From 886c4c67bcfb7a6b1eda33928d2e7b6ec98fbead Mon Sep 17 00:00:00 2001 From: "waqas.ikram" Date: Thu, 11 Feb 2021 10:23:44 +0000 Subject: Adding docker packaging module Change-Id: I817d26d8f63e42a962512faba2bc515f5d8dfe06 Issue-ID: SO-3473 Signed-off-by: waqas.ikram --- packages/docker/pom.xml | 118 ++++++++++++ .../src/main/docker/docker-files/Dockerfile.so-app | 31 ++++ .../docker/docker-files/Dockerfile.so-base-image | 19 ++ .../docker-files/ca-certificates/onap-ca.crt | 31 ++++ .../configs/logging/logback-spring.xml | 201 +++++++++++++++++++++ .../main/docker/docker-files/scripts/start-app.sh | 100 ++++++++++ .../main/docker/docker-files/scripts/wait-for.sh | 85 +++++++++ packages/pom.xml | 33 ++++ pom.xml | 1 + 9 files changed, 619 insertions(+) create mode 100644 packages/docker/pom.xml create mode 100644 packages/docker/src/main/docker/docker-files/Dockerfile.so-app create mode 100644 packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image create mode 100644 packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt create mode 100644 packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml create mode 100644 packages/docker/src/main/docker/docker-files/scripts/start-app.sh create mode 100644 packages/docker/src/main/docker/docker-files/scripts/wait-for.sh create mode 100644 packages/pom.xml diff --git a/packages/docker/pom.xml b/packages/docker/pom.xml new file mode 100644 index 0000000..531ffb6 --- /dev/null +++ b/packages/docker/pom.xml @@ -0,0 +1,118 @@ + + 4.0.0 + + org.onap.so.so-etsi-nfvo + packages + 1.7.1-SNAPSHOT + + org.onap.so.so-etsi-nfvo.packages + docker + pom + SO ETSI NFVO Docker Packaging + + + false + false + false + onap/so + deploy + + + ${project.artifactId}-${project.version} + + + io.fabric8 + docker-maven-plugin + + true + 1.23 + ${docker.pull.registry} + ${docker.push.registry} + + + ${docker.image.prefix}/base-image:1.0 + + try + docker-files/Dockerfile.so-base-image + + + + ${docker.image.prefix}/so-etsi-nfvo-ns-lcm + + try + docker-files/Dockerfile.so-app + + ${project.version} + ${project.version}-${maven.build.timestamp} + + + + + + + org.onap.so.so-etsi-nfvo.ns.lcm:so-etsi-nfvo-ns-lcm-application + + app.jar + + + + + + + + + + + + clean-images + pre-clean + + remove + + + true + + + + + generate-images + generate-sources + + build + + + + + push-images + ${docker.push.phase} + + build + push + + + ${docker.image.prefix}/so-etsi-nfvo-ns-lcm + + + + + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + + + + + org.onap.so.so-etsi-nfvo.ns.lcm + so-etsi-nfvo-ns-lcm-application + ${project.version} + + + + \ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app new file mode 100644 index 0000000..dc86ff8 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app @@ -0,0 +1,31 @@ +FROM onap/so/base-image:1.0 + +ARG http_proxy +ENV HTTP_PROXY=$http_proxy +ENV http_proxy=$HTTP_PROXY +ARG https_proxy +ENV HTTPS_PROXY=$https_proxy +ENV https_proxy=$HTTPS_PROXY + +USER root +RUN mkdir -p /app/config +RUN mkdir -p /app/certificates +RUN mkdir -p /app/logs +RUN mkdir -p /app/ca-certificates + +COPY maven/app.jar /app +COPY configs/logging/logback-spring.xml /app +COPY scripts/start-app.sh /app +COPY scripts/wait-for.sh /app +COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt +RUN chown -R so:so /app + +USER so +# Springboot configuration (required) +VOLUME /app/config + +# Root certificates (optional) +VOLUME /app/ca-certificates + +WORKDIR /app +ENTRYPOINT ["/app/start-app.sh"] diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image new file mode 100644 index 0000000..a1f4fc1 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-base-image @@ -0,0 +1,19 @@ +FROM adoptopenjdk/openjdk11:jre-11.0.8_10-alpine + +ARG http_proxy +ARG https_proxy +ENV HTTP_PROXY=$http_proxy +ENV HTTPS_PROXY=$https_proxy +ENV http_proxy=$HTTP_PROXY +ENV https_proxy=$HTTPS_PROXY + +# Install commonly needed tools +RUN apk --no-cache add curl netcat-openbsd nss apache2-utils java-cacerts + +# Create symlink for default Java truststore +RUN set -eux; \ + rm -rf "$JAVA_HOME/lib/security/cacerts"; \ + ln -sT /etc/ssl/certs/java/cacerts "$JAVA_HOME/lib/security/cacerts" + +# Create 'so' user +RUN addgroup -g 1000 so && adduser -S -u 1000 -G so -s /bin/sh so diff --git a/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt b/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt new file mode 100644 index 0000000..e9a50d7 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/ca-certificates/onap-ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml b/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml new file mode 100644 index 0000000..4b33e2d --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml @@ -0,0 +1,201 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ${errorPattern} + + + + + + + EXIT + + DENY + ACCEPT + + ${logs_dir:-.}/${auditLogName}.log + + ${logs_dir:-.}/${auditLogName}.%d{yyyy-MM-dd}.%i.log.zip + + ${maxFileSize} + ${maxHistory} + ${totalSizeCap} + + + ${auditPattern} + + + + + 256 + + + + + + + INVOKE-RETURN + + DENY + ACCEPT + + ${logs_dir:-.}/${metricsLogName}.log + + ${logs_dir:-.}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log.zip + + ${maxFileSize} + ${maxHistory} + ${totalSizeCap} + + + ${metricPattern} + + + + + + 256 + + + + + + ERROR + ACCEPT + DENY + + ${logs_dir:-.}/${errorLogName}.log + + ${logs_dir:-.}/${errorLogName}.%d{yyyy-MM-dd}.%i.log.zip + + ${maxFileSize} + ${maxHistory} + ${totalSizeCap} + + + ${errorPattern} + + + + + 256 + + + + + + + INVOKE + INVOKE-RETURN + ENTRY + EXIT + + ACCEPT + DENY + + ${logs_dir:-.}/${debugLogName}.log + + ${logs_dir:-.}/${debugLogName}.%d{yyyy-MM-dd}.%i.log.zip + + ${maxFileSize} + ${maxHistory} + ${totalSizeCap} + + + ${debugPattern} + + + + + 256 + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh new file mode 100644 index 0000000..fa2a6ec --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +if [ `id -u` = 0 ] +then + # Install certificates found in the /app/ca-certificates volume, if any. + + needUpdate=FALSE + + for certificate in `ls -1 /app/ca-certificates`; do + echo "Installing $certificate in /usr/local/share/ca-certificates" + cp /app/ca-certificates/$certificate /usr/local/share/ca-certificates/$certificate + needUpdate=TRUE + done + + if [ $needUpdate = TRUE ]; then + update-ca-certificates --fresh + fi + + # Re-exec this script as the 'onap' user. + this=`readlink -f $0` + exec su so -c "$this" +fi + +touch /app/app.jar + +if [ -z "$APP" ]; then + echo "CONFIG ERROR: APP environment variable not set" + exit 1 +fi + +if [ ! -z "$DB_HOST" -a -z "$DB_PORT" ]; then + export DB_PORT=3306 +fi + +if [ -z "${CONFIG_PATH}" ]; then + export CONFIG_PATH=/app/config/override.yaml +fi + +if [ -z "${LOG_PATH}" ]; then + export LOG_PATH="logs/${APP}" +fi + +if [ "${SSL_DEBUG}" = "log" ]; then + export SSL_DEBUG="-Djavax.net.debug=all" +else + export SSL_DEBUG= +fi + +# Set java keystore and truststore options, if specified in the environment. + +jksargs= + +if [ ! -z "${KEYSTORE}" ]; then + jksargs="$jksargs -Dmso.load.ssl.client.keystore=true" + jksargs="$jksargs -Djavax.net.ssl.keyStore=$KEYSTORE" + jksargs="$jksargs -Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASSWORD}" +fi + +if [ ! -z "${TRUSTSTORE}" ]; then + jksargs="$jksargs -Djavax.net.ssl.trustStore=${TRUSTSTORE}" + jksargs="$jksargs -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD}" +fi + +if [ -z "${ACTIVE_PROFILE}" ]; then + export ACTIVE_PROFILE="basic" +fi + +jvmargs="${JVM_ARGS} -Dspring.profiles.active=${ACTIVE_PROFILE} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}" + + +read_properties(){ + while IFS="=" read -r key value; do + case "${key}" in + '#'*) ;; + *) + eKey=$(echo $key | tr '[:lower:]' '[:upper:]') + export "$eKey"="$value" + esac + done <<-EOF + $1 + EOF +} + +if [ -n "${AAF_SSL_CERTS_ENABLED}" ]; then +read_properties "$(head -n 4 /app/certs/.passphrases)" +fi + +echo "JVM Arguments: ${jvmargs}" + +java ${jvmargs} -jar app.jar +rc=$? + +echo "Application exiting with status code $rc" + +if [ ! -z "${EXIT_DELAY}" -a "${EXIT_DELAY}" != 0 ]; then + echo "Delaying $APP exit for $EXIT_DELAY seconds" + sleep $EXIT_DELAY +fi + +exit $rc diff --git a/packages/docker/src/main/docker/docker-files/scripts/wait-for.sh b/packages/docker/src/main/docker/docker-files/scripts/wait-for.sh new file mode 100644 index 0000000..2525821 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/scripts/wait-for.sh @@ -0,0 +1,85 @@ +#!/bin/sh +# https://github.com/Eficode/wait-for.git +# MIT License + +TIMEOUT=15 +QUIET=0 + +echoerr() { + if [ "$QUIET" -ne 1 ]; then printf "%s\n" "$*" 1>&2; fi +} + +usage() { + exitcode="$1" + cat << USAGE >&2 +Usage: + $cmdname host:port [-t timeout] [-- command args] + -q | --quiet Do not output any status messages + -t TIMEOUT | --timeout=timeout Timeout in seconds, zero for no timeout + -- COMMAND ARGS Execute command with args after the test finishes +USAGE + exit "$exitcode" +} + +wait_for() { + command="$*" + if [ "$QUIET" -ne 1 ]; then echo "$0: probing host $HOST port $PORT"; fi + for i in `seq $TIMEOUT` ; do + nc -z "$HOST" "$PORT" > /dev/null 2>&1 + result=$? + if [ $result -eq 0 ] ; then + if [ "$QUIET" -ne 1 ]; then echo "$0: operation succeeded on try $i"; fi + if [ -n "$command" ] ; then + if [ "$QUIET" -ne 1 ]; then echo "$0: exec-ing command $command"; fi + exec $command + fi + exit 0 + fi + if [ "$QUIET" -ne 1 ]; then echo "$0: sleeping after try $i"; fi + sleep 1 + done + echo "$0: Operation timed out" >&2 + exit 1 +} + +while [ $# -gt 0 ] +do + case "$1" in + *:* ) + HOST=$(printf "%s\n" "$1"| cut -d : -f 1) + PORT=$(printf "%s\n" "$1"| cut -d : -f 2) + shift 1 + ;; + -q | --quiet) + QUIET=1 + shift 1 + ;; + -t) + TIMEOUT="$2" + if [ "$TIMEOUT" = "" ]; then break; fi + shift 2 + ;; + --timeout=*) + TIMEOUT="${1#*=}" + shift 1 + ;; + --) + shift + break + ;; + --help) + usage 0 + ;; + *) + echoerr "Unknown argument: $1" + usage 1 + ;; + esac +done + +if [ "$HOST" = "" -o "$PORT" = "" ]; then + echoerr "Error: you need to provide a host and port to test." + usage 2 +fi + +wait_for "$@" diff --git a/packages/pom.xml b/packages/pom.xml new file mode 100644 index 0000000..8cf98aa --- /dev/null +++ b/packages/pom.xml @@ -0,0 +1,33 @@ + + 4.0.0 + + org.onap.so.so-etsi-nfvo + so-etsi-nfvo + 1.7.1-SNAPSHOT + + packages + pom + SO ETSI NFVO Packages + + + + + default + + true + + + + + docker + + docker + + + + false + + + + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 01545c1..5c1a78f 100644 --- a/pom.xml +++ b/pom.xml @@ -49,5 +49,6 @@ so-etsi-nfvo-ns-lcm + packages \ No newline at end of file -- cgit 1.2.3-korg