From 11687d2f164326e65b2d038563bc9dcda5e42acc Mon Sep 17 00:00:00 2001 From: "Singal, Kapil (ks220y)" Date: Fri, 19 Mar 2021 15:08:22 -0400 Subject: Fixing DockerFile to avoid IOException chown on /opt isn't enough as files/directory permissions needs change so that onap user can access to execute Even if chown onap:onap was done, it was failing to create/run script due to permission issues Adding noCache to docker-maven-plugin so that it won't pick cached layers Issue-ID: CCSDK-3224 Signed-off-by: Singal, Kapil (ks220y) Change-Id: Idf56465eff6fa42b523bccfca56f84e93496a8d2 --- ms/blueprintsprocessor/application/pom.xml | 1 + .../application/src/main/docker/Dockerfile | 27 +++++++++++++++------- ms/command-executor/pom.xml | 1 + ms/command-executor/src/main/docker/Dockerfile | 22 ++++++++---------- ms/py-executor/docker/Dockerfile | 22 ++++++++---------- ms/py-executor/pom.xml | 3 ++- ms/sdclistener/distribution/pom.xml | 1 + .../distribution/src/main/docker/Dockerfile | 21 +++++++++++++---- 8 files changed, 61 insertions(+), 37 deletions(-) (limited to 'ms') diff --git a/ms/blueprintsprocessor/application/pom.xml b/ms/blueprintsprocessor/application/pom.xml index db3bb949a..701d8139b 100755 --- a/ms/blueprintsprocessor/application/pom.xml +++ b/ms/blueprintsprocessor/application/pom.xml @@ -406,6 +406,7 @@ ${image.name} try + true ${basedir}/target/docker-stage ${project.docker.latestminortag.version} diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile index 876bc35de..d4b403e7c 100755 --- a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile +++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile @@ -1,8 +1,11 @@ -FROM onap/ccsdk-alpine-j11-image:1.1.0 - +# Prepare stage for multistage image build +## START OF STAGE0 ## +FROM onap/ccsdk-alpine-j11-image:1.1.2 AS stage0 USER root + # add entrypoint -COPY startService.sh /opt/app/onap/blueprints-processor/startService.sh +COPY *.sh /opt/app/onap/blueprints-processor/ + # add application COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz @@ -10,12 +13,20 @@ RUN tar -xzf /source.tar.gz -C /tmp \ && cp -rf /tmp/@project.build.finalName@/opt / \ && rm -rf /source.tar.gz \ && rm -rf /tmp/@project.build.finalName@ \ - && touch /velocity.log \ - && chown onap:onap /velocity.log \ - && chmod 755 /velocity.log \ && mkdir -p /opt/app/onap/blueprints/deploy \ - && chown onap:onap /opt -R \ - && chmod 755 /opt/app/onap/blueprints-processor/startService.sh + && touch /velocity.log \ + && chown -R onap:onap /opt /velocity.log \ + && chmod -R 755 /opt /velocity.log + +## END OF STAGE0 ## + + +## This will create actual image +FROM onap/ccsdk-alpine-j11-image:1.1.2 +USER root + +COPY --from=stage0 /opt /opt +COPY --from=stage0 /velocity.log /velocity.log USER onap ENTRYPOINT [ "/opt/app/onap/blueprints-processor/startService.sh" ] diff --git a/ms/command-executor/pom.xml b/ms/command-executor/pom.xml index fbdd38639..82998aa39 100755 --- a/ms/command-executor/pom.xml +++ b/ms/command-executor/pom.xml @@ -118,6 +118,7 @@ ${image.name} try + true ${basedir}/target/docker-stage ${project.docker.latestminortag.version} diff --git a/ms/command-executor/src/main/docker/Dockerfile b/ms/command-executor/src/main/docker/Dockerfile index dcb8afb17..3ac758f05 100644 --- a/ms/command-executor/src/main/docker/Dockerfile +++ b/ms/command-executor/src/main/docker/Dockerfile @@ -1,26 +1,24 @@ FROM python:3.7-slim - USER root -RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log # add entrypoint -COPY start.sh /opt/app/onap/command-executor/start.sh +COPY *.sh /opt/app/onap/command-executor/ + # add application COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz RUN tar -xzf /source.tar.gz -C /tmp \ - && cp -rf /tmp/@project.build.finalName@/opt / \ - && rm -rf /source.tar.gz \ - && rm -rf /tmp/@project.build.finalName@ \ - && mkdir -p /opt/app/onap/blueprints/deploy \ - && chmod 755 /opt/app/onap/command-executor/start.sh - -VOLUME /opt/app/onap/blueprints/deploy/ + && cp -rf /tmp/@project.build.finalName@/opt / \ + && rm -rf /source.tar.gz \ + && rm -rf /tmp/@project.build.finalName@ \ + && groupadd -r -g 1000 onap && useradd -r -u 1000 -g onap onap \ + && mkdir -p /opt/app/onap/blueprints/deploy /opt/app/onap/logs \ + && touch /opt/app/onap/logs/application.log \ + && chown -R onap:onap /opt \ + && chmod -R 755 /opt RUN python -m pip install --no-cache-dir --upgrade pip setuptools RUN pip install --no-cache-dir grpcio==1.20.0 grpcio-tools==1.20.0 virtualenv==16.7.9 -RUN groupadd -r -g 1000 onap && useradd -r -u 1000 -g onap onap -RUN chown onap:onap /opt -R USER onap ENTRYPOINT /opt/app/onap/command-executor/start.sh diff --git a/ms/py-executor/docker/Dockerfile b/ms/py-executor/docker/Dockerfile index 26f84afbd..74e6f5f0b 100644 --- a/ms/py-executor/docker/Dockerfile +++ b/ms/py-executor/docker/Dockerfile @@ -1,26 +1,24 @@ FROM python:3.7-slim - USER root -RUN mkdir -p /opt/app/onap/logs/ && touch /opt/app/onap/logs/application.log # add entrypoint -COPY start.sh /opt/app/onap/py-executor/start.sh +COPY *.sh /opt/app/onap/py-executor/ + # add application COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz RUN tar -xzf /source.tar.gz -C /tmp \ - && cp -rf /tmp/@project.build.finalName@/opt / \ - && rm -rf /source.tar.gz \ - && rm -rf /tmp/@project.build.finalName@ \ - && mkdir -p /opt/app/onap/blueprints/deploy \ - && chmod 755 /opt/app/onap/py-executor/start.sh - -VOLUME /opt/app/onap/blueprints/deploy/ + && cp -rf /tmp/@project.build.finalName@/opt / \ + && rm -rf /source.tar.gz \ + && rm -rf /tmp/@project.build.finalName@ \ + && groupadd -r -g 1000 onap && useradd -r -u 1000 -g onap onap \ + && mkdir -p /opt/app/onap/blueprints/deploy /opt/app/onap/logs \ + && touch /opt/app/onap/logs/application.log \ + && chown -R onap:onap /opt \ + && chmod -R 755 /opt RUN python -m pip install --no-cache-dir --upgrade pip setuptools RUN pip install --no-cache-dir -r /opt/app/onap/python/requirements/docker.txt -RUN groupadd -r -g 1000 onap && useradd -r -u 1000 -g onap onap -RUN chown onap:onap /opt -R USER onap ENTRYPOINT /opt/app/onap/py-executor/start.sh diff --git a/ms/py-executor/pom.xml b/ms/py-executor/pom.xml index 6efb57daf..a39767b35 100644 --- a/ms/py-executor/pom.xml +++ b/ms/py-executor/pom.xml @@ -26,7 +26,7 @@ py-executor - MS Python Script Executor + MS Python Executor Micro-service providing python environment with gRPC binding for python script execution @@ -117,6 +117,7 @@ ${image.name} try + true ${basedir}/target/docker-stage ${project.docker.latestminortag.version} diff --git a/ms/sdclistener/distribution/pom.xml b/ms/sdclistener/distribution/pom.xml index dd0396a22..1f3c6b610 100755 --- a/ms/sdclistener/distribution/pom.xml +++ b/ms/sdclistener/distribution/pom.xml @@ -144,6 +144,7 @@ ${image.name} try + true ${basedir}/target/docker-stage ${project.docker.latestminortag.version} diff --git a/ms/sdclistener/distribution/src/main/docker/Dockerfile b/ms/sdclistener/distribution/src/main/docker/Dockerfile index b9c61090d..3b5dc4f5b 100755 --- a/ms/sdclistener/distribution/src/main/docker/Dockerfile +++ b/ms/sdclistener/distribution/src/main/docker/Dockerfile @@ -1,8 +1,12 @@ -FROM onap/ccsdk-alpine-j11-image:1.1.0 +# Prepare stage for multistage image build +## START OF STAGE0 ## +FROM onap/ccsdk-alpine-j11-image:1.1.2 AS stage0 USER root + # add entrypoint -COPY startService.sh /opt/app/onap/sdc-listener/startService.sh +COPY *.sh /opt/app/onap/sdc-listener/ + # add application COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz @@ -11,8 +15,17 @@ RUN tar -xzf /source.tar.gz -C /tmp \ && rm -rf /source.tar.gz \ && rm -rf /tmp/@project.build.finalName@ \ && mkdir -p /opt/app/onap/cds-sdc-listener \ - && chown onap:onap /opt -R \ - && chmod 755 /opt/app/onap/sdc-listener/startService.sh + && chown -R onap:onap /opt \ + && chmod -R 755 /opt + +## END OF STAGE0 ## + + +## This will create actual image +FROM onap/ccsdk-alpine-j11-image:1.1.2 +USER root + +COPY --from=stage0 /opt /opt USER onap ENTRYPOINT /opt/app/onap/sdc-listener/startService.sh -- cgit 1.2.3-korg