diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | csit/common-library.robot | 19 | ||||
-rwxr-xr-x | csit/pap/plans/setup.sh | 9 | ||||
-rw-r--r-- | csit/pap/plans/testplan.txt | 1 | ||||
-rw-r--r-- | csit/pap/tests/pap-slas.robot | 60 | ||||
-rw-r--r-- | csit/pap/tests/pap-test.robot | 25 | ||||
-rwxr-xr-x | csit/run-project-csit.sh | 18 | ||||
-rwxr-xr-x | csit/stop-all.sh | 2 | ||||
-rwxr-xr-x | csit/wait_for_port.sh | 4 | ||||
-rwxr-xr-x | csit/wait_for_rest.sh | 2 | ||||
-rw-r--r-- | policy-db-migrator/src/main/docker/Dockerfile | 16 | ||||
-rw-r--r-- | policy-jdk/alpine/pom.xml | 96 | ||||
-rw-r--r-- | policy-jdk/alpine/src/main/docker/Dockerfile | 85 | ||||
-rw-r--r-- | policy-jre/alpine/pom.xml | 96 | ||||
-rw-r--r-- | policy-jre/alpine/src/main/docker/Dockerfile | 64 |
15 files changed, 223 insertions, 275 deletions
@@ -11,3 +11,4 @@ env.properties .pydevproject models .vscode/ +**/*.log diff --git a/csit/common-library.robot b/csit/common-library.robot index e8a9640c..871e7efe 100644 --- a/csit/common-library.robot +++ b/csit/common-library.robot @@ -120,7 +120,18 @@ GetMetrics Log Received response from policy ${resp.text} [return] ${resp} -QueryPrometheus ${query} - ${resp}= GET http://localhost:30259/api/v1/query?query=${query} expected_status=200 - Log Received response from policy ${resp.text} - [return] ${resp} +QueryPrometheus + [Arguments] ${query} + ${params}= Create Dictionary query=${query} + ${resp}= GET http://localhost:30259/api/v1/query ${params} + Status Should Be OK + Log Received response from Prometheus ${resp.text} + [return] ${resp.json()} + +ValidateResponseTime + [Arguments] ${job} ${uri} ${method} ${timeLimit} + [Documentation] Check if uri response is under the required time + ${resp}= QueryPrometheus http_server_requests_seconds_sum{uri="${uri}",method="${method}",job="${job}"}/http_server_requests_seconds_count{uri="${uri}",method="${method}",job="${job}"} + ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]} + ${actualTime}= Set Variable ${rawNumber * ${1000}} + Should Be True ${actualTime} <= ${timeLimit} diff --git a/csit/pap/plans/setup.sh b/csit/pap/plans/setup.sh index b656ef5a..4c77accf 100755 --- a/csit/pap/plans/setup.sh +++ b/csit/pap/plans/setup.sh @@ -37,15 +37,8 @@ docker-compose -f "${SCRIPTS}"/docker-compose-all.yml up -d pap apex-pdp grafana sleep 10 unset http_proxy https_proxy -POLICY_PAP_IP=$(get-instance-ip.sh policy-pap) POLICY_PAP_PORT=30442 -POLICY_API_IP=$(get-instance-ip.sh policy-api) POLICY_API_PORT=30440 -MARIADB_IP=$(get-instance-ip.sh mariadb) - -echo PAP IP IS "${POLICY_PAP_IP}" -echo API IP IS "${POLICY_API_IP}" -echo MARIADB IP IS "${MARIADB_IP}" # wait for the app to start up "${SCRIPTS}"/wait_for_rest.sh localhost "${POLICY_PAP_PORT}" @@ -55,8 +48,6 @@ DATA=${WORKSPACE}/models/models-examples/src/main/resources/policies NODETEMPLATES=${WORKSPACE}/models/models-examples/src/main/resources/nodetemplates ROBOT_VARIABLES="" -ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_PAP_IP:${POLICY_PAP_IP}" -ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_API_IP:${POLICY_API_IP}" ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_PAP_PORT:${POLICY_PAP_PORT}" ROBOT_VARIABLES="${ROBOT_VARIABLES} -v POLICY_API_PORT:${POLICY_API_PORT}" ROBOT_VARIABLES="${ROBOT_VARIABLES} -v DATA:${DATA}" diff --git a/csit/pap/plans/testplan.txt b/csit/pap/plans/testplan.txt index 1e5b1f94..4fac1027 100644 --- a/csit/pap/plans/testplan.txt +++ b/csit/pap/plans/testplan.txt @@ -1,3 +1,4 @@ # Test suites are relative paths under [policy/docker.git]/csit/[project]/tests. # Place the suites in run order. pap-test.robot +pap-slas.robot diff --git a/csit/pap/tests/pap-slas.robot b/csit/pap/tests/pap-slas.robot new file mode 100644 index 00000000..045530ae --- /dev/null +++ b/csit/pap/tests/pap-slas.robot @@ -0,0 +1,60 @@ +*** Settings *** +Library Collections +Library RequestsLibrary +Library OperatingSystem +Library json +Resource ${CURDIR}/../../common-library.robot + +*** Keywords *** +ValidateResponseTimeForPap + [Arguments] ${uri} ${method} + [Documentation] Check if uri response is under the 500ms required time for pap metrics + ValidateResponseTime pap-metrics ${uri} ${method} 500 + +*** Test Cases *** +WaitForPrometheusServer + [Documentation] Sleep time to wait for Prometheus server to gather all metrics + Sleep 1 minute + +ValidateResponseTimeForHealthcheck + [Documentation] Validate component healthcheck response time + ValidateResponseTimeForPap /healthcheck GET + +ValidateResponseTimeForSystemHealthcheck + [Documentation] Validate if system healthcheck response time is under 1000ms + ValidateResponseTime pap-metrics /components/healthcheck GET 10000 + +ValidateResponseTimeForStatistics + [Documentation] Validate statistics response time + ValidateResponseTimeForPap /statistics GET + +# TODO: includes notification, so always over 500ms +# ValidateResponseTimeCreateGroup +# [Documentation] Validate create group response time +# ValidateResponseTimeForPap /pdps/groups/batch POST + +ValidateResponseTimeQueryPolicyAudit + [Documentation] Validate query audits response time + ValidateResponseTimeForPap /policies/audit GET + +ValidateResponseTimeUpdateGroup + [Documentation] Validate pdps/group response time + ValidateResponseTimeForPap /pdps/groups/{name} PUT + +ValidatePolicyDeploymentTime + [Documentation] Check if deployment of policy is under 2000ms + ${resp}= QueryPrometheus pap_policy_deployments_seconds_sum{operation="deploy",status="SUCCESS"}/pap_policy_deployments_seconds_count{operation="deploy",status="SUCCESS"} + ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]} + ${actualTime}= Set Variable ${rawNumber * ${1000}} + Should Be True ${actualTime} <= ${2000} + +ValidateResponseTimeDeletePolicy + [Documentation] Check if undeployment of policy is under 2000ms + ${resp}= QueryPrometheus pap_policy_deployments_seconds_sum{operation="undeploy",status="SUCCESS"}/pap_policy_deployments_seconds_count{operation="undeploy",status="SUCCESS"} + ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]} + ${actualTime}= Set Variable ${rawNumber * ${1000}} + Should Be True ${actualTime} <= ${2000} + +ValidateResponseTimeDeleteGroup + [Documentation] Validate delete group response time + ValidateResponseTimeForPap /pdps/groups/{name} DELETE diff --git a/csit/pap/tests/pap-test.robot b/csit/pap/tests/pap-test.robot index c417a83f..a4f0853d 100644 --- a/csit/pap/tests/pap-test.robot +++ b/csit/pap/tests/pap-test.robot @@ -12,6 +12,18 @@ GetReq ${resp}= PerformGetRequest ${POLICY_PAP_PORT} ${url} 200 null ${auth} [return] ${resp} +ValidateResponseTimeForPap + [Arguments] ${uri} ${method} + [Documentation] Check if uri response is under the required time for pap metrics + ValidateResponseTime pap-metrics ${uri} ${method} 500 + +ValidateDeploymentTime + [Documentation] Check if deployment of policy is under 2000ms + ${resp}= QueryPrometheus pap_policy_deployments_seconds_sum{operation="deploy",status="SUCCESS"}/pap_policy_deployments_seconds_count{operation="deploy",status="SUCCESS"} + ${rawNumber}= Evaluate ${resp['data']['result'][0]['value'][1]} + ${actualTime}= Set Variable ${rawNumber * ${1000}} + Should Be True ${actualTime} <= ${2000} + *** Test Cases *** LoadPolicy [Documentation] Create a policy named 'onap.restart.tca' and version '1.0.0' using specific api @@ -126,3 +138,16 @@ DeletePdpGroups QueryPdpGroupsAfterDelete [Documentation] Verify PdpGroups after delete QueryPdpGroups 1 defaultGroup ACTIVE 0 null null null + +# ValidateSlaForPap +# [Documentation] Run checks against Prometheus server to check response time +# Sleep 30s +# ValidateDeploymentTime +# ValidateResponseTime pap-metrics /components/healthcheck GET 10000 +# ValidateResponseTimeForPap /healthcheck GET +# ValidateResponseTimeForPap /statistics GET +# ValidateResponseTimeForPap /policies/audit GET +# ValidateResponseTimeForPap /pdps/groups/{name} PUT +# ValidateResponseTimeForPap /pdps/policies/{name} DELETE +# ValidateResponseTimeForPap /pdps/groups/{name} DELETE +# ValidateResponseTimeForPap /pdps/groups/batch POST diff --git a/csit/run-project-csit.sh b/csit/run-project-csit.sh index a3837b03..0f15c75b 100755 --- a/csit/run-project-csit.sh +++ b/csit/run-project-csit.sh @@ -27,17 +27,18 @@ function on_exit(){ rc=$? if [[ ${WORKSPACE} ]]; then - if [[ ${WORKDIR} ]]; then - rsync -av "${WORKDIR}/" "${WORKSPACE}/csit/archives/${PROJECT}" - fi # Record list of active docker containers - docker ps + docker ps --format "table {{ .Names }}\t{{ .Status }}" # Show the logs from all containers - docker-compose -f "${WORKSPACE}/csit/docker-compose-all.yml" logs + docker-compose -f "${WORKSPACE}/csit/docker-compose-all.yml" logs > docker_compose.log # show memory consumption after all docker instances initialized docker_stats + + if [[ ${WORKDIR} ]]; then + rsync -av "${WORKDIR}/" "${WORKSPACE}/csit/archives/${PROJECT}" + fi fi # Run teardown script plan if it exists cd "${TESTPLANDIR}/plans/" @@ -57,25 +58,20 @@ function docker_stats(){ # General memory details if [ "$(uname -s)" == "Darwin" ] then - echo "> top -l1 | head -10" sh -c "top -l1 | head -10" echo else - echo "> top -bn1 | head -3" sh -c "top -bn1 | head -3" echo - echo "> free -h" sh -c "free -h" echo fi # Memory details per Docker - echo "> docker ps" - docker ps + docker ps --format "table {{ .Names }}\t{{ .Status }}" echo - echo "> docker stats --no-stream" docker stats --no-stream echo } diff --git a/csit/stop-all.sh b/csit/stop-all.sh index 4e6b0aa6..9adfcf3c 100755 --- a/csit/stop-all.sh +++ b/csit/stop-all.sh @@ -23,4 +23,4 @@ export SCRIPTS="${SCRIPTS}"/csit source "${SCRIPTS}"/get-versions.sh -docker-compose -f "${SCRIPTS}"/docker-compose-all.yml down +docker-compose -f "${SCRIPTS}"/docker-compose-all.yml down -v diff --git a/csit/wait_for_port.sh b/csit/wait_for_port.sh index 5a8be250..6dcb3cab 100755 --- a/csit/wait_for_port.sh +++ b/csit/wait_for_port.sh @@ -1,7 +1,7 @@ #!/bin/sh # ============LICENSE_START==================================================== # Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2022 Nordix Foundation. +# Modifications Copyright (C) 2022-2023 Nordix Foundation. # ============================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -64,7 +64,7 @@ do do if command -v docker > /dev/null 2>&1 then - docker ps + docker ps --format "table {{ .Names }}\t{{ .Status }}" fi nc -vz "$host" "$port" diff --git a/csit/wait_for_rest.sh b/csit/wait_for_rest.sh index bf47ccf1..a64c3063 100755 --- a/csit/wait_for_rest.sh +++ b/csit/wait_for_rest.sh @@ -54,7 +54,7 @@ do do if command -v docker > /dev/null 2>&1 then - docker ps + docker ps --format "table {{ .Names }}\t{{ .Status }}" fi curl "http://$host:$port" > /dev/null 2>&1 rc=$? diff --git a/policy-db-migrator/src/main/docker/Dockerfile b/policy-db-migrator/src/main/docker/Dockerfile index 664649cd..92f45585 100644 --- a/policy-db-migrator/src/main/docker/Dockerfile +++ b/policy-db-migrator/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ #------------------------------------------------------------------------------- # Dockerfile # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= #------------------------------------------------------------------------------- -FROM onap/policy-jdk-alpine:2.6.1-SNAPSHOT +FROM onap/policy-jre-alpine:2.6.1-SNAPSHOT LABEL maintainer="Policy Team" LABEL org.opencontainers.image.title="Policy db-migrator" @@ -35,10 +35,16 @@ ENV POLICY_ETC /opt/app/policy/etc ENV POLICY_PROFILE /opt/app/policy/etc/profile.d ENV POLICY_BIN /opt/app/policy/bin +USER root RUN apk update && \ - apk add --no-cache mariadb-client && \ - apk add postgresql-client \ - net-tools netcat-openbsd sudo less vim && \ + apk add --no-cache \ + mariadb-client \ + postgresql-client \ + net-tools \ + netcat-openbsd \ + sudo \ + less \ + vim && \ mkdir -p $POLICY_PROFILE $POLICY_BIN && \ chown -R policy:policy $POLICY_ETC $POLICY_BIN diff --git a/policy-jdk/alpine/pom.xml b/policy-jdk/alpine/pom.xml index 69f2c89a..b656b6f8 100644 --- a/policy-jdk/alpine/pom.xml +++ b/policy-jdk/alpine/pom.xml @@ -2,7 +2,7 @@ ============LICENSE_START======================================================= Copyright (C) 2019 Ericsson, Tieto. All rights reserved. Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - Modifications Copyright (C) 2022 Nordix Foundation. + Modifications Copyright (C) 2022-2023 Nordix Foundation. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -37,95 +37,8 @@ <properties> <docker.jdk.imagename>onap/policy-jdk-alpine</docker.jdk.imagename> - <integration.python.name>onap/integration-python</integration.python.name> - <integration.python.version>10.1.0</integration.python.version> </properties> - <profiles> - <profile> - <!-- This profile is activated on Apple M1 architecture to generate the ONAP base Java image locally --> - <id>baseImage</id> - <activation> - <os> - <arch>aarch64</arch> - </os> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-scm-plugin</artifactId> - <version>1.13.0</version> - <dependencies> - <dependency> - <groupId>org.codehaus.plexus</groupId> - <artifactId>plexus-utils</artifactId> - <version>3.4.2</version> - </dependency> - <dependency> - <groupId>org.apache.maven.scm</groupId> - <artifactId>maven-scm-provider-gitexe</artifactId> - <version>1.13.0</version> - </dependency> - </dependencies> - <configuration> - <connectionType>connection</connectionType> - <checkoutDirectory>src/main/resources/meta</checkoutDirectory> - </configuration> - <executions> - <execution> - <id>checkout-onap-python</id> - <phase>validate</phase> - <configuration> - <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-python</connectionUrl> - <checkoutDirectory>${project.build.directory}/onap-python</checkoutDirectory> - </configuration> - <goals> - <goal>checkout</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - - <executions> - <execution> - <id>generate-python-image</id> - <phase>initialize</phase> - <configuration> - <verbose>true</verbose> - <apiVersion>1.23</apiVersion> - <pullRegistry>${docker.pull.registry}</pullRegistry> - <pushRegistry>${docker.push.registry}</pushRegistry> - <images> - <image> - <name>${integration.python.name}</name> - <build> - <cleanup>try</cleanup> - <contextDir>${project.build.directory}/onap-python</contextDir> - <dockerFile>Dockerfile</dockerFile> - <tags> - <tag>${integration.python.version}</tag> - <tag>${integration.python.version}-${maven.build.timestamp}</tag> - <tag>${project.docker.latest.minmax.tag.version}</tag> - </tags> - </build> - </image> - </images> - </configuration> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> - <build> <finalName>${project.artifactId}-${project.version}</finalName> <plugins> @@ -169,10 +82,6 @@ <tag>${project.version}-${maven.build.timestamp}</tag> <tag>${project.docker.latest.minmax.tag.version}</tag> </tags> - <args> - <INTEGRATION_PYTHON_NAME>${integration.python.name}</INTEGRATION_PYTHON_NAME> - <INTEGRATION_PYTHON_VERSION>${integration.python.version}</INTEGRATION_PYTHON_VERSION> - </args> </build> </image> </images> @@ -205,9 +114,6 @@ <goal>build</goal> <goal>push</goal> </goals> - <configuration> - <image>${docker.jdk.imagename}</image> - </configuration> </execution> </executions> </plugin> diff --git a/policy-jdk/alpine/src/main/docker/Dockerfile b/policy-jdk/alpine/src/main/docker/Dockerfile index a8f84c0c..ab856bf4 100644 --- a/policy-jdk/alpine/src/main/docker/Dockerfile +++ b/policy-jdk/alpine/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Tieto. All rights reserved. # Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020, 2022 Nordix Foundation. +# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,19 +18,11 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# Docker file to build a base image for all policy components images -# -# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk -# more details at https://hub.docker.com/_/openjdk - -ARG INTEGRATION_PYTHON_NAME=${INTEGRATION_PYTHON_NAME} -ARG INTEGRATION_PYTHON_VERSION=${INTEGRATION_PYTHON_VERSION} - -FROM ${INTEGRATION_PYTHON_NAME}:${INTEGRATION_PYTHON_VERSION} +FROM alpine:3.17 LABEL maintainer="Policy Team" -LABEL org.opencontainers.image.title="Policy JDK Alpine" -LABEL org.opencontainers.image.description="Policy Java 11 JDK image based on Alpine" +LABEL org.opencontainers.image.title="Policy JRE Alpine" +LABEL org.opencontainers.image.description="Policy Java 11 JRE image based on Alpine" LABEL org.opencontainers.image.url="https://github.com/onap/policy-docker" LABEL org.opencontainers.image.vendor="ONAP Policy Team" LABEL org.opencontainers.image.licenses="Apache-2.0" @@ -38,32 +30,61 @@ LABEL org.opencontainers.image.created="${git.build.time}" LABEL org.opencontainers.image.version="${git.build.version}" LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}" +ENV JAVA_HOME /usr/lib/jvm/default-jvm +ENV JAVA_OPTS="-Xms256m -Xmx1g" +ENV JAVA_SEC_OPTS="" +ENV PYTHONUNBUFFERED=1 ENV POLICY_HOME=/opt/app/policy +ENV PATH $JAVA_HOME/bin:$PATH + +ARG user=onap +ARG group=onap -USER root +# Default to UTF-8 file.encoding +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' -RUN rm -rf /opt/java/openjdk \ - && mkdir -p /opt/java/openjdk \ - && mkdir -p /usr/lib/jvm/ \ - && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk \ - && apk update \ - && apk add --no-cache \ +# Generic additions +RUN apk add --no-cache \ + libretls \ + musl-locales \ + musl-locales-lang \ + openjdk11-jdk \ + openssl \ + ca-certificates && \ + rm -rf /var/cache/apk/* && \ +# ONAP additions + addgroup -S $group && \ + adduser -G $group -D $user && \ + mkdir /var/log/$user && \ + mkdir /app && \ + chown -R $user:$group /var/log/$user && \ + chown -R $user:$group /app && \ +# Policy Framework additions + apk update && \ + apk add --no-cache \ busybox-extras \ curl \ jq \ procps \ unzip \ zip \ - openjdk11 \ - && curl --fail --silent --show-error --retry 3 \ - --output /tmp/apache-maven-3.6.3-bin.tar.gz \ - https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz \ - && tar zxC /usr/share </tmp/apache-maven-3.6.3-bin.tar.gz \ - && chown -R root:root /usr/share/apache-maven-3.6.3 \ - && ln -s /usr/share/apache-maven-3.6.3/bin/mvn /usr/bin/mvn \ - && rm -f /tmp/apache-maven-3.6.3-bin.tar.gz \ - && addgroup -S policy \ - && adduser -S --shell /bin/sh -G policy policy \ - && mkdir -p ${POLICY_HOME}/ \ - && chown policy:policy ${POLICY_HOME} \ - && pip install --upgrade pip==22.0.3 + python3 && \ + rm -rf /var/cache/apk/* && \ + addgroup -S policy && \ + adduser -S --shell /bin/sh -G policy policy && \ + mkdir -p ${POLICY_HOME}/ && \ + chown policy:policy ${POLICY_HOME} && \ + mkdir -p /usr/lib/jvm/ && \ + ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm && \ + python3 -m ensurepip && \ + pip3 install --no-cache --upgrade pip setuptools + +# Install python/pip +RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python +RUN python3 -m ensurepip +RUN pip3 install --no-cache --upgrade pip setuptools + + +# Tell docker that all future commands should be run as the onap user +USER $user +WORKDIR /app diff --git a/policy-jre/alpine/pom.xml b/policy-jre/alpine/pom.xml index 21305758..1a1574bc 100644 --- a/policy-jre/alpine/pom.xml +++ b/policy-jre/alpine/pom.xml @@ -2,7 +2,7 @@ ============LICENSE_START======================================================= Copyright (C) 2019 Ericsson, Tieto. All rights reserved. Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - Modifications Copyright (C) 2022 Nordix Foundation. + Modifications Copyright (C) 2022-2023 Nordix Foundation. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -37,95 +37,8 @@ <properties> <docker.jre.imagename>onap/policy-jre-alpine</docker.jre.imagename> - <integration.java.name>onap/integration-java11</integration.java.name> - <integration.java.version>9.0.0</integration.java.version> </properties> - <profiles> - <profile> - <!-- This profile is activated on Apple M1 architecture to generate the ONAP base images locally --> - <id>baseImage</id> - <activation> - <os> - <arch>aarch64</arch> - </os> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-scm-plugin</artifactId> - <version>1.13.0</version> - <dependencies> - <dependency> - <groupId>org.codehaus.plexus</groupId> - <artifactId>plexus-utils</artifactId> - <version>3.4.2</version> - </dependency> - <dependency> - <groupId>org.apache.maven.scm</groupId> - <artifactId>maven-scm-provider-gitexe</artifactId> - <version>1.13.0</version> - </dependency> - </dependencies> - <configuration> - <connectionType>connection</connectionType> - <checkoutDirectory>src/main/resources/meta</checkoutDirectory> - </configuration> - <executions> - <execution> - <id>checkout-onap-python</id> - <phase>validate</phase> - <configuration> - <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-java11</connectionUrl> - <checkoutDirectory>${project.build.directory}/onap-java11</checkoutDirectory> - </configuration> - <goals> - <goal>checkout</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - - <executions> - <execution> - <id>generate-base-image</id> - <phase>initialize</phase> - <configuration> - <verbose>true</verbose> - <apiVersion>1.23</apiVersion> - <pullRegistry>${docker.pull.registry}</pullRegistry> - <pushRegistry>${docker.push.registry}</pushRegistry> - <images> - <image> - <name>${integration.java.name}</name> - <build> - <cleanup>try</cleanup> - <contextDir>${project.build.directory}/onap-java11</contextDir> - <dockerFile>BareAlpine.Dockerfile</dockerFile> - <tags> - <tag>${integration.java.version}</tag> - <tag>${integration.java.version}-${maven.build.timestamp}</tag> - <tag>${project.docker.latest.minmax.tag.version}</tag> - </tags> - </build> - </image> - </images> - </configuration> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> - <build> <finalName>${project.artifactId}-${project.version}</finalName> <plugins> @@ -169,10 +82,6 @@ <tag>${project.version}-${maven.build.timestamp}</tag> <tag>${project.docker.latest.minmax.tag.version}</tag> </tags> - <args> - <INTEGRATION_JAVA_NAME>${integration.java.name}</INTEGRATION_JAVA_NAME> - <INTEGRATION_JAVA_VERSION>${integration.java.version}</INTEGRATION_JAVA_VERSION> - </args> </build> </image> </images> @@ -205,9 +114,6 @@ <goal>build</goal> <goal>push</goal> </goals> - <configuration> - <image>${docker.jre.imagename}</image> - </configuration> </execution> </executions> </plugin> diff --git a/policy-jre/alpine/src/main/docker/Dockerfile b/policy-jre/alpine/src/main/docker/Dockerfile index d4fed90c..f1bf2496 100644 --- a/policy-jre/alpine/src/main/docker/Dockerfile +++ b/policy-jre/alpine/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Tieto. All rights reserved. # Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020, 2022 Nordix Foundation. +# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,15 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# Docker file to build a base image for all policy components images -# -# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk -# more details at https://hub.docker.com/_/openjdk - -ARG INTEGRATION_JAVA_NAME=${INTEGRATION_JAVA_NAME} -ARG INTEGRATION_JAVA_VERSION=${INTEGRATION_JAVA_VERSION} - -FROM ${INTEGRATION_JAVA_NAME}:${INTEGRATION_JAVA_VERSION} +FROM alpine:3.17 LABEL maintainer="Policy Team" LABEL org.opencontainers.image.title="Policy JRE Alpine" @@ -38,21 +30,53 @@ LABEL org.opencontainers.image.created="${git.build.time}" LABEL org.opencontainers.image.version="${git.build.version}" LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}" +ENV JAVA_HOME /usr/lib/jvm/default-jvm +ENV JAVA_OPTS="-Xms256m -Xmx1g" +ENV JAVA_SEC_OPTS="" ENV POLICY_HOME=/opt/app/policy +ENV PATH $JAVA_HOME/bin:$PATH -USER root +ARG user=onap +ARG group=onap -RUN apk update \ - && apk add --no-cache \ +# Default to UTF-8 file.encoding +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' + +# Generic additions +RUN apk add --no-cache \ + libretls \ + musl-locales \ + musl-locales-lang \ + openjdk11-jre \ + openssl \ + ca-certificates && \ + rm -rf /var/cache/apk/* && \ +# ONAP additions + addgroup -S $group && \ + adduser -G $group -D $user && \ + mkdir /var/log/$user && \ + mkdir /app && \ + chown -R $user:$group /var/log/$user && \ + chown -R $user:$group /app && \ +# Policy Framework additions + apk update && \ + apk add --no-cache \ busybox-extras \ curl \ jq \ procps \ unzip \ - zip \ - && addgroup -S policy \ - && adduser -S --shell /bin/sh -G policy policy \ - && mkdir -p ${POLICY_HOME}/ \ - && chown policy:policy ${POLICY_HOME} \ - && mkdir -p /usr/lib/jvm/ \ - && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk + zip && \ + rm -rf /var/cache/apk/* && \ + addgroup -S policy && \ + adduser -S --shell /bin/sh -G policy policy && \ + mkdir -p ${POLICY_HOME}/ && \ + chown policy:policy ${POLICY_HOME} && \ + mkdir -p /usr/lib/jvm/ && \ + ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm + +# Tell docker that all future commands should be run as the onap user +USER $user +WORKDIR /app + +ENTRYPOINT exec java $JAVA_SEC_OPTS $JAVA_OPTS -jar /app/app.jar |