packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

FROM openecomp/wildfly:1.0


### File Author / Maintainer
MAINTAINER "The ONAP Team"
LABEL Description="This image contains the ONAP SO" Version="1.0"

ARG http_proxy
ARG https_proxy
ENV HTTP_PROXY=$http_proxy
ENV HTTPS_PROXY=$https_proxy
ENV http_proxy=$HTTP_PROXY
ENV https_proxy=$HTTPS_PROXY

ENV CHEF_REPO_NAME="chef-repo"
ENV CHEF_CONFIG_NAME="mso-config"

USER root

### Downloading dependencies
# Install specific system libraries to fix CVE vulnerabilities
RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/apt/sources.list && \
    echo "deb http://security.ubuntu.com/ubuntu/ artful-security main restricted" >> /etc/apt/sources.list && \
    echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \
    apt-get -y update

# krb5 1.16-2build1
#   For CVE-2017-15088 CVE-2017-11462
# libvorbis 1.3.5-4ubuntu0.2
#   For CVE-2017-14632 CVE-2017-14160
# libx11 2:1.6.4-3
#    For CVE-2016-7943 CVE-2016-7942
# libxtst 1.2.3-1
#    For CVE-2016-7951
# ncurses 6.1-1ubuntu1
#    For CVE-2017-10685 CVE-2017-10684
# libsqllite3-0 3.22.0-1
#   For CVE-2017-10989
# libtiff5 4.0.8-5ubuntu0.1
#   For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331
# shadow 1:4.5-1ubuntu1
#   For CVE-2017-12424
# perl-base 5.26.0-8ubuntu1.1
#   For CVE-2015-8608 CVE-2017-12883
# openssl 1.1.0g-2ubuntu3
#   For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176
# zlib1g 1:1.2.11.dfsg-0ubuntu2
#   For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
# libexpat1 2.2.5-3
#   For CVE-2016-0718 CVE-2016-4472
# libc-bin libc6 2.26-0ubuntu2.1
#   For CVE-2018-6485
# openssl 1.1.0g-2ubuntu3
#   For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177
# libpcre3 2:8.39-5ubuntu3
#   For CVE-2016-3191 CVE-2016-1283
USER root
RUN apt-get -y install \
    libkrb5-3=1.16-2build1 krb5-locales=1.16-2build1 \
    libvorbis0a=1.3.5-4ubuntu0.2 \
    libx11-6=2:1.6.4-3 libx11-data=2:1.6.4-3 libx11-doc=2:1.6.4-3 libx11-xcb1=2:1.6.4-3 \
    libxtst6=2:1.2.3-1 \
    ncurses-base=6.1-1ubuntu1 ncurses-bin=6.1-1ubuntu1 libncurses5=6.1-1ubuntu1 libncursesw5=6.1-1ubuntu1 \
    libsqlite3-0=3.22.0-1 \
    libtiff5=4.0.8-5ubuntu0.1 \
    passwd=1:4.5-1ubuntu1 \
    perl-base=5.26.0-8ubuntu1.1 \
    zlib1g=1:1.2.11.dfsg-0ubuntu2 \
    libexpat1=2.2.5-3 \
    libc-bin=2.26-0ubuntu2.1 libc6=2.26-0ubuntu2.1 \
    openssl=1.1.0g-2ubuntu3 \
    libpcre3=2:8.39-5ubuntu3

RUN apt-get install -y netcat curl && curl -LO  https://packages.chef.io/files/stable/chefdk/2.5.3/ubuntu/16.04/chefdk_2.5.3-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y

### Install Chef
#RUN dpkg -i chefdk_0.17.17-1_amd64.deb
RUN dpkg -i chefdk_2.5.3-1_amd64.deb

COPY scripts/start-jboss-server.sh /opt/mso/scripts/start-jboss-server.sh

RUN chown jboss:jboss /opt/mso/scripts/*
RUN chmod u+rx /opt/mso/scripts/*

RUN mkdir /etc/chef
RUN chown jboss:jboss /etc/chef
RUN chmod u+xrw /etc/chef

RUN mkdir -p /etc/mso
RUN chown -R jboss:jboss /etc/mso
RUN chmod u+xrw /etc/mso

# Setup shared folder
RUN mkdir /shared
RUN chown jboss:jboss /shared

# Setup chef folders
RUN mkdir -p /var/chef/nodes
RUN chown jboss:jboss /var/chef/nodes
RUN mkdir /var/berks-cookbooks
RUN chown jboss:jboss /var/berks-cookbooks
RUN mkdir -p /home/jboss/.chef/nodes
RUN chown jboss:jboss /home/jboss/.chef/nodes

COPY chef-configs/${CHEF_REPO_NAME} /var/berks-cookbooks/${CHEF_REPO_NAME}
COPY chef-configs/${CHEF_CONFIG_NAME} /var/berks-cookbooks/${CHEF_CONFIG_NAME}
COPY chef-configs/solo.rb /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb

# Start Chef config
RUN sed "s/CHEF_REPO_NAME_TO_REPLACE/${CHEF_REPO_NAME}/g" -i /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb
RUN chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]

RUN mv /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker-init.json
RUN echo "" > /shared/mso-docker.json
RUN ln -s /shared/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json

## Create the log folder for MSO
RUN mkdir -p /var/log/ecomp/MSO/
RUN chown jboss:jboss /var/log/ecomp/MSO

### Configure Jboss WildFly
RUN mkdir -p $JBOSS_HOME/modules/mariadb/main
RUN cp mariadb-java-client-1.5.4.jar $JBOSS_HOME/modules/mariadb/main
COPY jboss-configs/modules/mariadb/main/module.xml $JBOSS_HOME/modules/mariadb/main
COPY jboss-configs/configuration/standalone-full-ha.xml $JBOSS_HOME/standalone/configuration/standalone-full-ha-mso.xml
COPY jboss-configs/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-users.properties
COPY jboss-configs/configuration/mgmt-groups.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties
COPY jboss-configs/configuration/application-users.properties $JBOSS_HOME/standalone/configuration/application-users.properties
COPY jboss-configs/configuration/application-roles.properties $JBOSS_HOME/standalone/configuration/application-roles.properties

RUN echo "JAVA_OPTS=\"\$JAVA_OPTS -Xms64m -Xmx4g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=1g -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0 -Dmso.db=MARIADB -Dmso.config.path=/etc/mso/config.d/\"" >> $JBOSS_HOME/bin/standalone.conf
RUN echo "LAUNCH_JBOSS_IN_BACKGROUND=true" >> $JBOSS_HOME/bin/standalone.conf

COPY ./maven/artifacts/* $JBOSS_HOME/standalone/deployments/

RUN mkdir -p /etc/mso/config.d/ASDC && chown -R jboss:jboss /etc/mso/config.d/ASDC && chmod u+xrw /etc/mso/config.d/ASDC

COPY wait-for.sh /

## Install heatbridge
#RUN apt-get install -y python && apt-get install -y python-pip && echo 'PIP Installed, doing upgrade' && pip install --upgrade pip
#RUN mkdir /opt/mso/heatbridge
#COPY heatbridge/heatbridge-0.3.0.dev0-py2-none-any.whl /opt/mso/heatbridge
#RUN pip install /opt/mso/heatbridge/heatbridge-0.3.0.dev0-py2-none-any.whl

### Open Ports
EXPOSE 8080

VOLUME /shared

### Start EAP
USER root
CMD ["/opt/mso/scripts/start-jboss-server.sh"]