diff options
author | Andrew Gauld <agauld@att.com> | 2020-03-27 15:30:36 +0000 |
---|---|---|
committer | Andrew Gauld <agauld@att.com> | 2020-03-27 15:42:57 +0000 |
commit | f6a8a8322d09d5f6012167d298dea6f0471cb82c (patch) | |
tree | 0b54d532635e0657db3fc05cb46e2529b92d1ee2 | |
parent | 715442db4147980f3fb17a240a396a8e826f0f04 (diff) |
Images updated and the new versions are:
adapter.acumos:1.0.2
mod.distributorapi:1.0.1
mod.onboardingapi:2.12.1
mod.designtool-web:1.0.2
mod.genprocessor-job:1.0.1
mod.genprocessor-http:1.0.1
mod.runtime-web:1.0.2
Note: image names all start with "onap/org.onap.dcaegen2.platform."
designtool-web was already running as a non-root user. The others have been
changed to create user "dcaemod" and run as that user.
The listen port numbers on mod.distributorapi, mod.onboardingapi, and
mod.genprocessor-http are changed from 80 to 8080.
URLs in designtool-web, distributorapi, and genprocessor-job are adjusted
to reflect the new port numbers.
Change-Id: I510122952666c21cb92f3f64552e99d50af7c355
Issue-ID: DCAEGEN2-2170
Signed-off-by: Andrew Gauld <agauld@att.com>
-rw-r--r-- | adapter/acumos/Changelog.md | 2 | ||||
-rw-r--r-- | adapter/acumos/Dockerfile | 7 | ||||
-rw-r--r-- | adapter/acumos/README.md | 2 | ||||
-rw-r--r-- | adapter/acumos/aoconversion/scanner.py | 4 | ||||
-rw-r--r-- | adapter/acumos/pom.xml | 2 | ||||
-rw-r--r-- | adapter/acumos/setup.py | 2 | ||||
-rw-r--r-- | mod/designtool/designtool-web/pom.xml | 3 | ||||
-rwxr-xr-x | mod/designtool/designtool-web/sh/start.sh | 11 | ||||
-rw-r--r-- | mod/distributorapi/Changelog.md | 10 | ||||
-rw-r--r-- | mod/distributorapi/Dockerfile | 9 | ||||
-rw-r--r-- | mod/distributorapi/distributor/config.py | 2 | ||||
-rw-r--r-- | mod/distributorapi/distributor/http.py | 2 | ||||
-rw-r--r-- | mod/distributorapi/distributor/version.py | 2 | ||||
-rw-r--r-- | mod/distributorapi/pom.xml | 2 | ||||
-rw-r--r-- | mod/genprocessor/nginx.conf | 2 | ||||
-rw-r--r-- | mod/genprocessor/pom.xml | 12 | ||||
-rw-r--r-- | mod/onboardingapi/ChangeLog.md | 4 | ||||
-rw-r--r-- | mod/onboardingapi/Dockerfile | 18 | ||||
-rw-r--r-- | mod/onboardingapi/dcae_cli/_version.py | 2 | ||||
-rw-r--r-- | mod/onboardingapi/dcae_cli/http.py | 2 | ||||
-rw-r--r-- | mod/onboardingapi/pom.xml | 2 | ||||
-rwxr-xr-x | mod/onboardingapi/start.sh | 1 | ||||
-rw-r--r-- | mod/runtimeapi/runtime-web/pom.xml | 6 |
23 files changed, 74 insertions, 35 deletions
diff --git a/adapter/acumos/Changelog.md b/adapter/acumos/Changelog.md index e900ad7..55bafa8 100644 --- a/adapter/acumos/Changelog.md +++ b/adapter/acumos/Changelog.md @@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.0.2] - 3/26/2020 + * Run as non-root ## [1.0.1] - 3/20/2020 * Adjust URL paths for consistency with DCAE GEN design tool ## [1.0.0] - 11/13/2019 diff --git a/adapter/acumos/Dockerfile b/adapter/acumos/Dockerfile index 7ec9656..d1a0984 100644 --- a/adapter/acumos/Dockerfile +++ b/adapter/acumos/Dockerfile @@ -17,6 +17,8 @@ # ============LICENSE_END====================================================== FROM python:3.7 +ARG UID=1000 +ARG GID=1000 COPY setup.py /tmp/build/ COPY aoconversion/ /tmp/build/aoconversion/ RUN apt-get update && \ @@ -26,9 +28,12 @@ RUN apt-get update && \ cd /tmp/build/ && \ python setup.py install && \ cd / && \ - rm -rf /tmp/* + rm -rf /tmp/* && \ + groupadd -g $GID dcaemod && \ + useradd -s /bin/bash -u $UID -g $GID -m dcaemod EXPOSE 9000 ENV PYTHONUNBUFFERED TRUE +USER dcaemod ENTRYPOINT [ "/usr/local/bin/acumos-adapter" ] CMD [ "/run/config/config.yaml" ] diff --git a/adapter/acumos/README.md b/adapter/acumos/README.md index 55490ba..2de3845 100644 --- a/adapter/acumos/README.md +++ b/adapter/acumos/README.md @@ -56,7 +56,7 @@ This operates in 2 modes: Gateway of the ACUMOS instance. certfile - The file path for the PEM file containing the private key, etc. dockerhost - (optional) The URL for the docker host. By default, - unix:///var/run/docker.sock. + tcp://localhost:2375. dockerregistry - The host:port for the ONAP docker registry. dockeruser - The user ID for uploading images to the docker registry. dockerpass - The password for uploading images to the docker registry. diff --git a/adapter/acumos/aoconversion/scanner.py b/adapter/acumos/aoconversion/scanner.py index 41f18de..cf3ac79 100644 --- a/adapter/acumos/aoconversion/scanner.py +++ b/adapter/acumos/aoconversion/scanner.py @@ -47,7 +47,7 @@ class Config(object): Configuration parameters as attributes, make sure the required ones are there, populate defaults. """ - def __init__(self, dcaeurl, dcaeuser, onboardingurl, onboardinguser, onboardingpass, certfile, dockerregistry, dockeruser, dockerpass, acumosurl=None, interval=900, dockerhost='unix:///var/run/docker.sock', tmpdir='/var/tmp/aoadapter', certverify=True, catalogs=None, port=None, **extras): + def __init__(self, dcaeurl, dcaeuser, onboardingurl, onboardinguser, onboardingpass, certfile, dockerregistry, dockeruser, dockerpass, acumosurl=None, interval=900, dockerhost='tcp://localhost:2375', tmpdir='/var/tmp/aoadapter', certverify=True, catalogs=None, port=None, **extras): self.dcaeurl = dcaeurl self.dcaeuser = dcaeuser @@ -299,7 +299,7 @@ class Apihandler(BaseHTTPRequestHandler): else: solution = aa.jsonget('/solutions/{}', self.qparams['solutionId']) onboard(aa, callback, solution, self.qparams['revisionId']) - self.replyraw('OK', 'text/plain') + self.replyraw('OK'.encode('utf-8'), 'text/plain') return self.send_error(400) diff --git a/adapter/acumos/pom.xml b/adapter/acumos/pom.xml index 7d872ef..1ea941d 100644 --- a/adapter/acumos/pom.xml +++ b/adapter/acumos/pom.xml @@ -23,7 +23,7 @@ limitations under the License. <modelVersion>4.0.0</modelVersion> <groupId>org.onap.dcaegen2.platform.adapter</groupId> <artifactId>dcaegen2-platform-adapter-acumos</artifactId> - <version>1.0.1</version> + <version>1.0.2-SNAPSHOT</version> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <sonar.sources>.</sonar.sources> diff --git a/adapter/acumos/setup.py b/adapter/acumos/setup.py index 9001cd5..e833307 100644 --- a/adapter/acumos/setup.py +++ b/adapter/acumos/setup.py @@ -20,7 +20,7 @@ from setuptools import setup, find_packages setup( name="aoconversion", - version="1.0.1", + version="1.0.2", packages=find_packages(exclude=["tests.*", "tests"]), author="Tommy Carpenter, Andrew Gauld", author_email="tommy@research.att.com, agauld@att.com", diff --git a/mod/designtool/designtool-web/pom.xml b/mod/designtool/designtool-web/pom.xml index 8806964..fc24024 100644 --- a/mod/designtool/designtool-web/pom.xml +++ b/mod/designtool/designtool-web/pom.xml @@ -27,6 +27,7 @@ limitations under the License. <version>1.0.1-SNAPSHOT</version> </parent> <artifactId>designtool-web</artifactId> + <version>1.0.2-SNAPSHOT</version> <packaging>war</packaging> <name>dcaegen2-platform-mod-designtool-web</name> <properties> @@ -84,7 +85,7 @@ limitations under the License. <dependency> <groupId>org.onap.dcaegen2.platform.mod</groupId> <artifactId>nifi-war-to-jar</artifactId> - <version>${project.version}</version> + <version>1.0.1-SNAPSHOT</version> <scope>provided</scope> </dependency> <dependency> diff --git a/mod/designtool/designtool-web/sh/start.sh b/mod/designtool/designtool-web/sh/start.sh index 8658983..b0393de 100755 --- a/mod/designtool/designtool-web/sh/start.sh +++ b/mod/designtool/designtool-web/sh/start.sh @@ -51,16 +51,9 @@ prop_replace 'nifi.web.proxy.context.path' "${NIFI_WEB_PROXY_CO # replace value conditionally if the property name exists otherwise append if grep -q 'nifi.dcae.jars.index.url' $nifi_props_file then - prop_replace 'nifi.dcae.jars.index.url' "${NIFI_DCAE_JARS_INDEX_URL:-http://genprocessor-http/nifi-jars/}" + prop_replace 'nifi.dcae.jars.index.url' "${NIFI_DCAE_JARS_INDEX_URL:-http://genprocessor-http:8080/nifi-jars/}" else - prop_append 'nifi.dcae.jars.index.url' "${NIFI_DCAE_JARS_INDEX_URL:-http://genprocessor-http/nifi-jars/}" -fi - -if grep -q 'nifi.ui.dcae.distibutor.api.url' $nifi_props_file -then - prop_replace 'nifi.ui.dcae.distibutor.api.url' "${NIFI_DCAE_DISTRIBUTOR_API_URL:-http://distributor-api}" -else - prop_append 'nifi.ui.dcae.distibutor.api.url' "${NIFI_DCAE_DISTRIBUTOR_API_URL:-http://distributor-api}" + prop_append 'nifi.dcae.jars.index.url' "${NIFI_DCAE_JARS_INDEX_URL:-http://genprocessor-http:8080/nifi-jars/}" fi . "${scripts_dir}/update_cluster_state_management.sh" diff --git a/mod/distributorapi/Changelog.md b/mod/distributorapi/Changelog.md new file mode 100644 index 0000000..2e0327b --- /dev/null +++ b/mod/distributorapi/Changelog.md @@ -0,0 +1,10 @@ +# Change Log +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/) +and this project adheres to [Semantic Versioning](http://semver.org/). + +## [1.0.1] - 3/26/2020 + * Run as non-root +## [1.0.0] - 11/11/2019 + * Distributor API - initial version diff --git a/mod/distributorapi/Dockerfile b/mod/distributorapi/Dockerfile index cc10c68..f82607d 100644 --- a/mod/distributorapi/Dockerfile +++ b/mod/distributorapi/Dockerfile @@ -15,9 +15,14 @@ # ============LICENSE_END========================================================= FROM python:3.7-alpine +ARG UID=1000 +ARG GID=1000 COPY . /code WORKDIR /code -RUN pip install . -EXPOSE 80 +RUN pip install . && \ + addgroup -g $GID dcaemod && \ + adduser -s /bin/bash -u $UID -G dcaemod -D dcaemod +USER dcaemod +EXPOSE 8080 ENV DISTRIBUTOR_DEBUG=0 CMD start-distributor-api diff --git a/mod/distributorapi/distributor/config.py b/mod/distributorapi/distributor/config.py index 8d2cede..d83eee1 100644 --- a/mod/distributorapi/distributor/config.py +++ b/mod/distributorapi/distributor/config.py @@ -35,4 +35,4 @@ def init(): global onboarding_api_url onboarding_api_url = _grab_env("ONBOARDING_API_URL" - , default="http://onboarding-api/onboarding") + , default="http://onboarding-api:8080/onboarding") diff --git a/mod/distributorapi/distributor/http.py b/mod/distributorapi/distributor/http.py index 963a852..f1aa2fd 100644 --- a/mod/distributorapi/distributor/http.py +++ b/mod/distributorapi/distributor/http.py @@ -253,4 +253,4 @@ def start_http_server(): if is_debug(): _app.run(debug=True) else: - _app.run(host="0.0.0.0", port=80, debug=False) + _app.run(host="0.0.0.0", port=8080, debug=False) diff --git a/mod/distributorapi/distributor/version.py b/mod/distributorapi/distributor/version.py index 57c4da3..9da6f0f 100644 --- a/mod/distributorapi/distributor/version.py +++ b/mod/distributorapi/distributor/version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= -__version__ = "1.0.0" +__version__ = "1.0.1" diff --git a/mod/distributorapi/pom.xml b/mod/distributorapi/pom.xml index 3cfd949..45096b1 100644 --- a/mod/distributorapi/pom.xml +++ b/mod/distributorapi/pom.xml @@ -23,7 +23,7 @@ limitations under the License. <groupId>org.onap.dcaegen2.platform.mod</groupId> <artifactId>dcaegen2-platform-mod-distributorapi</artifactId> <!-- NOTE: Must keep this version synchronized with the version in distributor/version.py file --> - <version>1.0.0</version> + <version>1.0.1-SNAPSHOT</version> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <sonar.sources>.</sonar.sources> diff --git a/mod/genprocessor/nginx.conf b/mod/genprocessor/nginx.conf index bd53c07..b6bdb24 100644 --- a/mod/genprocessor/nginx.conf +++ b/mod/genprocessor/nginx.conf @@ -1,5 +1,5 @@ server { - listen 80; + listen 8080; server_name localhost; location / { diff --git a/mod/genprocessor/pom.xml b/mod/genprocessor/pom.xml index 6afc9de..ccc1ce3 100644 --- a/mod/genprocessor/pom.xml +++ b/mod/genprocessor/pom.xml @@ -26,7 +26,7 @@ limitations under the License. </parent> <groupId>org.onap.dcaegen2.platform.mod</groupId> <artifactId>genprocessor</artifactId> - <version>1.0.0</version> + <version>1.0.1-SNAPSHOT</version> <name>dcaegen2-platform-mod-genprocessor</name> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> @@ -139,6 +139,10 @@ limitations under the License. </files> </inline> </assembly> + <runCmds> + <runCmd>groupadd -g 1000 dcaemod && useradd --shell /bin/bash -u 1000 -g 1000 -m dcaemod</runCmd> + </runCmds> + <user>dcaemod</user> <entryPoint> <exec> <arg>nginx</arg> @@ -161,12 +165,16 @@ limitations under the License. <assembly> <descriptorRef>artifact-with-dependencies</descriptorRef> </assembly> + <runCmds> + <runCmd>groupadd -g 1000 dcaemod && useradd --shell /bin/bash -u 1000 -g 1000 -m dcaemod && mkdir -p /work && chown dcaemod:dcaemod /work</runCmd> + </runCmds> <workdir>/maven</workdir> <env> <GENPROC_WORKING_DIR>/work</GENPROC_WORKING_DIR> - <GENPROC_ONBOARDING_API_HOST>http://onboarding-api/onboarding</GENPROC_ONBOARDING_API_HOST> + <GENPROC_ONBOARDING_API_HOST>http://onboarding-api:8080/onboarding</GENPROC_ONBOARDING_API_HOST> <GENPROC_SLEEP_SEC>10</GENPROC_SLEEP_SEC> </env> + <user>dcaemod</user> <entryPoint> <exec> <arg>java</arg> diff --git a/mod/onboardingapi/ChangeLog.md b/mod/onboardingapi/ChangeLog.md index 21d0f0c..28578d2 100644 --- a/mod/onboardingapi/ChangeLog.md +++ b/mod/onboardingapi/ChangeLog.md @@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [2.12.1] + +* Run as non-root + ## [2.12.0] * Add HTTP support using Flask/flask-restplus diff --git a/mod/onboardingapi/Dockerfile b/mod/onboardingapi/Dockerfile index 606ca5b..2c3cd0d 100644 --- a/mod/onboardingapi/Dockerfile +++ b/mod/onboardingapi/Dockerfile @@ -1,12 +1,18 @@ FROM python:3.7-alpine -RUN apk update && \ - apk add --virtual build-deps gcc python-dev musl-dev && \ - apk add postgresql-dev bash +ARG UID=1000 +ARG GID=1000 + COPY . /code WORKDIR /code -RUN pip install . \ - && mkdir -p ~/.config/dcae-cli -EXPOSE 80 +RUN apk update && \ + apk add --virtual build-deps gcc python-dev musl-dev && \ + apk add postgresql-dev bash && \ + addgroup -g $GID dcaemod && \ + adduser -s /bin/bash -u $UID -G dcaemod -D dcaemod && \ + pip install . + +EXPOSE 8080 +USER dcaemod CMD /code/start.sh diff --git a/mod/onboardingapi/dcae_cli/_version.py b/mod/onboardingapi/dcae_cli/_version.py index e1ceca3..b61bd9a 100644 --- a/mod/onboardingapi/dcae_cli/_version.py +++ b/mod/onboardingapi/dcae_cli/_version.py @@ -19,4 +19,4 @@ # ECOMP is a trademark and service mark of AT&T Intellectual Property. # -*- coding: utf-8 -*- -__version__ = "2.12.0" +__version__ = "2.12.1" diff --git a/mod/onboardingapi/dcae_cli/http.py b/mod/onboardingapi/dcae_cli/http.py index 792cd7f..4d3ae0c 100644 --- a/mod/onboardingapi/dcae_cli/http.py +++ b/mod/onboardingapi/dcae_cli/http.py @@ -498,4 +498,4 @@ def start_http_server(catalog, debug=True): if debug: _app.run(debug=True) else: - _app.run(host="0.0.0.0", port=80, debug=False) + _app.run(host="0.0.0.0", port=8080, debug=False) diff --git a/mod/onboardingapi/pom.xml b/mod/onboardingapi/pom.xml index 588a9b2..be5e683 100644 --- a/mod/onboardingapi/pom.xml +++ b/mod/onboardingapi/pom.xml @@ -22,7 +22,7 @@ limitations under the License. <groupId>org.onap.dcaegen2.platform.mod</groupId> <artifactId>dcaegen2-platform-mod-onboardingapi</artifactId> <name>dcaegen2-platform-mod-onboardingapi</name> - <version>2.12.0</version> + <version>2.12.1-SNAPSHOT</version> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> diff --git a/mod/onboardingapi/start.sh b/mod/onboardingapi/start.sh index 6d7d9e5..a938c98 100755 --- a/mod/onboardingapi/start.sh +++ b/mod/onboardingapi/start.sh @@ -6,6 +6,7 @@ if [ -z $PG_CONN ]; then exit 1 fi +mkdir -p ~/.config/dcae-cli if [ ! -f ~/.config/dcae-cli/config.json ]; then echo "Creating dcae-cli config" # TODO: Make this into a variable that gets fed in via docker run diff --git a/mod/runtimeapi/runtime-web/pom.xml b/mod/runtimeapi/runtime-web/pom.xml index ff08ac1..4cc5a66 100644 --- a/mod/runtimeapi/runtime-web/pom.xml +++ b/mod/runtimeapi/runtime-web/pom.xml @@ -25,7 +25,7 @@ limitations under the License. <version>1.0.1</version> </parent> <artifactId>runtime-web</artifactId> - <version>1.0.1</version> + <version>1.0.2-SNAPSHOT</version> <packaging>jar</packaging> <name>runtime-web</name> <description>MOD Runtime Web Module</description> @@ -118,6 +118,9 @@ limitations under the License. <assembly> <descriptorRef>artifact</descriptorRef> </assembly> + <runCmds> + <runCmd>addgroup -g 1000 dcaemod && adduser -s /bin/bash -u 1000 -G dcaemod -D dcaemod</runCmd> + </runCmds> <workdir>/maven</workdir> <volumes> <volume>/tmp</volume> @@ -125,6 +128,7 @@ limitations under the License. <ports> <port>9090</port> </ports> + <user>dcaemod</user> <entryPoint> <exec> <arg>java</arg> |