diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-06 17:52:04 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-10 13:22:19 +0100 |
commit | cba4fd1abaff7cc91861542689495564f00c9eaf (patch) | |
tree | 9bedb9383ce8398a1c42c22a1d2a55f1ce4eb12c /packages/docker/src/main | |
parent | 4d1e251ebcde26583cc85abef7b6909e9808771c (diff) |
[Docker] Revert use of Java11
But keep use of non root user
Issue-ID: SO-264
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idde810bc130350070f65236633d4e89298d14d3b
Diffstat (limited to 'packages/docker/src/main')
-rw-r--r-- | packages/docker/src/main/docker/docker-files/Dockerfile.so-app | 15 | ||||
-rw-r--r-- | packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image | 14 | ||||
-rwxr-xr-x[-rw-r--r--] | packages/docker/src/main/docker/docker-files/scripts/start-app.sh | 4 |
3 files changed, 24 insertions, 9 deletions
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app index 84bd2987e3..dc86ff8290 100644 --- a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app @@ -1,4 +1,4 @@ -FROM registry.gitlab.com/onap-integration/docker/onap-java +FROM onap/so/base-image:1.0 ARG http_proxy ENV HTTP_PROXY=$http_proxy @@ -8,18 +8,19 @@ ENV HTTPS_PROXY=$https_proxy ENV https_proxy=$HTTPS_PROXY USER root -RUN mkdir -p /app/{config,certificates,logs,ca-certificates} -RUN chown -R onap:onap /app && chmod 700 /app/*.sh +RUN mkdir -p /app/config +RUN mkdir -p /app/certificates +RUN mkdir -p /app/logs +RUN mkdir -p /app/ca-certificates -USER onap COPY maven/app.jar /app COPY configs/logging/logback-spring.xml /app COPY scripts/start-app.sh /app COPY scripts/wait-for.sh /app COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt +RUN chown -R so:so /app -RUN chmod 700 /app/*.sh - +USER so # Springboot configuration (required) VOLUME /app/config @@ -27,4 +28,4 @@ VOLUME /app/config VOLUME /app/ca-certificates WORKDIR /app -CMD ["/app/start-app.sh"] +ENTRYPOINT ["/app/start-app.sh"] diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image new file mode 100644 index 0000000000..031142f216 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image @@ -0,0 +1,14 @@ +FROM docker.io/openjdk:8-jdk-alpine + +ARG http_proxy +ARG https_proxy +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + +# Install commonly needed tools +RUN apk --no-cache add curl netcat-openbsd nss + +# Create 'so' user +RUN addgroup -g 1000 so && adduser -S -u 1000 -G so -s /bin/sh so diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh index ebab3c6ea3..74d17fc9b7 100644..100755 --- a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh +++ b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh @@ -18,7 +18,7 @@ then # Re-exec this script as the 'onap' user. this=`readlink -f $0` - exec su onap -c "$this" + exec su so -c "$this" fi touch /app/app.jar @@ -46,7 +46,7 @@ fi if [ ${APP} = "bpmn-infra" ]; then ln -s ${LOG_PATH} BPMN -fi +fi if [ ${APP} = "so-monitoring" ]; then ln -s ${LOG_PATH} MONITORING |