diff options
| author |   RehanRaza <muhammad.rehan.raza@est.tech> | 2019-02-22 10:04:34 +0000 |
|---|---|---|
| committer | RehanRaza <muhammad.rehan.raza@est.tech> | 2019-02-22 10:04:34 +0000 |
| commit | 958f0b0896f0ee9e5876ef885bf2125dd4c2ad53 (patch) | |
| tree | 697465904eb3c37a328d667a5451f8ade9d29160 | |
| parent | 5997aece3946fff914c66d8c18b515cd25787e43 (diff) | |
Run DFC docker container as a non-root user
Change-Id: I82504ebebc8ddf48f6ee6b1c1dfbe433c60ab1aa
Issue-ID: DCAEGEN2-1269
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>
| -rw-r--r-- | datafile-app-server/config/application.yaml | 4 | ||||
| -rw-r--r-- | datafile-app-server/pom.xml | 35 | ||||
| -rw-r--r-- | datafile-app-server/src/main/resources/Dockerfile | 42 |
3 files changed, 54 insertions, 27 deletions
diff --git a/datafile-app-server/config/application.yaml b/datafile-app-server/config/application.yaml index b66f7b6e..f2538578 100644 --- a/datafile-app-server/config/application.yaml +++ b/datafile-app-server/config/application.yaml @@ -16,6 +16,6 @@ logging: org.springframework.data: ERROR org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR org.onap.dcaegen2.collectors.datafile: ERROR - file: opt/log/application.log + file: /var/log/ONAP/application.log app: - filepath: config/datafile_endpoints.json + filepath: /opt/app/datafile/config/datafile_endpoints.json diff --git a/datafile-app-server/pom.xml b/datafile-app-server/pom.xml index 90b6fea6..3ceccdbe 100644 --- a/datafile-app-server/pom.xml +++ b/datafile-app-server/pom.xml @@ -1,7 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- ~ ============LICENSE_START======================================================= - ~ Copyright (C) 2018 NOKIA Intellectual Property, 2018 Nordix Foundation. All rights reserved. + ~ Copyright (C) 2018 NOKIA Intellectual Property, 2018-2019 Nordix Foundation. All rights reserved. ~ ================================================================================ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. @@ -32,6 +32,7 @@ <packaging>jar</packaging> <properties> + <dockerfile.maven.version>1.4.10</dockerfile.maven.version> <docker.image.name>onap/${project.groupId}.${project.artifactId}</docker.image.name> <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format> </properties> @@ -54,31 +55,15 @@ </plugin> <plugin> <groupId>com.spotify</groupId> - <artifactId>docker-maven-plugin</artifactId> + <artifactId>dockerfile-maven-plugin</artifactId> + <version>${dockerfile.maven.version}</version> <configuration> - <serverId>${onap.nexus.dockerregistry.daily}</serverId> - <imageName>${docker.image.name}</imageName> - <imageTags> - <tag>latest</tag> - </imageTags> - <baseImage>openjdk:8-jre-alpine</baseImage> - <resources> - <resource> - <directory>${project.build.directory}</directory> - <include>${project.artifactId}.jar</include> - <targetPath>/target</targetPath> - </resource> - <resource> - <targetPath>/config</targetPath> - <directory>${project.basedir}/config</directory> - <include>*</include> - </resource> - </resources> - <exposes> - <expose>8100</expose> - <expose>8433</expose> - </exposes> - <cmd>["java", "-jar", "/target/${project.artifactId}.jar"]</cmd> + <repository>${onap.nexus.dockerregistry.daily}/${docker.image.name}</repository> + <tag>${project.version}</tag> + <dockerfile>${project.build.outputDirectory}/Dockerfile</dockerfile> + <buildArgs> + <JAR_FILE>${project.build.finalName}.jar</JAR_FILE> + </buildArgs> </configuration> <executions> <execution> diff --git a/datafile-app-server/src/main/resources/Dockerfile b/datafile-app-server/src/main/resources/Dockerfile new file mode 100644 index 00000000..1869d364 --- /dev/null +++ b/datafile-app-server/src/main/resources/Dockerfile @@ -0,0 +1,42 @@ +# +# ============LICENSE_START======================================================= +# Copyright (C) 2019 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# +FROM openjdk:8-jre-alpine + +WORKDIR /opt/app/datafile +RUN mkdir -p /var/log/ONAP + +ARG JAR_FILE +ADD /target/${JAR_FILE} /opt/app/datafile/datafile-app-server.jar + +ADD /config/application.yaml /opt/app/datafile/config/ +ADD /config/cacerts /opt/app/datafile/config/ +ADD /config/datafile_endpoints.json /opt/app/datafile/config/ +ADD /config/ftpKey.jks /opt/app/datafile/config/ +ADD /config/keystore /opt/app/datafile/config/ + +EXPOSE 8100 8433 + +RUN addgroup -S onap && adduser -S datafile -G onap +RUN chown -R datafile:onap /opt/app/datafile +RUN chown -R datafile:onap /var/log/ONAP + +USER datafile + +ENTRYPOINT ["/usr/bin/java", "-jar", "/opt/app/datafile/datafile-app-server.jar"]
\ No newline at end of file |