diff options
author | Kate Hsuan <kate.hsuan@qct.io> | 2020-03-27 06:49:15 +0000 |
---|---|---|
committer | Kate Hsuan <kate.hsuan@qct.io> | 2020-03-27 06:49:15 +0000 |
commit | f32825f5f5cc5944b3108b1cf5c3e49476e72f1c (patch) | |
tree | c3d764811761f5c5e4e9b591bb2948ac05b4890d /components | |
parent | 551cc5be912bb377931d3e38d41af11d53bf0e63 (diff) |
Avoid running as root.
Issue-ID: DCAEGEN2-2171
Signed-off-by: Kate Hsuan <kate.hsuan@qct.io>
Change-Id: If4594ee7079532ae87ed4741db3cb6a53da23f34
Diffstat (limited to 'components')
-rw-r--r-- | components/datalake-handler/admin/Dockerfile | 29 | ||||
-rw-r--r-- | components/datalake-handler/admin/nginx/dl-admin-nginx.conf | 4 | ||||
-rw-r--r-- | components/datalake-handler/admin/nginx/nginx.conf | 36 | ||||
-rw-r--r-- | components/datalake-handler/admin/pom.xml | 2 | ||||
-rw-r--r-- | components/datalake-handler/collector/pom.xml | 2 | ||||
-rw-r--r-- | components/datalake-handler/feeder/Dockerfile | 2 | ||||
-rw-r--r-- | components/datalake-handler/feeder/pom.xml | 5 | ||||
-rw-r--r-- | components/datalake-handler/pom.xml | 2 | ||||
-rw-r--r-- | components/datalake-handler/version.properties | 2 |
9 files changed, 66 insertions, 18 deletions
diff --git a/components/datalake-handler/admin/Dockerfile b/components/datalake-handler/admin/Dockerfile index 38c50a65..2e6442ae 100644 --- a/components/datalake-handler/admin/Dockerfile +++ b/components/datalake-handler/admin/Dockerfile @@ -12,20 +12,29 @@ RUN npm install && \ FROM nginx:1.17.9 -RUN apt-get update && \ - apt-get install -y dnsmasq -RUN echo "\n\n# Docker extra config \nuser=root\naddn-hosts=/etc/hosts\n" >> /etc/dnsmasq.conf +RUN groupadd -r datalake && useradd -r -g datalake datalake COPY --from=builder /app/dist/* /usr/share/nginx/html/ COPY --from=builder /app/dl-admin-nginx.conf /etc/nginx/conf.d/default.conf +COPY --from=builder /app/nginx.conf /etc/nginx/nginx.conf -CMD echo "domain-needed" >> /etc/dnsmasq.conf && \ - echo "resolv-file=/etc/resolv.conf" >> /etc/dnsmasq.conf && \ - echo "expand-hosts" >> /etc/dnsmasq.conf && \ - echo "listen-address=127.0.0.1" >> /etc/dnsmasq.conf && \ - service dnsmasq restart && \ - echo set \$upstreamName http://dl-feeder.`grep search /etc/resolv.conf | awk {'print $2'}`:1680/datalake/v1\$1\$is_args\$args\; > /etc/nginx/upstream.conf && \ - nginx -g "daemon off;" +RUN chown -R datalake:datalake /etc/nginx +RUN chown -R datalake:datalake /var/cache/nginx + + +USER datalake + +#CMD echo "domain-needed" >> /etc/dnsmasq.conf && \ +# echo "resolv-file=/etc/resolv.conf" >> /etc/dnsmasq.conf && \ +# echo "expand-hosts" >> /etc/dnsmasq.conf && \ +# echo "listen-address=127.0.0.1" >> /etc/dnsmasq.conf && \ +# service dnsmasq restart && \ +# echo set \$upstreamName http://dl-feeder.`grep search /etc/resolv.conf | awk {'print $2'}`:1680/datalake/v1\$1\$is_args\$args\; > /etc/nginx/upstream.conf && \ +# nginx -g "daemon off;" + +CMD echo resolver `grep nameserver /etc/resolv.conf |awk {'print $2'}` valid=10s\; > /etc/nginx/resolver.conf && \ + echo set \$upstreamName http://dl-feeder.`grep search /etc/resolv.conf | awk {'print $2'}`:1680/datalake/v1\$1\$is_args\$args\; > /etc/nginx/upstream.conf && \ + nginx -g "daemon off;" #CMD ["sh", "-c", "tail -f /dev/null"] diff --git a/components/datalake-handler/admin/nginx/dl-admin-nginx.conf b/components/datalake-handler/admin/nginx/dl-admin-nginx.conf index b6caa609..4ffbdfd3 100644 --- a/components/datalake-handler/admin/nginx/dl-admin-nginx.conf +++ b/components/datalake-handler/admin/nginx/dl-admin-nginx.conf @@ -1,8 +1,8 @@ server { - listen 80; + listen 8088; root /usr/share/nginx/html; - resolver 127.0.0.1 valid=10s; + include /etc/nginx/resolver.conf; location ~/datalake/v1(.*)$ { #set $upstreamName http://dl_feeder:1680/datalake/v1$1; include /etc/nginx/upstream.conf; diff --git a/components/datalake-handler/admin/nginx/nginx.conf b/components/datalake-handler/admin/nginx/nginx.conf new file mode 100644 index 00000000..8613dff5 --- /dev/null +++ b/components/datalake-handler/admin/nginx/nginx.conf @@ -0,0 +1,36 @@ +user nginx; +worker_processes 1; + +error_log /tmp/error.log warn; +pid /tmp/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /tmp/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/components/datalake-handler/admin/pom.xml b/components/datalake-handler/admin/pom.xml index 5325ba9e..ff2044d5 100644 --- a/components/datalake-handler/admin/pom.xml +++ b/components/datalake-handler/admin/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>org.onap.dcaegen2.services.components</groupId> <artifactId>datalake-handler</artifactId> - <version>1.0.1-SNAPSHOT</version> + <version>1.0.2-SNAPSHOT</version> </parent> <groupId>org.onap.dcaegen2.services.components.datalake-handler</groupId> diff --git a/components/datalake-handler/collector/pom.xml b/components/datalake-handler/collector/pom.xml index a90b9dff..a9dad993 100644 --- a/components/datalake-handler/collector/pom.xml +++ b/components/datalake-handler/collector/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>org.onap.dcaegen2.services.components</groupId> <artifactId>datalake-handler</artifactId> - <version>1.0.1-SNAPSHOT</version> + <version>1.0.2-SNAPSHOT</version> </parent> <groupId>org.onap.dcaegen2.services.components.datalake-handler</groupId> diff --git a/components/datalake-handler/feeder/Dockerfile b/components/datalake-handler/feeder/Dockerfile index e2606352..b34834be 100644 --- a/components/datalake-handler/feeder/Dockerfile +++ b/components/datalake-handler/feeder/Dockerfile @@ -27,5 +27,7 @@ RUN apt update && \ apt install -y mariadb-client && \ apt install -y curl +USER datalake + CMD ["sh", "run.sh"] diff --git a/components/datalake-handler/feeder/pom.xml b/components/datalake-handler/feeder/pom.xml index 3297c7ea..5954b378 100644 --- a/components/datalake-handler/feeder/pom.xml +++ b/components/datalake-handler/feeder/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>org.onap.dcaegen2.services.components</groupId> <artifactId>datalake-handler</artifactId> - <version>1.0.1-SNAPSHOT</version> + <version>1.0.2-SNAPSHOT</version> </parent> <groupId>org.onap.dcaegen2.services.components.datalake-handler</groupId> @@ -218,7 +218,8 @@ <password>docker</password> --> <!-- repository>repo.treescale.com/moguobiao/datalake-feeder-maven</repository --> <!-- repository>moguobiao/datalake-feeder-maven-spotify</repository --> - <repository>${onap.nexus.dockerregistry.daily}/${docker.image.path}</repository> + <repository>${onap.nexus.dockerregistry.daily}/${docker.image.path}</repository> + <!-- <repository>mizunoami123/dl-feeder</repository> --> <tag>${project.version}</tag> <dockerfile>Dockerfile</dockerfile> <!-- useMavenSettingsForAuth>true</useMavenSettingsForAuth --> diff --git a/components/datalake-handler/pom.xml b/components/datalake-handler/pom.xml index 9b00a41e..fc4922ca 100644 --- a/components/datalake-handler/pom.xml +++ b/components/datalake-handler/pom.xml @@ -12,7 +12,7 @@ <groupId>org.onap.dcaegen2.services.components</groupId> <artifactId>datalake-handler</artifactId> - <version>1.0.1-SNAPSHOT</version> + <version>1.0.2-SNAPSHOT</version> <packaging>pom</packaging> <name>dcaegen2-service-datalake-handler</name> diff --git a/components/datalake-handler/version.properties b/components/datalake-handler/version.properties index 0f1f46a5..c13587b4 100644 --- a/components/datalake-handler/version.properties +++ b/components/datalake-handler/version.properties @@ -1,6 +1,6 @@ major=1 minor=0 -patch=1 +patch=2 base_version=${major}.${minor}.${patch} release_version=${base_version} snapshot_version=${base_version}-SNAPSHOT |