From cba4fd1abaff7cc91861542689495564f00c9eaf Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Fri, 6 Mar 2020 17:52:04 +0100 Subject: [Docker] Revert use of Java11 But keep use of non root user Issue-ID: SO-264 Signed-off-by: Sylvain Desbureaux Change-Id: Idde810bc130350070f65236633d4e89298d14d3b --- packages/docker/pom.xml | 45 ++++++++-------------- .../src/main/docker/docker-files/Dockerfile.so-app | 15 ++++---- .../docker/docker-files/Dockerfile.so-base-image | 14 +++++++ .../main/docker/docker-files/scripts/start-app.sh | 4 +- 4 files changed, 39 insertions(+), 39 deletions(-) create mode 100644 packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image mode change 100644 => 100755 packages/docker/src/main/docker/docker-files/scripts/start-app.sh diff --git a/packages/docker/pom.xml b/packages/docker/pom.xml index 8d95d063da..b231dedf91 100644 --- a/packages/docker/pom.xml +++ b/packages/docker/pom.xml @@ -77,16 +77,14 @@ ${docker.image.prefix}/base-image:1.0 try - docker-files - Dockerfile.so-base-image + docker-files/Dockerfile.so-base-image ${docker.image.prefix}/vnfm-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -110,8 +108,7 @@ ${docker.image.prefix}/ve-vnfm-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -135,8 +132,7 @@ ${docker.image.prefix}/catalog-db-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -160,8 +156,7 @@ ${docker.image.prefix}/request-db-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -185,8 +180,7 @@ ${docker.image.prefix}/sdnc-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -210,8 +204,7 @@ ${docker.image.prefix}/openstack-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -235,8 +228,7 @@ ${docker.image.prefix}/vfc-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -260,8 +252,7 @@ ${docker.image.prefix}/nssmf-adapter try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -285,8 +276,7 @@ ${docker.image.prefix}/so-appc-orchestrator try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -310,8 +300,7 @@ ${docker.image.prefix}/sdc-controller try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -335,8 +324,7 @@ ${docker.image.prefix}/bpmn-infra try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -360,8 +348,7 @@ ${docker.image.prefix}/api-handler-infra try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -385,8 +372,7 @@ ${docker.image.prefix}/so-monitoring try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} @@ -410,8 +396,7 @@ ${docker.image.prefix}/so-simulator try - docker-files - Dockerfile.so-app + docker-files/Dockerfile.so-app ${project.version} ${project.version}-${maven.build.timestamp} diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app index 84bd2987e3..dc86ff8290 100644 --- a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app @@ -1,4 +1,4 @@ -FROM registry.gitlab.com/onap-integration/docker/onap-java +FROM onap/so/base-image:1.0 ARG http_proxy ENV HTTP_PROXY=$http_proxy @@ -8,18 +8,19 @@ ENV HTTPS_PROXY=$https_proxy ENV https_proxy=$HTTPS_PROXY USER root -RUN mkdir -p /app/{config,certificates,logs,ca-certificates} -RUN chown -R onap:onap /app && chmod 700 /app/*.sh +RUN mkdir -p /app/config +RUN mkdir -p /app/certificates +RUN mkdir -p /app/logs +RUN mkdir -p /app/ca-certificates -USER onap COPY maven/app.jar /app COPY configs/logging/logback-spring.xml /app COPY scripts/start-app.sh /app COPY scripts/wait-for.sh /app COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt +RUN chown -R so:so /app -RUN chmod 700 /app/*.sh - +USER so # Springboot configuration (required) VOLUME /app/config @@ -27,4 +28,4 @@ VOLUME /app/config VOLUME /app/ca-certificates WORKDIR /app -CMD ["/app/start-app.sh"] +ENTRYPOINT ["/app/start-app.sh"] diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image new file mode 100644 index 0000000000..031142f216 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image @@ -0,0 +1,14 @@ +FROM docker.io/openjdk:8-jdk-alpine + +ARG http_proxy +ARG https_proxy +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + +# Install commonly needed tools +RUN apk --no-cache add curl netcat-openbsd nss + +# Create 'so' user +RUN addgroup -g 1000 so && adduser -S -u 1000 -G so -s /bin/sh so diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh old mode 100644 new mode 100755 index ebab3c6ea3..74d17fc9b7 --- a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh +++ b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh @@ -18,7 +18,7 @@ then # Re-exec this script as the 'onap' user. this=`readlink -f $0` - exec su onap -c "$this" + exec su so -c "$this" fi touch /app/app.jar @@ -46,7 +46,7 @@ fi if [ ${APP} = "bpmn-infra" ]; then ln -s ${LOG_PATH} BPMN -fi +fi if [ ${APP} = "so-monitoring" ]; then ln -s ${LOG_PATH} MONITORING -- cgit 1.2.3-korg