From cba4fd1abaff7cc91861542689495564f00c9eaf Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Fri, 6 Mar 2020 17:52:04 +0100
Subject: [Docker] Revert use of Java11

But keep use of non root user

Issue-ID: SO-264
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Idde810bc130350070f65236633d4e89298d14d3b
---
 .../docker/src/main/docker/docker-files/Dockerfile.so-app | 15 ++++++++-------
 .../src/main/docker/docker-files/Dockerfile.so-base-image | 14 ++++++++++++++
 .../src/main/docker/docker-files/scripts/start-app.sh     |  4 ++--
 3 files changed, 24 insertions(+), 9 deletions(-)
 create mode 100644 packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image
 mode change 100644 => 100755 packages/docker/src/main/docker/docker-files/scripts/start-app.sh

(limited to 'packages/docker/src')

diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app
index 84bd2987e3..dc86ff8290 100644
--- a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app
+++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app
@@ -1,4 +1,4 @@
-FROM registry.gitlab.com/onap-integration/docker/onap-java
+FROM onap/so/base-image:1.0
 
 ARG http_proxy
 ENV HTTP_PROXY=$http_proxy
@@ -8,18 +8,19 @@ ENV HTTPS_PROXY=$https_proxy
 ENV https_proxy=$HTTPS_PROXY
 
 USER root
-RUN mkdir -p /app/{config,certificates,logs,ca-certificates}
-RUN chown -R onap:onap /app && chmod 700 /app/*.sh
+RUN mkdir -p /app/config
+RUN mkdir -p /app/certificates
+RUN mkdir -p /app/logs
+RUN mkdir -p /app/ca-certificates
 
-USER onap
 COPY maven/app.jar /app
 COPY configs/logging/logback-spring.xml /app
 COPY scripts/start-app.sh /app
 COPY scripts/wait-for.sh /app
 COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt
+RUN chown -R so:so /app
 
-RUN chmod 700 /app/*.sh
-
+USER so
 # Springboot configuration (required)
 VOLUME /app/config
 
@@ -27,4 +28,4 @@ VOLUME /app/config
 VOLUME /app/ca-certificates
 
 WORKDIR /app
-CMD ["/app/start-app.sh"]
+ENTRYPOINT ["/app/start-app.sh"]
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image
new file mode 100644
index 0000000000..031142f216
--- /dev/null
+++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image
@@ -0,0 +1,14 @@
+FROM docker.io/openjdk:8-jdk-alpine
+
+ARG http_proxy
+ARG https_proxy
+ENV HTTP_PROXY=$http_proxy
+ENV HTTPS_PROXY=$https_proxy
+ENV http_proxy=$HTTP_PROXY
+ENV https_proxy=$HTTPS_PROXY
+
+# Install commonly needed tools
+RUN apk --no-cache add curl netcat-openbsd nss
+
+# Create 'so' user
+RUN addgroup -g 1000 so && adduser -S -u 1000 -G so -s /bin/sh so
diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh
old mode 100644
new mode 100755
index ebab3c6ea3..74d17fc9b7
--- a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh
+++ b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh
@@ -18,7 +18,7 @@ then
 
 	# Re-exec this script as the 'onap' user.
 	this=`readlink -f $0`
-	exec su onap -c  "$this"
+	exec su so -c  "$this"
 fi
 
 touch /app/app.jar
@@ -46,7 +46,7 @@ fi
 
 if [ ${APP} = "bpmn-infra" ]; then
 	ln -s ${LOG_PATH} BPMN
-fi 
+fi
 
 if [ ${APP} = "so-monitoring" ]; then
 	ln -s ${LOG_PATH} MONITORING
-- 
cgit 1.2.3-korg