summaryrefslogtreecommitdiffstats
path: root/engine-d-standalone/src
diff options
context:
space:
mode:
authortangpeng <tang.peng5@zte.com.cn>2019-02-26 08:20:28 +0000
committertangpeng <tang.peng5@zte.com.cn>2019-02-26 08:20:28 +0000
commit750ae4a611050eb0e33f4f5420aa0297b59790e3 (patch)
tree8aa29af137a0ecd5ce8e0d0fc60b666ead3d00a9 /engine-d-standalone/src
parent88bcc3a2d49014774277bb037b4336910933cbca (diff)
Run the app with a non-root user
Change-Id: Ie851ca9ad1e0278b36d75d6aa06d010b982af48a Issue-ID: HOLMES-202 Signed-off-by: tangpeng <tang.peng5@zte.com.cn>
Diffstat (limited to 'engine-d-standalone/src')
-rw-r--r--engine-d-standalone/src/main/assembly/Dockerfile37
-rw-r--r--engine-d-standalone/src/main/assembly/bin/run.sh7
-rw-r--r--engine-d-standalone/src/main/assembly/conf/engine-d.yml5
3 files changed, 16 insertions, 33 deletions
diff --git a/engine-d-standalone/src/main/assembly/Dockerfile b/engine-d-standalone/src/main/assembly/Dockerfile
index d8943b6..119321a 100644
--- a/engine-d-standalone/src/main/assembly/Dockerfile
+++ b/engine-d-standalone/src/main/assembly/Dockerfile
@@ -2,7 +2,7 @@ FROM openresty/openresty:alpine
MAINTAINER "Guangrong Fu" <fu.guangrong@zte.com.cn>
-EXPOSE 9102 9202 8312
+EXPOSE 9102 9202
ENV HOSTNAME holmes-engine-mgmt
@@ -13,21 +13,21 @@ ENV LANG C.UTF-8
# add a simple script that can auto-detect the appropriate JAVA_HOME value
# based on whether the JDK or only the JRE is installed
RUN { \
- echo '#!/bin/sh'; \
- echo 'set -e'; \
- echo; \
- echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
- } > /usr/local/bin/docker-java-home \
- && chmod +x /usr/local/bin/docker-java-home
+ echo '#!/bin/sh'; \
+ echo 'set -e'; \
+ echo; \
+ echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
+ } > /usr/local/bin/docker-java-home \
+ && chmod +x /usr/local/bin/docker-java-home
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin
ENV JAVA_ALPINE_VERSION 8.191.12-r0
RUN set -x \
- && apk add --no-cache \
- openjdk8="$JAVA_ALPINE_VERSION" \
- && [ "$JAVA_HOME" = "$(docker-java-home)" ]
+ && apk add --no-cache \
+ openjdk8="$JAVA_ALPINE_VERSION" \
+ && [ "$JAVA_HOME" = "$(docker-java-home)" ]
#install neccessary tools
RUN apk upgrade \
@@ -36,22 +36,17 @@ RUN apk upgrade \
&& apk add --no-cache wget \
&& apk add --no-cache postgresql-client=10.5-r0
-#install ActiveMQ
-RUN mkdir /home/downloads
-RUN mkdir /home/activemq
-RUN cd /home/downloads
-RUN wget http://archive.apache.org/dist/activemq/apache-activemq/5.9.0/apache-activemq-5.9.0-bin.tar.gz
-RUN tar -xzvf apache-activemq-5.9.0-bin.tar.gz -C /home/activemq/
-RUN rm -rf /home/downloads
+#switch the user to holmes
+RUN addgroup -S holmes && adduser -S -G holmes holmes
#add the backend package to the docker image
-RUN mkdir /home/holmes
WORKDIR /home/holmes
ADD holmes-engine-d-standalone-*-linux64.tar.gz /home/holmes/
+RUN chmod -R a+rw /home/holmes/
+RUN chmod -R a+rw /var/log/
RUN chmod 755 /home/holmes/bin/*.sh
-CMD ["sh", "/home/holmes/bin/run.sh"]
-
-
+USER holmes
+CMD ["sh", "/home/holmes/bin/run.sh"]
diff --git a/engine-d-standalone/src/main/assembly/bin/run.sh b/engine-d-standalone/src/main/assembly/bin/run.sh
index ba11029..0da0cf8 100644
--- a/engine-d-standalone/src/main/assembly/bin/run.sh
+++ b/engine-d-standalone/src/main/assembly/bin/run.sh
@@ -33,10 +33,6 @@ echo @JAVA_OPTS@ $JAVA_OPTS
class_path="$main_path/:$main_path/holmes-engine-d.jar"
echo @class_path@ $class_path
-sed -i "s/activemq.username=.*/activemq.username=activemq/" /home/activemq/apache-activemq-5.9.0/conf/credentials.properties
-sed -i "s/activemq.password=.*/activemq.password=v1/" /home/activemq/apache-activemq-5.9.0/conf/credentials.properties
-/home/activemq/apache-activemq-5.9.0/bin/activemq start
-
if [ -z ${JDBC_USERNAME} ]; then
export JDBC_USERNAME=holmes
echo "No user name is specified for the database. Use the default value \"$JDBC_USERNAME\"."
@@ -73,9 +69,6 @@ if [ ! -z ${URL_JDBC} ] && [ `expr index $URL_JDBC :` != 0 ]; then
fi
echo DB_PORT=$DB_PORT
-#ActiveMQ IP Configurations
-sed -i "s|brokerIp:.*|brokerIp: $SERVICE_IP|" "$main_path/conf/engine-d.yml"
-
KEY_PATH="$main_path/conf/holmes.keystore"
KEY_PASSWORD="holmes"
diff --git a/engine-d-standalone/src/main/assembly/conf/engine-d.yml b/engine-d-standalone/src/main/assembly/conf/engine-d.yml
index e2f1f64..4709864 100644
--- a/engine-d-standalone/src/main/assembly/conf/engine-d.yml
+++ b/engine-d-standalone/src/main/assembly/conf/engine-d.yml
@@ -73,8 +73,3 @@ database:
evictionInterval: 10s
minIdleTime: 1s
-mqConfig:
- brokerIp: 10.74.156.206
- brokerPort: 61616
- brokerUsername: activemq
- brokerPassword: v1