From 02b1b37d795f0bccf4500e14de5586891e78d306 Mon Sep 17 00:00:00 2001 From: wr148d Date: Thu, 21 May 2020 13:58:30 -0400 Subject: Updated docker scripts to use aaiadmin user Issue-ID: AAI-2822 Change-Id: Ie1985e58230ebe53b6a961eed6bb9c9a7dbc6f20 Signed-off-by: wr148d --- aai-traversal/src/main/docker/Dockerfile | 12 +++++++++-- aai-traversal/src/main/docker/docker-entrypoint.sh | 25 ++++++---------------- 2 files changed, 16 insertions(+), 21 deletions(-) diff --git a/aai-traversal/src/main/docker/Dockerfile b/aai-traversal/src/main/docker/Dockerfile index 6ab1dd1..c8c346d 100644 --- a/aai-traversal/src/main/docker/Dockerfile +++ b/aai-traversal/src/main/docker/Dockerfile @@ -2,15 +2,23 @@ FROM @aai.docker.namespace@/aai-common-@aai.base.image@:@aai.base.image.version@ RUN mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-GQ -VOLUME /opt/aai/logroot/AAI-GQ VOLUME /tmp VOLUME /opt/tools HEALTHCHECK --interval=40s --timeout=10s --retries=3 CMD nc -z -v localhost 8446 || exit 1 +RUN groupadd aaiadmin -g 1000 + +RUN adduser -u 1000 -h /opt/aaihome/aaiadmin -S -D -G aaiadmin -s /bin/bash aaiadmin + # Add the proper files into the docker image from your build WORKDIR /opt/app/aai-traversal -COPY /maven/aai-traversal/ . + +RUN chown -R aaiadmin:aaiadmin /opt/app/aai-traversal /etc/profile.d /opt/aai/logroot/AAI-GQ /opt/app /opt/aai/logroot + +COPY --chown=aaiadmin:aaiadmin /maven/aai-traversal/ . + +USER aaiadmin ENV AAI_BUILD_VERSION @aai.docker.version@ # Expose the ports for outside linux to use diff --git a/aai-traversal/src/main/docker/docker-entrypoint.sh b/aai-traversal/src/main/docker/docker-entrypoint.sh index c4c4a03..7d3ca9a 100644 --- a/aai-traversal/src/main/docker/docker-entrypoint.sh +++ b/aai-traversal/src/main/docker/docker-entrypoint.sh @@ -26,24 +26,12 @@ export SERVER_PORT=${SERVER_PORT:-8446}; USER_ID=${LOCAL_USER_ID:-9001} GROUP_ID=${LOCAL_GROUP_ID:-9001} -if [ $(cat /etc/passwd | grep aaiadmin | wc -l) -eq 0 ]; then - groupadd aaiadmin -g ${GROUP_ID} || { - echo "Unable to create the group id for ${GROUP_ID}"; - exit 1; - } - useradd --shell=/bin/bash -u ${USER_ID} -g ${GROUP_ID} -o -c "" -m aaiadmin || { - echo "Unable to create the user id for ${USER_ID}"; - exit 1; - } -fi; - -chown -R aaiadmin:aaiadmin /opt/app /opt/aai/logroot find /opt/app/ -name "*.sh" -exec chmod +x {} + if [ -f ${APP_HOME}/aai.sh ]; then - gosu aaiadmin ln -s bin scripts - gosu aaiadmin ln -s /opt/aai/logroot/AAI-GQ logs + ln -s bin scripts + ln -s /opt/aai/logroot/AAI-GQ logs mv ${APP_HOME}/aai.sh /etc/profile.d/aai.sh chmod 755 /etc/profile.d/aai.sh @@ -54,7 +42,7 @@ if [ -f ${APP_HOME}/aai.sh ]; then if [ -f ${APP_HOME}/bin/${scriptName} ]; then shift 1; - gosu aaiadmin ${APP_HOME}/bin/${scriptName} "$@" || { + ${APP_HOME}/bin/${scriptName} "$@" || { echo "Failed to run the ${scriptName}"; exit 1; } @@ -69,12 +57,11 @@ fi; if [ -z ${DISABLE_UPDATE_QUERY} ]; then UPDATE_QUERY_RAN_FILE="updateQueryRan.txt"; - gosu aaiadmin /opt/app/aai-traversal/bin/install/updateQueryData.sh - gosu aaiadmin touch ${UPDATE_QUERY_RAN_FILE}; + /opt/app/aai-traversal/bin/install/updateQueryData.sh + touch ${UPDATE_QUERY_RAN_FILE}; fi mkdir -p /opt/app/aai-traversal/logs/gc -chown -R aaiadmin:aaiadmin /opt/app/aai-traversal/logs/gc if [ -f ${APP_HOME}/resources/aai-traversal-swm-vars.sh ]; then source ${APP_HOME}/resources/aai-traversal-swm-vars.sh; @@ -84,7 +71,7 @@ MIN_HEAP_SIZE=${MIN_HEAP_SIZE:-512m}; MAX_HEAP_SIZE=${MAX_HEAP_SIZE:-1024m}; MAX_METASPACE_SIZE=${MAX_METASPACE_SIZE:-512m}; -JAVA_CMD="exec gosu aaiadmin java"; +JAVA_CMD="exec java"; JVM_OPTS="${PRE_JVM_ARGS} -Xloggc:/opt/app/aai-traversal/logs/gc/aai_gc.log"; JVM_OPTS="${JVM_OPTS} -XX:HeapDumpPath=/opt/app/aai-traversal/logs/ajsc-jetty/heap-dump"; -- cgit 1.2.3-korg