From 750ae4a611050eb0e33f4f5420aa0297b59790e3 Mon Sep 17 00:00:00 2001 From: tangpeng Date: Tue, 26 Feb 2019 08:20:28 +0000 Subject: Run the app with a non-root user Change-Id: Ie851ca9ad1e0278b36d75d6aa06d010b982af48a Issue-ID: HOLMES-202 Signed-off-by: tangpeng --- engine-d-standalone/src/main/assembly/Dockerfile | 37 ++++++++++------------ engine-d-standalone/src/main/assembly/bin/run.sh | 7 ---- .../src/main/assembly/conf/engine-d.yml | 5 --- 3 files changed, 16 insertions(+), 33 deletions(-) (limited to 'engine-d-standalone/src/main') diff --git a/engine-d-standalone/src/main/assembly/Dockerfile b/engine-d-standalone/src/main/assembly/Dockerfile index d8943b6..119321a 100644 --- a/engine-d-standalone/src/main/assembly/Dockerfile +++ b/engine-d-standalone/src/main/assembly/Dockerfile @@ -2,7 +2,7 @@ FROM openresty/openresty:alpine MAINTAINER "Guangrong Fu" -EXPOSE 9102 9202 8312 +EXPOSE 9102 9202 ENV HOSTNAME holmes-engine-mgmt @@ -13,21 +13,21 @@ ENV LANG C.UTF-8 # add a simple script that can auto-detect the appropriate JAVA_HOME value # based on whether the JDK or only the JRE is installed RUN { \ - echo '#!/bin/sh'; \ - echo 'set -e'; \ - echo; \ - echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \ - } > /usr/local/bin/docker-java-home \ - && chmod +x /usr/local/bin/docker-java-home + echo '#!/bin/sh'; \ + echo 'set -e'; \ + echo; \ + echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \ + } > /usr/local/bin/docker-java-home \ + && chmod +x /usr/local/bin/docker-java-home ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin ENV JAVA_ALPINE_VERSION 8.191.12-r0 RUN set -x \ - && apk add --no-cache \ - openjdk8="$JAVA_ALPINE_VERSION" \ - && [ "$JAVA_HOME" = "$(docker-java-home)" ] + && apk add --no-cache \ + openjdk8="$JAVA_ALPINE_VERSION" \ + && [ "$JAVA_HOME" = "$(docker-java-home)" ] #install neccessary tools RUN apk upgrade \ @@ -36,22 +36,17 @@ RUN apk upgrade \ && apk add --no-cache wget \ && apk add --no-cache postgresql-client=10.5-r0 -#install ActiveMQ -RUN mkdir /home/downloads -RUN mkdir /home/activemq -RUN cd /home/downloads -RUN wget http://archive.apache.org/dist/activemq/apache-activemq/5.9.0/apache-activemq-5.9.0-bin.tar.gz -RUN tar -xzvf apache-activemq-5.9.0-bin.tar.gz -C /home/activemq/ -RUN rm -rf /home/downloads +#switch the user to holmes +RUN addgroup -S holmes && adduser -S -G holmes holmes #add the backend package to the docker image -RUN mkdir /home/holmes WORKDIR /home/holmes ADD holmes-engine-d-standalone-*-linux64.tar.gz /home/holmes/ +RUN chmod -R a+rw /home/holmes/ +RUN chmod -R a+rw /var/log/ RUN chmod 755 /home/holmes/bin/*.sh -CMD ["sh", "/home/holmes/bin/run.sh"] - - +USER holmes +CMD ["sh", "/home/holmes/bin/run.sh"] diff --git a/engine-d-standalone/src/main/assembly/bin/run.sh b/engine-d-standalone/src/main/assembly/bin/run.sh index ba11029..0da0cf8 100644 --- a/engine-d-standalone/src/main/assembly/bin/run.sh +++ b/engine-d-standalone/src/main/assembly/bin/run.sh @@ -33,10 +33,6 @@ echo @JAVA_OPTS@ $JAVA_OPTS class_path="$main_path/:$main_path/holmes-engine-d.jar" echo @class_path@ $class_path -sed -i "s/activemq.username=.*/activemq.username=activemq/" /home/activemq/apache-activemq-5.9.0/conf/credentials.properties -sed -i "s/activemq.password=.*/activemq.password=v1/" /home/activemq/apache-activemq-5.9.0/conf/credentials.properties -/home/activemq/apache-activemq-5.9.0/bin/activemq start - if [ -z ${JDBC_USERNAME} ]; then export JDBC_USERNAME=holmes echo "No user name is specified for the database. Use the default value \"$JDBC_USERNAME\"." @@ -73,9 +69,6 @@ if [ ! -z ${URL_JDBC} ] && [ `expr index $URL_JDBC :` != 0 ]; then fi echo DB_PORT=$DB_PORT -#ActiveMQ IP Configurations -sed -i "s|brokerIp:.*|brokerIp: $SERVICE_IP|" "$main_path/conf/engine-d.yml" - KEY_PATH="$main_path/conf/holmes.keystore" KEY_PASSWORD="holmes" diff --git a/engine-d-standalone/src/main/assembly/conf/engine-d.yml b/engine-d-standalone/src/main/assembly/conf/engine-d.yml index e2f1f64..4709864 100644 --- a/engine-d-standalone/src/main/assembly/conf/engine-d.yml +++ b/engine-d-standalone/src/main/assembly/conf/engine-d.yml @@ -73,8 +73,3 @@ database: evictionInterval: 10s minIdleTime: 1s -mqConfig: - brokerIp: 10.74.156.206 - brokerPort: 61616 - brokerUsername: activemq - brokerPassword: v1 -- cgit 1.2.3-korg