summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--csit/common-library.robot19
-rwxr-xr-xcsit/pap/plans/setup.sh9
-rw-r--r--csit/pap/plans/testplan.txt1
-rw-r--r--csit/pap/tests/pap-slas.robot60
-rw-r--r--csit/pap/tests/pap-test.robot25
-rwxr-xr-xcsit/run-project-csit.sh18
-rwxr-xr-xcsit/stop-all.sh2
-rwxr-xr-xcsit/wait_for_port.sh4
-rwxr-xr-xcsit/wait_for_rest.sh2
-rw-r--r--policy-db-migrator/src/main/docker/Dockerfile16
-rw-r--r--policy-jdk/alpine/pom.xml96
-rw-r--r--policy-jdk/alpine/src/main/docker/Dockerfile85
-rw-r--r--policy-jre/alpine/pom.xml96
-rw-r--r--policy-jre/alpine/src/main/docker/Dockerfile64
15 files changed, 223 insertions, 275 deletions
diff --git a/.gitignore b/.gitignore
index d4aa5c29..fee07ae7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ env.properties
.pydevproject
models
.vscode/
+**/*.log
diff --git a/csit/common-library.robot b/csit/common-library.robot
index e8a9640c..871e7efe 100644
--- a/csit/common-library.robot
+++ b/csit/common-library.robot
@@ -120,7 +120,18 @@ GetMetrics
Log Received response from policy ${resp.text}
[return] ${resp}
-QueryPrometheus ${query}
- ${resp}= GET http://localhost:30259/api/v1/query?query=${query} expected_status=200
- Log Received response from policy ${resp.text}
- [return] ${resp}
+QueryPrometheus
+ [Arguments] ${query}
+ ${params}= Create Dictionary query=${query}
+ ${resp}= GET http://localhost:30259/api/v1/query ${params}
+ Status Should Be OK
+ Log Received response from Prometheus ${resp.text}
+ [return] ${resp.json()}
+
+ValidateResponseTime
+ [Arguments] ${job} ${uri} ${method} ${timeLimit}
+ [Documentation] Check if uri response is under the required time
+ ${resp}= QueryPrometheus http_server_requests_seconds_sum{uri="${uri}",method="${method}",job="${job}"}/http_server_requests_seconds_count{uri="${uri}",method="${method}",job="${job}"}
+ ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]}
+ ${actualTime}= Set Variable ${rawNumber * ${1000}}
+ Should Be True ${actualTime} <= ${timeLimit}
diff --git a/csit/pap/plans/setup.sh b/csit/pap/plans/setup.sh
index b656ef5a..4c77accf 100755
--- a/csit/pap/plans/setup.sh
+++ b/csit/pap/plans/setup.sh
@@ -37,15 +37,8 @@ docker-compose -f "${SCRIPTS}"/docker-compose-all.yml up -d pap apex-pdp grafana
sleep 10
unset http_proxy https_proxy
-POLICY_PAP_IP=$(get-instance-ip.sh policy-pap)
POLICY_PAP_PORT=30442
-POLICY_API_IP=$(get-instance-ip.sh policy-api)
POLICY_API_PORT=30440
-MARIADB_IP=$(get-instance-ip.sh mariadb)
-
-echo PAP IP IS "${POLICY_PAP_IP}"
-echo API IP IS "${POLICY_API_IP}"
-echo MARIADB IP IS "${MARIADB_IP}"
# wait for the app to start up
"${SCRIPTS}"/wait_for_rest.sh localhost "${POLICY_PAP_PORT}"
@@ -55,8 +48,6 @@ DATA=${WORKSPACE}/models/models-examples/src/main/resources/policies
NODETEMPLATES=${WORKSPACE}/models/models-examples/src/main/resources/nodetemplates
ROBOT_VARIABLES=""
-ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_PAP_IP:${POLICY_PAP_IP}"
-ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_API_IP:${POLICY_API_IP}"
ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_PAP_PORT:${POLICY_PAP_PORT}"
ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_API_PORT:${POLICY_API_PORT}"
ROBOT_VARIABLES="${ROBOT_VARIABLES} -v DATA:${DATA}"
diff --git a/csit/pap/plans/testplan.txt b/csit/pap/plans/testplan.txt
index 1e5b1f94..4fac1027 100644
--- a/csit/pap/plans/testplan.txt
+++ b/csit/pap/plans/testplan.txt
@@ -1,3 +1,4 @@
# Test suites are relative paths under [policy/docker.git]/csit/[project]/tests.
# Place the suites in run order.
pap-test.robot
+pap-slas.robot
diff --git a/csit/pap/tests/pap-slas.robot b/csit/pap/tests/pap-slas.robot
new file mode 100644
index 00000000..045530ae
--- /dev/null
+++ b/csit/pap/tests/pap-slas.robot
@@ -0,0 +1,60 @@
+*** Settings ***
+Library Collections
+Library RequestsLibrary
+Library OperatingSystem
+Library json
+Resource ${CURDIR}/../../common-library.robot
+
+*** Keywords ***
+ValidateResponseTimeForPap
+ [Arguments] ${uri} ${method}
+ [Documentation] Check if uri response is under the 500ms required time for pap metrics
+ ValidateResponseTime pap-metrics ${uri} ${method} 500
+
+*** Test Cases ***
+WaitForPrometheusServer
+ [Documentation] Sleep time to wait for Prometheus server to gather all metrics
+ Sleep 1 minute
+
+ValidateResponseTimeForHealthcheck
+ [Documentation] Validate component healthcheck response time
+ ValidateResponseTimeForPap /healthcheck GET
+
+ValidateResponseTimeForSystemHealthcheck
+ [Documentation] Validate if system healthcheck response time is under 1000ms
+ ValidateResponseTime pap-metrics /components/healthcheck GET 10000
+
+ValidateResponseTimeForStatistics
+ [Documentation] Validate statistics response time
+ ValidateResponseTimeForPap /statistics GET
+
+# TODO: includes notification, so always over 500ms
+# ValidateResponseTimeCreateGroup
+# [Documentation] Validate create group response time
+# ValidateResponseTimeForPap /pdps/groups/batch POST
+
+ValidateResponseTimeQueryPolicyAudit
+ [Documentation] Validate query audits response time
+ ValidateResponseTimeForPap /policies/audit GET
+
+ValidateResponseTimeUpdateGroup
+ [Documentation] Validate pdps/group response time
+ ValidateResponseTimeForPap /pdps/groups/{name} PUT
+
+ValidatePolicyDeploymentTime
+ [Documentation] Check if deployment of policy is under 2000ms
+ ${resp}= QueryPrometheus pap_policy_deployments_seconds_sum{operation="deploy",status="SUCCESS"}/pap_policy_deployments_seconds_count{operation="deploy",status="SUCCESS"}
+ ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]}
+ ${actualTime}= Set Variable ${rawNumber * ${1000}}
+ Should Be True ${actualTime} <= ${2000}
+
+ValidateResponseTimeDeletePolicy
+ [Documentation] Check if undeployment of policy is under 2000ms
+ ${resp}= QueryPrometheus pap_policy_deployments_seconds_sum{operation="undeploy",status="SUCCESS"}/pap_policy_deployments_seconds_count{operation="undeploy",status="SUCCESS"}
+ ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]}
+ ${actualTime}= Set Variable ${rawNumber * ${1000}}
+ Should Be True ${actualTime} <= ${2000}
+
+ValidateResponseTimeDeleteGroup
+ [Documentation] Validate delete group response time
+ ValidateResponseTimeForPap /pdps/groups/{name} DELETE
diff --git a/csit/pap/tests/pap-test.robot b/csit/pap/tests/pap-test.robot
index c417a83f..a4f0853d 100644
--- a/csit/pap/tests/pap-test.robot
+++ b/csit/pap/tests/pap-test.robot
@@ -12,6 +12,18 @@ GetReq
${resp}= PerformGetRequest ${POLICY_PAP_PORT} ${url} 200 null ${auth}
[return] ${resp}
+ValidateResponseTimeForPap
+ [Arguments] ${uri} ${method}
+ [Documentation] Check if uri response is under the required time for pap metrics
+ ValidateResponseTime pap-metrics ${uri} ${method} 500
+
+ValidateDeploymentTime
+ [Documentation] Check if deployment of policy is under 2000ms
+ ${resp}= QueryPrometheus pap_policy_deployments_seconds_sum{operation="deploy",status="SUCCESS"}/pap_policy_deployments_seconds_count{operation="deploy",status="SUCCESS"}
+ ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]}
+ ${actualTime}= Set Variable ${rawNumber * ${1000}}
+ Should Be True ${actualTime} <= ${2000}
+
*** Test Cases ***
LoadPolicy
[Documentation] Create a policy named 'onap.restart.tca' and version '1.0.0' using specific api
@@ -126,3 +138,16 @@ DeletePdpGroups
QueryPdpGroupsAfterDelete
[Documentation] Verify PdpGroups after delete
QueryPdpGroups 1 defaultGroup ACTIVE 0 null null null
+
+# ValidateSlaForPap
+# [Documentation] Run checks against Prometheus server to check response time
+# Sleep 30s
+# ValidateDeploymentTime
+# ValidateResponseTime pap-metrics /components/healthcheck GET 10000
+# ValidateResponseTimeForPap /healthcheck GET
+# ValidateResponseTimeForPap /statistics GET
+# ValidateResponseTimeForPap /policies/audit GET
+# ValidateResponseTimeForPap /pdps/groups/{name} PUT
+# ValidateResponseTimeForPap /pdps/policies/{name} DELETE
+# ValidateResponseTimeForPap /pdps/groups/{name} DELETE
+# ValidateResponseTimeForPap /pdps/groups/batch POST
diff --git a/csit/run-project-csit.sh b/csit/run-project-csit.sh
index a3837b03..0f15c75b 100755
--- a/csit/run-project-csit.sh
+++ b/csit/run-project-csit.sh
@@ -27,17 +27,18 @@
function on_exit(){
rc=$?
if [[ ${WORKSPACE} ]]; then
- if [[ ${WORKDIR} ]]; then
- rsync -av "${WORKDIR}/" "${WORKSPACE}/csit/archives/${PROJECT}"
- fi
# Record list of active docker containers
- docker ps
+ docker ps --format "table {{ .Names }}\t{{ .Status }}"
# Show the logs from all containers
- docker-compose -f "${WORKSPACE}/csit/docker-compose-all.yml" logs
+ docker-compose -f "${WORKSPACE}/csit/docker-compose-all.yml" logs > docker_compose.log
# show memory consumption after all docker instances initialized
docker_stats
+
+ if [[ ${WORKDIR} ]]; then
+ rsync -av "${WORKDIR}/" "${WORKSPACE}/csit/archives/${PROJECT}"
+ fi
fi
# Run teardown script plan if it exists
cd "${TESTPLANDIR}/plans/"
@@ -57,25 +58,20 @@ function docker_stats(){
# General memory details
if [ "$(uname -s)" == "Darwin" ]
then
- echo "> top -l1 | head -10"
sh -c "top -l1 | head -10"
echo
else
- echo "> top -bn1 | head -3"
sh -c "top -bn1 | head -3"
echo
- echo "> free -h"
sh -c "free -h"
echo
fi
# Memory details per Docker
- echo "> docker ps"
- docker ps
+ docker ps --format "table {{ .Names }}\t{{ .Status }}"
echo
- echo "> docker stats --no-stream"
docker stats --no-stream
echo
}
diff --git a/csit/stop-all.sh b/csit/stop-all.sh
index 4e6b0aa6..9adfcf3c 100755
--- a/csit/stop-all.sh
+++ b/csit/stop-all.sh
@@ -23,4 +23,4 @@ export SCRIPTS="${SCRIPTS}"/csit
source "${SCRIPTS}"/get-versions.sh
-docker-compose -f "${SCRIPTS}"/docker-compose-all.yml down
+docker-compose -f "${SCRIPTS}"/docker-compose-all.yml down -v
diff --git a/csit/wait_for_port.sh b/csit/wait_for_port.sh
index 5a8be250..6dcb3cab 100755
--- a/csit/wait_for_port.sh
+++ b/csit/wait_for_port.sh
@@ -1,7 +1,7 @@
#!/bin/sh
# ============LICENSE_START====================================================
# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright (C) 2022 Nordix Foundation.
+# Modifications Copyright (C) 2022-2023 Nordix Foundation.
# =============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -64,7 +64,7 @@ do
do
if command -v docker > /dev/null 2>&1
then
- docker ps
+ docker ps --format "table {{ .Names }}\t{{ .Status }}"
fi
nc -vz "$host" "$port"
diff --git a/csit/wait_for_rest.sh b/csit/wait_for_rest.sh
index bf47ccf1..a64c3063 100755
--- a/csit/wait_for_rest.sh
+++ b/csit/wait_for_rest.sh
@@ -54,7 +54,7 @@ do
do
if command -v docker > /dev/null 2>&1
then
- docker ps
+ docker ps --format "table {{ .Names }}\t{{ .Status }}"
fi
curl "http://$host:$port" > /dev/null 2>&1
rc=$?
diff --git a/policy-db-migrator/src/main/docker/Dockerfile b/policy-db-migrator/src/main/docker/Dockerfile
index 664649cd..92f45585 100644
--- a/policy-db-migrator/src/main/docker/Dockerfile
+++ b/policy-db-migrator/src/main/docker/Dockerfile
@@ -1,7 +1,7 @@
#-------------------------------------------------------------------------------
# Dockerfile
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#-------------------------------------------------------------------------------
-FROM onap/policy-jdk-alpine:2.6.1-SNAPSHOT
+FROM onap/policy-jre-alpine:2.6.1-SNAPSHOT
LABEL maintainer="Policy Team"
LABEL org.opencontainers.image.title="Policy db-migrator"
@@ -35,10 +35,16 @@ ENV POLICY_ETC /opt/app/policy/etc
ENV POLICY_PROFILE /opt/app/policy/etc/profile.d
ENV POLICY_BIN /opt/app/policy/bin
+USER root
RUN apk update && \
- apk add --no-cache mariadb-client && \
- apk add postgresql-client \
- net-tools netcat-openbsd sudo less vim && \
+ apk add --no-cache \
+ mariadb-client \
+ postgresql-client \
+ net-tools \
+ netcat-openbsd \
+ sudo \
+ less \
+ vim && \
mkdir -p $POLICY_PROFILE $POLICY_BIN && \
chown -R policy:policy $POLICY_ETC $POLICY_BIN
diff --git a/policy-jdk/alpine/pom.xml b/policy-jdk/alpine/pom.xml
index 69f2c89a..b656b6f8 100644
--- a/policy-jdk/alpine/pom.xml
+++ b/policy-jdk/alpine/pom.xml
@@ -2,7 +2,7 @@
============LICENSE_START=======================================================
Copyright (C) 2019 Ericsson, Tieto. All rights reserved.
Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright (C) 2022 Nordix Foundation.
+ Modifications Copyright (C) 2022-2023 Nordix Foundation.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -37,95 +37,8 @@
<properties>
<docker.jdk.imagename>onap/policy-jdk-alpine</docker.jdk.imagename>
- <integration.python.name>onap/integration-python</integration.python.name>
- <integration.python.version>10.1.0</integration.python.version>
</properties>
- <profiles>
- <profile>
- <!-- This profile is activated on Apple M1 architecture to generate the ONAP base Java image locally -->
- <id>baseImage</id>
- <activation>
- <os>
- <arch>aarch64</arch>
- </os>
- </activation>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-scm-plugin</artifactId>
- <version>1.13.0</version>
- <dependencies>
- <dependency>
- <groupId>org.codehaus.plexus</groupId>
- <artifactId>plexus-utils</artifactId>
- <version>3.4.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.maven.scm</groupId>
- <artifactId>maven-scm-provider-gitexe</artifactId>
- <version>1.13.0</version>
- </dependency>
- </dependencies>
- <configuration>
- <connectionType>connection</connectionType>
- <checkoutDirectory>src/main/resources/meta</checkoutDirectory>
- </configuration>
- <executions>
- <execution>
- <id>checkout-onap-python</id>
- <phase>validate</phase>
- <configuration>
- <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-python</connectionUrl>
- <checkoutDirectory>${project.build.directory}/onap-python</checkoutDirectory>
- </configuration>
- <goals>
- <goal>checkout</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
-
- <executions>
- <execution>
- <id>generate-python-image</id>
- <phase>initialize</phase>
- <configuration>
- <verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
- <pullRegistry>${docker.pull.registry}</pullRegistry>
- <pushRegistry>${docker.push.registry}</pushRegistry>
- <images>
- <image>
- <name>${integration.python.name}</name>
- <build>
- <cleanup>try</cleanup>
- <contextDir>${project.build.directory}/onap-python</contextDir>
- <dockerFile>Dockerfile</dockerFile>
- <tags>
- <tag>${integration.python.version}</tag>
- <tag>${integration.python.version}-${maven.build.timestamp}</tag>
- <tag>${project.docker.latest.minmax.tag.version}</tag>
- </tags>
- </build>
- </image>
- </images>
- </configuration>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
<build>
<finalName>${project.artifactId}-${project.version}</finalName>
<plugins>
@@ -169,10 +82,6 @@
<tag>${project.version}-${maven.build.timestamp}</tag>
<tag>${project.docker.latest.minmax.tag.version}</tag>
</tags>
- <args>
- <INTEGRATION_PYTHON_NAME>${integration.python.name}</INTEGRATION_PYTHON_NAME>
- <INTEGRATION_PYTHON_VERSION>${integration.python.version}</INTEGRATION_PYTHON_VERSION>
- </args>
</build>
</image>
</images>
@@ -205,9 +114,6 @@
<goal>build</goal>
<goal>push</goal>
</goals>
- <configuration>
- <image>${docker.jdk.imagename}</image>
- </configuration>
</execution>
</executions>
</plugin>
diff --git a/policy-jdk/alpine/src/main/docker/Dockerfile b/policy-jdk/alpine/src/main/docker/Dockerfile
index a8f84c0c..ab856bf4 100644
--- a/policy-jdk/alpine/src/main/docker/Dockerfile
+++ b/policy-jdk/alpine/src/main/docker/Dockerfile
@@ -1,7 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Tieto. All rights reserved.
# Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright (C) 2020, 2022 Nordix Foundation.
+# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,19 +18,11 @@
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-# Docker file to build a base image for all policy components images
-#
-# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk
-# more details at https://hub.docker.com/_/openjdk
-
-ARG INTEGRATION_PYTHON_NAME=${INTEGRATION_PYTHON_NAME}
-ARG INTEGRATION_PYTHON_VERSION=${INTEGRATION_PYTHON_VERSION}
-
-FROM ${INTEGRATION_PYTHON_NAME}:${INTEGRATION_PYTHON_VERSION}
+FROM alpine:3.17
LABEL maintainer="Policy Team"
-LABEL org.opencontainers.image.title="Policy JDK Alpine"
-LABEL org.opencontainers.image.description="Policy Java 11 JDK image based on Alpine"
+LABEL org.opencontainers.image.title="Policy JRE Alpine"
+LABEL org.opencontainers.image.description="Policy Java 11 JRE image based on Alpine"
LABEL org.opencontainers.image.url="https://github.com/onap/policy-docker"
LABEL org.opencontainers.image.vendor="ONAP Policy Team"
LABEL org.opencontainers.image.licenses="Apache-2.0"
@@ -38,32 +30,61 @@ LABEL org.opencontainers.image.created="${git.build.time}"
LABEL org.opencontainers.image.version="${git.build.version}"
LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}"
+ENV JAVA_HOME /usr/lib/jvm/default-jvm
+ENV JAVA_OPTS="-Xms256m -Xmx1g"
+ENV JAVA_SEC_OPTS=""
+ENV PYTHONUNBUFFERED=1
ENV POLICY_HOME=/opt/app/policy
+ENV PATH $JAVA_HOME/bin:$PATH
+
+ARG user=onap
+ARG group=onap
-USER root
+# Default to UTF-8 file.encoding
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
-RUN rm -rf /opt/java/openjdk \
- && mkdir -p /opt/java/openjdk \
- && mkdir -p /usr/lib/jvm/ \
- && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk \
- && apk update \
- && apk add --no-cache \
+# Generic additions
+RUN apk add --no-cache \
+ libretls \
+ musl-locales \
+ musl-locales-lang \
+ openjdk11-jdk \
+ openssl \
+ ca-certificates && \
+ rm -rf /var/cache/apk/* && \
+# ONAP additions
+ addgroup -S $group && \
+ adduser -G $group -D $user && \
+ mkdir /var/log/$user && \
+ mkdir /app && \
+ chown -R $user:$group /var/log/$user && \
+ chown -R $user:$group /app && \
+# Policy Framework additions
+ apk update && \
+ apk add --no-cache \
busybox-extras \
curl \
jq \
procps \
unzip \
zip \
- openjdk11 \
- && curl --fail --silent --show-error --retry 3 \
- --output /tmp/apache-maven-3.6.3-bin.tar.gz \
- https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz \
- && tar zxC /usr/share </tmp/apache-maven-3.6.3-bin.tar.gz \
- && chown -R root:root /usr/share/apache-maven-3.6.3 \
- && ln -s /usr/share/apache-maven-3.6.3/bin/mvn /usr/bin/mvn \
- && rm -f /tmp/apache-maven-3.6.3-bin.tar.gz \
- && addgroup -S policy \
- && adduser -S --shell /bin/sh -G policy policy \
- && mkdir -p ${POLICY_HOME}/ \
- && chown policy:policy ${POLICY_HOME} \
- && pip install --upgrade pip==22.0.3
+ python3 && \
+ rm -rf /var/cache/apk/* && \
+ addgroup -S policy && \
+ adduser -S --shell /bin/sh -G policy policy && \
+ mkdir -p ${POLICY_HOME}/ && \
+ chown policy:policy ${POLICY_HOME} && \
+ mkdir -p /usr/lib/jvm/ && \
+ ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm && \
+ python3 -m ensurepip && \
+ pip3 install --no-cache --upgrade pip setuptools
+
+# Install python/pip
+RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
+RUN python3 -m ensurepip
+RUN pip3 install --no-cache --upgrade pip setuptools
+
+
+# Tell docker that all future commands should be run as the onap user
+USER $user
+WORKDIR /app
diff --git a/policy-jre/alpine/pom.xml b/policy-jre/alpine/pom.xml
index 21305758..1a1574bc 100644
--- a/policy-jre/alpine/pom.xml
+++ b/policy-jre/alpine/pom.xml
@@ -2,7 +2,7 @@
============LICENSE_START=======================================================
Copyright (C) 2019 Ericsson, Tieto. All rights reserved.
Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright (C) 2022 Nordix Foundation.
+ Modifications Copyright (C) 2022-2023 Nordix Foundation.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -37,95 +37,8 @@
<properties>
<docker.jre.imagename>onap/policy-jre-alpine</docker.jre.imagename>
- <integration.java.name>onap/integration-java11</integration.java.name>
- <integration.java.version>9.0.0</integration.java.version>
</properties>
- <profiles>
- <profile>
- <!-- This profile is activated on Apple M1 architecture to generate the ONAP base images locally -->
- <id>baseImage</id>
- <activation>
- <os>
- <arch>aarch64</arch>
- </os>
- </activation>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-scm-plugin</artifactId>
- <version>1.13.0</version>
- <dependencies>
- <dependency>
- <groupId>org.codehaus.plexus</groupId>
- <artifactId>plexus-utils</artifactId>
- <version>3.4.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.maven.scm</groupId>
- <artifactId>maven-scm-provider-gitexe</artifactId>
- <version>1.13.0</version>
- </dependency>
- </dependencies>
- <configuration>
- <connectionType>connection</connectionType>
- <checkoutDirectory>src/main/resources/meta</checkoutDirectory>
- </configuration>
- <executions>
- <execution>
- <id>checkout-onap-python</id>
- <phase>validate</phase>
- <configuration>
- <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-java11</connectionUrl>
- <checkoutDirectory>${project.build.directory}/onap-java11</checkoutDirectory>
- </configuration>
- <goals>
- <goal>checkout</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
-
- <executions>
- <execution>
- <id>generate-base-image</id>
- <phase>initialize</phase>
- <configuration>
- <verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
- <pullRegistry>${docker.pull.registry}</pullRegistry>
- <pushRegistry>${docker.push.registry}</pushRegistry>
- <images>
- <image>
- <name>${integration.java.name}</name>
- <build>
- <cleanup>try</cleanup>
- <contextDir>${project.build.directory}/onap-java11</contextDir>
- <dockerFile>BareAlpine.Dockerfile</dockerFile>
- <tags>
- <tag>${integration.java.version}</tag>
- <tag>${integration.java.version}-${maven.build.timestamp}</tag>
- <tag>${project.docker.latest.minmax.tag.version}</tag>
- </tags>
- </build>
- </image>
- </images>
- </configuration>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
<build>
<finalName>${project.artifactId}-${project.version}</finalName>
<plugins>
@@ -169,10 +82,6 @@
<tag>${project.version}-${maven.build.timestamp}</tag>
<tag>${project.docker.latest.minmax.tag.version}</tag>
</tags>
- <args>
- <INTEGRATION_JAVA_NAME>${integration.java.name}</INTEGRATION_JAVA_NAME>
- <INTEGRATION_JAVA_VERSION>${integration.java.version}</INTEGRATION_JAVA_VERSION>
- </args>
</build>
</image>
</images>
@@ -205,9 +114,6 @@
<goal>build</goal>
<goal>push</goal>
</goals>
- <configuration>
- <image>${docker.jre.imagename}</image>
- </configuration>
</execution>
</executions>
</plugin>
diff --git a/policy-jre/alpine/src/main/docker/Dockerfile b/policy-jre/alpine/src/main/docker/Dockerfile
index d4fed90c..f1bf2496 100644
--- a/policy-jre/alpine/src/main/docker/Dockerfile
+++ b/policy-jre/alpine/src/main/docker/Dockerfile
@@ -1,7 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Tieto. All rights reserved.
# Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright (C) 2020, 2022 Nordix Foundation.
+# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,15 +18,7 @@
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-# Docker file to build a base image for all policy components images
-#
-# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk
-# more details at https://hub.docker.com/_/openjdk
-
-ARG INTEGRATION_JAVA_NAME=${INTEGRATION_JAVA_NAME}
-ARG INTEGRATION_JAVA_VERSION=${INTEGRATION_JAVA_VERSION}
-
-FROM ${INTEGRATION_JAVA_NAME}:${INTEGRATION_JAVA_VERSION}
+FROM alpine:3.17
LABEL maintainer="Policy Team"
LABEL org.opencontainers.image.title="Policy JRE Alpine"
@@ -38,21 +30,53 @@ LABEL org.opencontainers.image.created="${git.build.time}"
LABEL org.opencontainers.image.version="${git.build.version}"
LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}"
+ENV JAVA_HOME /usr/lib/jvm/default-jvm
+ENV JAVA_OPTS="-Xms256m -Xmx1g"
+ENV JAVA_SEC_OPTS=""
ENV POLICY_HOME=/opt/app/policy
+ENV PATH $JAVA_HOME/bin:$PATH
-USER root
+ARG user=onap
+ARG group=onap
-RUN apk update \
- && apk add --no-cache \
+# Default to UTF-8 file.encoding
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+
+# Generic additions
+RUN apk add --no-cache \
+ libretls \
+ musl-locales \
+ musl-locales-lang \
+ openjdk11-jre \
+ openssl \
+ ca-certificates && \
+ rm -rf /var/cache/apk/* && \
+# ONAP additions
+ addgroup -S $group && \
+ adduser -G $group -D $user && \
+ mkdir /var/log/$user && \
+ mkdir /app && \
+ chown -R $user:$group /var/log/$user && \
+ chown -R $user:$group /app && \
+# Policy Framework additions
+ apk update && \
+ apk add --no-cache \
busybox-extras \
curl \
jq \
procps \
unzip \
- zip \
- && addgroup -S policy \
- && adduser -S --shell /bin/sh -G policy policy \
- && mkdir -p ${POLICY_HOME}/ \
- && chown policy:policy ${POLICY_HOME} \
- && mkdir -p /usr/lib/jvm/ \
- && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk
+ zip && \
+ rm -rf /var/cache/apk/* && \
+ addgroup -S policy && \
+ adduser -S --shell /bin/sh -G policy policy && \
+ mkdir -p ${POLICY_HOME}/ && \
+ chown policy:policy ${POLICY_HOME} && \
+ mkdir -p /usr/lib/jvm/ && \
+ ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm
+
+# Tell docker that all future commands should be run as the onap user
+USER $user
+WORKDIR /app
+
+ENTRYPOINT exec java $JAVA_SEC_OPTS $JAVA_OPTS -jar /app/app.jar