From 9e6101e4b225804fbe38f40ebd49516e5e10ecce Mon Sep 17 00:00:00 2001 From: Fiete Ostkamp Date: Tue, 2 Jul 2024 10:00:57 +0200 Subject: Use eclipse-temurin:8-jre-alpine docker base image in aai-traversal - replace aai-common base image with plain java 8 jre - remove custom folders and users to simplify setup - fix janino, guava and activemq vulnerabilities - remove apache httpclient, jsonassert, aaf-cadi and spring-test dependencies Issue-ID: AAI-3913 Change-Id: Icca637b5adb8e9a480912c4e2b7d9e83ee3e29ba Signed-off-by: Fiete Ostkamp --- aai-traversal/src/main/docker/Dockerfile | 32 +++++------------ aai-traversal/src/main/docker/aai.sh | 3 +- aai-traversal/src/main/docker/docker-entrypoint.sh | 41 ++-------------------- 3 files changed, 13 insertions(+), 63 deletions(-) (limited to 'aai-traversal/src/main/docker') diff --git a/aai-traversal/src/main/docker/Dockerfile b/aai-traversal/src/main/docker/Dockerfile index 0186e25..e17fa90 100644 --- a/aai-traversal/src/main/docker/Dockerfile +++ b/aai-traversal/src/main/docker/Dockerfile @@ -1,28 +1,14 @@ -FROM @aai.docker.namespace@/aai-common-@aai.base.image@:@aai.base.image.version@ +FROM eclipse-temurin:8-jre-alpine +# curl is used in the putTool script +# (PUT's can't be done using the busybox wget) +RUN apk --no-cache add curl -USER root +USER nobody +ENV SERVER_PORT=8446 +EXPOSE ${SERVER_PORT} -RUN mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-GQ \ - /opt/app/aai-traversal \ - && chown -R aaiadmin:aaiadmin /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-GQ \ - /opt/app/aai-traversal /etc/profile.d /opt/app /opt/aai/logroot \ - /etc/profile.d \ - /opt/app - -VOLUME /tmp -VOLUME /opt/tools - -HEALTHCHECK --interval=40s --timeout=10s --retries=3 CMD nc -z -v localhost 8446 || exit 1 - -# Add the proper files into the docker image from your build WORKDIR /opt/app/aai-traversal -COPY --chown=aaiadmin:aaiadmin /maven/aai-traversal/ . - -USER aaiadmin +COPY --chown=nobody:nobody /maven/aai-traversal/ . -ENV AAI_BUILD_VERSION @aai.docker.version@ -# Expose the ports for outside linux to use -# 8446 is the important one to be used -EXPOSE 8446 -ENTRYPOINT ["/bin/bash", "/opt/app/aai-traversal/docker-entrypoint.sh"] \ No newline at end of file +ENTRYPOINT ["/bin/sh", "/opt/app/aai-traversal/docker-entrypoint.sh"] diff --git a/aai-traversal/src/main/docker/aai.sh b/aai-traversal/src/main/docker/aai.sh index 8cda4f0..412586e 100644 --- a/aai-traversal/src/main/docker/aai.sh +++ b/aai-traversal/src/main/docker/aai.sh @@ -30,7 +30,8 @@ if [ -z $JAVA_HOME ] && [ $(grep -i "ID=ubuntu" /etc/os-release | wc -w) -eq 1 ] fi # set app related env -export PROJECT_HOME=/opt/app/aai-traversal +: ${PROJECT_HOME:=/opt/app/aai-traversal} +export PROJECT_HOME=$PROJECT_HOME export AAIENV=dev export PROJECT_OWNER=aaiadmin export PROJECT_GROUP=aaiadmin diff --git a/aai-traversal/src/main/docker/docker-entrypoint.sh b/aai-traversal/src/main/docker/docker-entrypoint.sh index 7d3ca9a..be29460 100644 --- a/aai-traversal/src/main/docker/docker-entrypoint.sh +++ b/aai-traversal/src/main/docker/docker-entrypoint.sh @@ -7,9 +7,9 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -28,45 +28,12 @@ GROUP_ID=${LOCAL_GROUP_ID:-9001} find /opt/app/ -name "*.sh" -exec chmod +x {} + -if [ -f ${APP_HOME}/aai.sh ]; then - - ln -s bin scripts - ln -s /opt/aai/logroot/AAI-GQ logs - mv ${APP_HOME}/aai.sh /etc/profile.d/aai.sh - - chmod 755 /etc/profile.d/aai.sh - - scriptName=$1; - - if [ ! -z $scriptName ]; then - - if [ -f ${APP_HOME}/bin/${scriptName} ]; then - shift 1; - ${APP_HOME}/bin/${scriptName} "$@" || { - echo "Failed to run the ${scriptName}"; - exit 1; - } - else - echo "Unable to find the script ${scriptName} in ${APP_HOME}/bin"; - exit 1; - fi; - - exit 0; - fi; -fi; - if [ -z ${DISABLE_UPDATE_QUERY} ]; then UPDATE_QUERY_RAN_FILE="updateQueryRan.txt"; /opt/app/aai-traversal/bin/install/updateQueryData.sh touch ${UPDATE_QUERY_RAN_FILE}; fi -mkdir -p /opt/app/aai-traversal/logs/gc - -if [ -f ${APP_HOME}/resources/aai-traversal-swm-vars.sh ]; then - source ${APP_HOME}/resources/aai-traversal-swm-vars.sh; -fi; - MIN_HEAP_SIZE=${MIN_HEAP_SIZE:-512m}; MAX_HEAP_SIZE=${MAX_HEAP_SIZE:-1024m}; MAX_METASPACE_SIZE=${MAX_METASPACE_SIZE:-512m}; @@ -105,10 +72,6 @@ JAVA_OPTS="${PRE_JAVA_OPTS} -DAJSC_HOME=$APP_HOME"; JAVA_OPTS="${JAVA_OPTS} -Dserver.port=${SERVER_PORT}"; JAVA_OPTS="${JAVA_OPTS} -DBUNDLECONFIG_DIR=./resources"; JAVA_OPTS="${JAVA_OPTS} -Dserver.local.startpath=${RESOURCES_HOME}"; -JAVA_OPTS="${JAVA_OPTS} -DAAI_CHEF_ENV=${AAI_CHEF_ENV}"; -JAVA_OPTS="${JAVA_OPTS} -DSCLD_ENV=${SCLD_ENV}"; -JAVA_OPTS="${JAVA_OPTS} -DAFT_ENVIRONMENT=${AFT_ENVIRONMENT}"; -JAVA_OPTS="${JAVA_OPTS} -DAAI_BUILD_VERSION=${AAI_BUILD_VERSION}"; JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"; JAVA_OPTS="${JAVA_OPTS} -Dlogback.configurationFile=./resources/logback.xml"; JAVA_OPTS="${JAVA_OPTS} -Dloader.path=$APP_HOME/resources"; -- cgit 1.2.3-korg