "haproxy", let's add a couple useful flags
+ # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
+ # -db -- disables background mode
+ set -- haproxy -W -db "$@"
fi
exec "$@"