diff options
Diffstat (limited to 'packages/docker/src')
6 files changed, 465 insertions, 0 deletions
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app new file mode 100644 index 0000000..dc86ff8 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app @@ -0,0 +1,31 @@ +FROM onap/so/base-image:1.0 + +ARG http_proxy +ENV HTTP_PROXY=$http_proxy +ENV http_proxy=$HTTP_PROXY +ARG https_proxy +ENV HTTPS_PROXY=$https_proxy +ENV https_proxy=$HTTPS_PROXY + +USER root +RUN mkdir -p /app/config +RUN mkdir -p /app/certificates +RUN mkdir -p /app/logs +RUN mkdir -p /app/ca-certificates + +COPY maven/app.jar /app +COPY configs/logging/logback-spring.xml /app +COPY scripts/start-app.sh /app +COPY scripts/wait-for.sh /app +COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt +RUN chown -R so:so /app + +USER so +# Springboot configuration (required) +VOLUME /app/config + +# Root certificates (optional) +VOLUME /app/ca-certificates + +WORKDIR /app +ENTRYPOINT ["/app/start-app.sh"] diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image new file mode 100644 index 0000000..a1f4fc1 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image @@ -0,0 +1,19 @@ +FROM adoptopenjdk/openjdk11:jre-11.0.8_10-alpine + +ARG http_proxy +ARG https_proxy +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + +# Install commonly needed tools +RUN apk --no-cache add curl netcat-openbsd nss apache2-utils java-cacerts + +# Create symlink for default Java truststore +RUN set -eux; \ + rm -rf "$JAVA_HOME/lib/security/cacerts"; \ + ln -sT /etc/ssl/certs/java/cacerts "$JAVA_HOME/lib/security/cacerts" + +# Create 'so' user +RUN addgroup -g 1000 so && adduser -S -u 1000 -G so -s /bin/sh so diff --git a/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt b/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt new file mode 100644 index 0000000..e9a50d7 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml b/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml new file mode 100644 index 0000000..ad5fe30 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml @@ -0,0 +1,199 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2021 Nordix Foundation. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= + --> +<configuration scan="true" debug="false"> + <contextListener class="org.onap.so.logger.LoggerStartupListener" /> + <include resource="org/springframework/boot/logging/logback/defaults.xml" /> + + <property name="queueSize" value="256" /> + <property name="maxFileSize" value="200MB" /> + <property name="maxHistory" value="30" /> + <property name="totalSizeCap" value="10GB" /> + + <!-- log file names --> + <property name="errorLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="currentTimeStamp" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX",UTC}" /> + + <property name="errorPattern" + value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode:-500}|%X{ErrorDesc}|%msg%n" /> + + <property name="debugPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%logger{50} - %msg%n" /> + + <property name="auditPattern" + value="%X{EntryTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%marker|%mdc|||%msg%n" /> + + <property name="metricPattern" + value="%X{InvokeTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|%marker|%mdc|||%msg%n" /> + + <property name="defaultPattern" + value="%nopexception%logger + \t%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC} + \t%level + \t%replace(%replace(%message){'\t','\\\\t'}){'\n','\\\\n'} + \t%replace(%replace(%mdc){'\t','\\\\t'}){'\n','\\\\n'} + \t%replace(%replace(%rootException){'\t','\\\\t'}){'\n','\\\\n'} + \t%replace(%replace(%marker){'\t','\\\\t'}){'\n','\\\\n'} + \t%thread + \t%n" /> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + + <appender name="Audit" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>EXIT</marker> + </evaluator> + <onMismatch>DENY</onMismatch> + <onMatch>ACCEPT</onMatch> + </filter> + <file>${logs_dir:-.}/${auditLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logs_dir:-.}/${auditLogName}.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>${maxFileSize}</maxFileSize> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${auditPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="Audit" /> + </appender> + + <appender name="Metric" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>INVOKE-RETURN</marker> + </evaluator> + <onMismatch>DENY</onMismatch> + <onMatch>ACCEPT</onMatch> + </filter> + <file>${logs_dir:-.}/${metricsLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logs_dir:-.}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>${maxFileSize}</maxFileSize> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${metricPattern}</pattern> + </encoder> + </appender> + + + <appender name="asyncMetric" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="Metric" /> + </appender> + + <appender name="Error" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <file>${logs_dir:-.}/${errorLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logs_dir:-.}/${errorLogName}.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>${maxFileSize}</maxFileSize> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="Error" /> + </appender> + + <appender name="Debug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>INVOKE</marker> + <marker>INVOKE-RETURN</marker> + <marker>ENTRY</marker> + <marker>EXIT</marker> + </evaluator> + <onMismatch>ACCEPT</onMismatch> + <onMatch>DENY</onMatch> + </filter> + <file>${logs_dir:-.}/${debugLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logs_dir:-.}/${debugLogName}.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>${maxFileSize}</maxFileSize> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${debugPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="Debug" /> + <includeCallerData>true</includeCallerData> + </appender> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" /> + <logger name="org.springframework.security.authentication.dao.DaoAuthenticationProvider" level="DEBUG" /> + + <logger name="org.apache.wire" level="DEBUG" /> + <logger name="org.onap" level="DEBUG" /> + + <logger name="org.apache.cxf.interceptor" level="DEBUG" /> + + <logger name="org.reflections" level="ERROR" /> + + <logger name="AUDIT" level="INFO" additivity="false"> + <appender-ref ref="asyncAudit" /> + </logger> + + <logger name="METRIC" level="INFO" additivity="false"> + <appender-ref ref="asyncMetric" /> + </logger> + + <root level="INFO"> + <appender-ref ref="asyncDebug" /> + <appender-ref ref="asyncError" /> + <appender-ref ref="asyncAudit" /> + <appender-ref ref="asyncMetric" /> + <appender-ref ref="STDOUT" /> + </root> + +</configuration>
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh new file mode 100755 index 0000000..c08fcb8 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +if [ `id -u` = 0 ] +then + # Install certificates found in the /app/ca-certificates volume, if any. + + needUpdate=FALSE + + for certificate in `ls -1 /app/ca-certificates`; do + echo "Installing $certificate in /usr/local/share/ca-certificates" + cp /app/ca-certificates/$certificate /usr/local/share/ca-certificates/$certificate + needUpdate=TRUE + done + + if [ $needUpdate = TRUE ]; then + update-ca-certificates --fresh + fi + + # Re-exec this script as the 'onap' user. + this=`readlink -f $0` + exec su so -c "$this" +fi + +touch /app/app.jar + +if [ -z "$APP" ]; then + echo "CONFIG ERROR: APP environment variable not set" + exit 1 +fi + +if [ ! -z "$DB_HOST" -a -z "$DB_PORT" ]; then + export DB_PORT=3306 +fi + +if [ -z "${CONFIG_PATH}" ]; then + export CONFIG_PATH=/app/config/override.yaml +fi + +if [ -z "${LOG_PATH}" ]; then + export LOG_PATH="logs/${APP}" +fi + +if [ "${SSL_DEBUG}" = "log" ]; then + export SSL_DEBUG="-Djavax.net.debug=all" +else + export SSL_DEBUG= +fi + +# Set java keystore and truststore options, if specified in the environment. + +jksargs= + +if [ ! -z "${KEYSTORE}" ]; then + jksargs="$jksargs -Dmso.load.ssl.client.keystore=true" + jksargs="$jksargs -Djavax.net.ssl.keyStore=$KEYSTORE" + jksargs="$jksargs -Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASSWORD}" +fi + +if [ ! -z "${TRUSTSTORE}" ]; then + jksargs="$jksargs -Djavax.net.ssl.trustStore=${TRUSTSTORE}" + jksargs="$jksargs -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD}" +fi + +if [ -z "${ACTIVE_PROFILE}" ]; then + export ACTIVE_PROFILE="basic" +fi + +jvmargs="${JVM_ARGS} -Dspring.profiles.active=${ACTIVE_PROFILE} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}" + + +read_properties(){ + while IFS="=" read -r key value; do + case "${key}" in + '#'*) ;; + *) + eKey=$(echo $key | tr '[:lower:]' '[:upper:]') + export "$eKey"="$value" + esac + done <<-EOF + $1 + EOF +} + +if [ -n "${AAF_SSL_CERTS_ENABLED}" ]; then +read_properties "$(head -n 4 /app/certs/.passphrases)" +fi + +echo "JVM Arguments: ${jvmargs}" + +java ${jvmargs} -jar app.jar +rc=$? + +echo "Application exiting with status code $rc" + +if [ ! -z "${EXIT_DELAY}" -a "${EXIT_DELAY}" != 0 ]; then + echo "Delaying $APP exit for $EXIT_DELAY seconds" + sleep $EXIT_DELAY +fi + +exit $rc
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/scripts/wait-for.sh b/packages/docker/src/main/docker/docker-files/scripts/wait-for.sh new file mode 100755 index 0000000..2525821 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/scripts/wait-for.sh @@ -0,0 +1,85 @@ +#!/bin/sh +# https://github.com/Eficode/wait-for.git +# MIT License + +TIMEOUT=15 +QUIET=0 + +echoerr() { + if [ "$QUIET" -ne 1 ]; then printf "%s\n" "$*" 1>&2; fi +} + +usage() { + exitcode="$1" + cat << USAGE >&2 +Usage: + $cmdname host:port [-t timeout] [-- command args] + -q | --quiet Do not output any status messages + -t TIMEOUT | --timeout=timeout Timeout in seconds, zero for no timeout + -- COMMAND ARGS Execute command with args after the test finishes +USAGE + exit "$exitcode" +} + +wait_for() { + command="$*" + if [ "$QUIET" -ne 1 ]; then echo "$0: probing host $HOST port $PORT"; fi + for i in `seq $TIMEOUT` ; do + nc -z "$HOST" "$PORT" > /dev/null 2>&1 + result=$? + if [ $result -eq 0 ] ; then + if [ "$QUIET" -ne 1 ]; then echo "$0: operation succeeded on try $i"; fi + if [ -n "$command" ] ; then + if [ "$QUIET" -ne 1 ]; then echo "$0: exec-ing command $command"; fi + exec $command + fi + exit 0 + fi + if [ "$QUIET" -ne 1 ]; then echo "$0: sleeping after try $i"; fi + sleep 1 + done + echo "$0: Operation timed out" >&2 + exit 1 +} + +while [ $# -gt 0 ] +do + case "$1" in + *:* ) + HOST=$(printf "%s\n" "$1"| cut -d : -f 1) + PORT=$(printf "%s\n" "$1"| cut -d : -f 2) + shift 1 + ;; + -q | --quiet) + QUIET=1 + shift 1 + ;; + -t) + TIMEOUT="$2" + if [ "$TIMEOUT" = "" ]; then break; fi + shift 2 + ;; + --timeout=*) + TIMEOUT="${1#*=}" + shift 1 + ;; + --) + shift + break + ;; + --help) + usage 0 + ;; + *) + echoerr "Unknown argument: $1" + usage 1 + ;; + esac +done + +if [ "$HOST" = "" -o "$PORT" = "" ]; then + echoerr "Error: you need to provide a host and port to test." + usage 2 +fi + +wait_for "$@" |