diff options
Diffstat (limited to 'packages/policy-gui-docker/src/main/docker')
9 files changed, 176 insertions, 132 deletions
diff --git a/packages/policy-gui-docker/src/main/docker/Dockerfile b/packages/policy-gui-docker/src/main/docker/Dockerfile index b19deb9..bc9ce03 100644 --- a/packages/policy-gui-docker/src/main/docker/Dockerfile +++ b/packages/policy-gui-docker/src/main/docker/Dockerfile @@ -1,6 +1,6 @@ #------------------------------------------------------------------------------- # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,19 +27,14 @@ ARG POLICY_LOGS=/var/log/onap/policy/gui ENV POLICY_LOGS=$POLICY_LOGS ENV POLICY_HOME=$POLICY_HOME/gui -RUN mkdir -p $POLICY_HOME $POLICY_LOGS $POLICY_HOME/bin $POLICY_HOME/lib && \ - chown -R policy:policy $POLICY_HOME $POLICY_LOGS && \ - apk update && \ - apk add --no-cache nginx +RUN mkdir -p $POLICY_HOME $POLICY_LOGS $POLICY_HOME/bin $POLICY_HOME/etc/ssl && \ + chown -R policy:policy $POLICY_HOME $POLICY_LOGS -COPY --chown=policy:policy etc/ /etc/ +COPY --chown=policy:policy /maven/app.jar /app/ COPY --chown=policy:policy policy-gui.sh $POLICY_HOME/bin/ -ADD --chown=policy:policy index.html /maven/gui-clamp-html.tar.gz /usr/share/nginx/html/ -RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ - ln -sf /dev/stderr /var/log/nginx/error.log && \ - touch /var/run/nginx.pid && \ - chown -R policy:policy /etc/nginx /usr/share/nginx /var/lib/nginx /var/log/nginx /var/run/nginx.pid && \ - chmod 755 $POLICY_HOME/bin/*.sh +COPY --chown=policy:policy config/application.yml $POLICY_HOME/etc/ +COPY --chown=policy:policy config/logback.xml $POLICY_HOME/etc/ +RUN chmod 755 $POLICY_HOME/bin/*.sh USER policy WORKDIR $POLICY_HOME/bin diff --git a/packages/policy-gui-docker/src/main/docker/config/application.yml b/packages/policy-gui-docker/src/main/docker/config/application.yml new file mode 100644 index 0000000..7b20d02 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/config/application.yml @@ -0,0 +1,24 @@ +server: + port: 2443 + ssl: + enabled: true + client-auth: need + key-store: file:${KEYSTORE} + key-store-password: ${KEYSTORE_PASSWD} + trust-store: file:${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWD} + +clamp: + url: https://policy-clamp-be:8443 + disable-ssl-validation: false + disable-ssl-hostname-check: true + +apex-editor: + upload-url: + upload-userid: + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus diff --git a/packages/policy-gui-docker/src/main/docker/config/logback.xml b/packages/policy-gui-docker/src/main/docker/config/logback.xml new file mode 100644 index 0000000..019ae50 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/config/logback.xml @@ -0,0 +1,119 @@ +<!-- + ============LICENSE_START======================================================= + policy-gui + ================================================================================ + Copyright (C) 2021-2022 Nordix Foundation. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <property name="logDir" value="${POLICY_LOGS}" /> + + <property name="errorLog" value="error" /> + <property name="debugLog" value="debug" /> + <property name="networkLog" value="network" /> + + <property name="debugPattern" + value="[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n" /> + <property name="errorPattern" value="${debugPattern}" /> + <property name="networkPattern" value="[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n" /> + + <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDir}/${errorLog}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logDir}/${errorLog}.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ERROR" /> + </appender> + + <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDir}/${debugLog}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logDir}/${debugLog}.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${debugPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DEBUG" /> + </appender> + + <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDir}/${networkLog}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logDir}/${networkLog}.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${networkPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NETWORK" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="asyncNetwork" /> + </logger> + + <logger name="org.apache" level="INFO"> + <appender-ref ref="DEBUG" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="INFO"> + <appender-ref ref="DEBUG" /> + </logger> + + <!-- GUI related loggers --> + <logger name="org.onap.policy.gui" level="DEBUG"> + <appender-ref ref="ERROR" /> + <appender-ref ref="DEBUG" /> + </logger> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="INFO" /> + <logger name="ch.qos.logback.core" level="INFO" /> + + <root level="INFO"> + <appender-ref ref="asyncDebug" /> + <appender-ref ref="asyncError" /> + <appender-ref ref="asyncNetwork" /> + </root> +</configuration> diff --git a/packages/policy-gui-docker/src/main/docker/etc/nginx/http.d/default.conf b/packages/policy-gui-docker/src/main/docker/etc/nginx/http.d/default.conf deleted file mode 100644 index c03894d..0000000 --- a/packages/policy-gui-docker/src/main/docker/etc/nginx/http.d/default.conf +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 2443 default ssl; - ssl_protocols TLSv1.2; - ssl_certificate /etc/ssl/clamp.pem; - ssl_certificate_key /etc/ssl/clamp.key; - ssl_verify_client optional_no_ca; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri $uri/ =404; - } - - location /clamp/restservices/clds/ { - proxy_pass https://policy-clamp-backend:8443/restservices/clds/; - proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; - } - - location = /50x.html { - root /var/lib/nginx/html; - } - error_page 500 502 503 504 /50x.html; -} diff --git a/packages/policy-gui-docker/src/main/docker/etc/nginx/nginx.conf b/packages/policy-gui-docker/src/main/docker/etc/nginx/nginx.conf deleted file mode 100644 index bb31a60..0000000 --- a/packages/policy-gui-docker/src/main/docker/etc/nginx/nginx.conf +++ /dev/null @@ -1,18 +0,0 @@ -worker_processes 1; -pid /var/run/nginx.pid; -error_log /dev/stdout warn; -events { -} -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; - keepalive_timeout 65; - #gzip on; - include /etc/nginx/conf.d/*.conf; -} diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key deleted file mode 100644 index bcbb9f1..0000000 --- a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key +++ /dev/null @@ -1,32 +0,0 @@ -Bag Attributes - friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 -Key Attributes: <No Attributes> ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCTB30nMh0hczIk -vWJo7Omg7cAHhz50NBhLB7u+60oXRGCya4SqssqqxNnNqNQQP9MmflW2q/bZepWn -8Rk23X6CLmoIUlrj8BMPkUCRqzgvlaWPSNAK5QcOp6GUvXTuX4EsaWxJhbs9Ujz2 -+qi137iNOqfAx1sUygah1kjALrqHkXDqJGvIfxU5ES0akBi/lB7A3WpE52KTioSF -JS5Kbnpj1ogffGNKyAiNqU61LcF1FjWmINat2z3ZMk/3Xm+HCDg/GLPnbh4E1KoE -10O22AMys6YGEyPvgRfrTF13DsDX52PmmUHbkSB6kwS/CeV5Uu++8b6T2IWpPyZ2 -+5ptmL+tAgMBAAECggEBAIUplzRUswWEq7mSvPqC9+YE7pLi7rGYLRhnXKdBuszv -5RQzROjFHcEkoI8fhVFiPP70FPVpMh0uZTTBrDCA0v9cwjPfQuqGmPzUdUJ5bF3M -jzICpEn5vDaNpE5ueOUcIoXyxVyhfj+/p++YfgybHy7qHN0AsYFWqEMTLLjCmbYF -pZozbAcGQoAR8PSfwuvgusuEezrhYertHsdFwlfZhDtJvnm/4YKRUVEBzuaaA7B9 -sUhnQFS8ScqiUbkAGdjfY9wOYRHnQgjtqiP8poIzLkqCNSoVctgh5Pdv4jp4HO90 -J5QC+f7m7rOoWUw8EYbRo/4C4Mckh0GQQ+oP4xzrtZECgYEA3DYALFgOEY+0RR1K -61HAKqdNy1YbeuidpCBEJEwmIbzdgO1DcJdNznbfdRlmS7VB9orwRfNbf7Hxm2w/ -/xn9USENXWx7fvDoISqSDegvEsBSq5hSEMVl3f7CfQZrYl1f6gxfe7L/jtmbn0eQ -avsr9RaUCWP794DEXKuA9pC8hVsCgYEAquy5I4hO4jNBQ6v5+omjsEgk4513/RNs -f47Md8bsDHKJMbCMKCdqM1D3J1xbgV3DgSv0yNlKdU2wenWdgQAyBtz18NBgno85 -YNanFhp1CymgLFHdLJHSOqAkzutSuCNnGTT6AKspOQvy+cuj7XsnbsxtYK3Cgw5h -Mom3RnUy9ZcCgYAnForHVEYDBgAYuI9g39z9dT8Q1dMA6SN6S6Ps0Xt/R5gF15e9 -941/FYiqr3yB+cWgrp7hu8XFD9/0F63waTuW2AgYSjZNnROHN5g/UbRxXqQOA3al -tXRUiHEbYjVTe4GX+ORF/8rvH19JUZmn87ekxII4fH/wOfIhBOxaV+yuuwKBgHtz -5Tizz/3y9TWSdkgtt6uwP+yipLKGn/v1wNrWM1G+PDdGg8TQyxTrasfkHjdu6LFY -dUHIJ85X4ZphbvRolrl8SKq5Zr+/RLsb7qy5SUZZt1Wrfysc25H6bvuA3ksfTuzW -5acr+Oc6KTGgkvMI229cebe1aONNtIhTDav3JGpbAoGAX5DQvNreqnP8qSAvUN2I -TAHXIzawR3f6vgGgVIdkHkiS2eKzs/fgP3VAK80TbrGSR8HvBcPEcR/icOn1u/e6 -tDp0j6mGt5aPKK9VQkBn94bW35T12FUbdB+L8FWWTUrfiVWJtEW8tEsKil5ac8U4 -Bn3vC5WUeKhW6v6kD4AigqE= ------END PRIVATE KEY----- diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem deleted file mode 100644 index a01b587..0000000 --- a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem +++ /dev/null @@ -1,33 +0,0 @@ -Bag Attributes - friendlyName: clamp@clamp.onap.org - localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 -subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US - -issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 - ------BEGIN CERTIFICATE----- -MIIEWDCCA0CgAwIBAgIILw1zyDGqB5IwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE -BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTIwMDIwNDEyMjM1MloXDTIxMDIwNDEyMjM1Mlow -gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl -ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y -ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV -UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMHfScyHSFzMiS9Ymjs -6aDtwAeHPnQ0GEsHu77rShdEYLJrhKqyyqrE2c2o1BA/0yZ+Vbar9tl6lafxGTbd -foIuaghSWuPwEw+RQJGrOC+VpY9I0ArlBw6noZS9dO5fgSxpbEmFuz1SPPb6qLXf -uI06p8DHWxTKBqHWSMAuuoeRcOoka8h/FTkRLRqQGL+UHsDdakTnYpOKhIUlLkpu -emPWiB98Y0rICI2pTrUtwXUWNaYg1q3bPdkyT/deb4cIOD8Ys+duHgTUqgTXQ7bY -AzKzpgYTI++BF+tMXXcOwNfnY+aZQduRIHqTBL8J5XlS777xvpPYhak/Jnb7mm2Y -v60CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB -Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze -81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ -MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUzfIed+18wgFs7E6q0b6BbMICtfsw -RwYDVR0RBEAwPoIFY2xhbXCCCmNsYW1wLW9uYXCCHWNsYW1wLmFwaS5zaW1wbGVk -ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQBizhsW -XrJ9wQy3PrBxgh90sOF15tayXPRZSFYPoQb5LhRh3IY/PvXLaSHlkgPHlCLLx36S -0/DiVf86/83ABvyaq9gJIyg/m4ntNae23OKH1AkA1aN+JCKA8yhsAzDBcRF6Aj7E -VJ+vQlSzz5oh+efP1e/8DUMd1/WwbTXvRd0Iqv/fyZunbjb82qNMrsK1mQ2q+87A -0jx9u1EdeMihP6vWiuKzlwy4mKoNT573SPpvaOkjX3yDlmf2CTQZ9vdAvjmFmVsH -1wyrNZOIgW4VjluiZfAk3mOEskrZiP/7aUXnxmNnYTpgZMbhiouLbRrTc4lLEyhx -G7A61/KGTsLZlvxb ------END CERTIFICATE----- diff --git a/packages/policy-gui-docker/src/main/docker/index.html b/packages/policy-gui-docker/src/main/docker/index.html deleted file mode 100644 index 54b07f1..0000000 --- a/packages/policy-gui-docker/src/main/docker/index.html +++ /dev/null @@ -1,12 +0,0 @@ -<!DOCTYPE html> -<html lang="en"> -<head> - <meta charset="utf-8"> - <title>ONAP Policy GUI</title> -</head> -<body> - <ul> - <li><a href="/clamp">CLAMP Designer UI</a></li> - </ul> -</body> -</html> diff --git a/packages/policy-gui-docker/src/main/docker/policy-gui.sh b/packages/policy-gui-docker/src/main/docker/policy-gui.sh index 7cdefba..02d44af 100644 --- a/packages/policy-gui-docker/src/main/docker/policy-gui.sh +++ b/packages/policy-gui-docker/src/main/docker/policy-gui.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh # # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +19,28 @@ # ============LICENSE_END========================================================= # -nginx -g "daemon off;" +JAVA_HOME=/usr/lib/jvm/java-11-openjdk/ +export KEYSTORE="${KEYSTORE:-$POLICY_HOME/etc/ssl/policy-keystore}" +export TRUSTSTORE="${TRUSTSTORE:-$POLICY_HOME/etc/ssl/policy-truststore}" +export KEYSTORE_PASSWD="${KEYSTORE_PASSWD:-Pol1cy_0nap}" +export TRUSTSTORE_PASSWD="${TRUSTSTORE_PASSWD:-Pol1cy_0nap}" + +if [ -f "${POLICY_HOME}/etc/mounted/policy-truststore" ]; then + echo "overriding policy-truststore" + cp -f "${POLICY_HOME}"/etc/mounted/policy-truststore "${TRUSTSTORE}" +fi + +if [ -f "${POLICY_HOME}/etc/mounted/policy-keystore" ]; then + echo "overriding policy-keystore" + cp -f "${POLICY_HOME}"/etc/mounted/policy-keystore "${KEYSTORE}" +fi + +if [ -f "${POLICY_HOME}/etc/mounted/logback.xml" ]; then + echo "overriding logback xml files" + cp -f "${POLICY_HOME}"/etc/mounted/logback*.xml "${POLICY_HOME}"/etc/ +fi + +$JAVA_HOME/bin/java \ + -Dlogging.config="${POLICY_HOME}/etc/logback.xml" \ + -jar /app/app.jar \ + --spring.config.location="${POLICY_HOME}/etc/application.yml" |