summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoryangyan <yangyanyj@chinamobile.com>2020-03-04 12:55:24 +0800
committeryangyan <yangyanyj@chinamobile.com>2020-03-04 12:55:52 +0800
commit93fd34edb7727e27524529fcdcc3c7811561a7ef (patch)
treecbb71161643abe3693bc1148307a7c9b62e9dc43
parentf4e1e0bf77e2777e5e9786acf2d7b6c7257cced2 (diff)
Change gvnfm of juju pod startup to non root
Change-Id: Iebca22ee2174a7c49b7e143a8733ac09fc34e154 Issue-ID: VFC-1637 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
Diffstat
-rw-r--r--juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile44
-rw-r--r--juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh2
-rw-r--r--juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh55
3 files changed, 61 insertions, 40 deletions
diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile
index ea863fa..cc683c8 100644
--- a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile
@@ -1,46 +1,12 @@
FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
ENV JAVA_HOME /usr/lib/jvm/jre
-
+ENV CATALINA_HOME /service
+ADD . /service
WORKDIR /service
-
-# Set up mysql
-RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm
-RUN yum -y update
-RUN yum -y install -y mysql-server
-RUN mysql_install_db --user=mysql --datadir=/var/lib/mysql
-
+RUN bash docker-env-config.sh
VOLUME /var/lib/mysql
-COPY init-mysql.sh .
-
-# 30-tomcat.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY
-# Set up tomcat
-RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && rm -f apache-tomcat-8.5.30.tar.gz && rm -rf webapps && mkdir -p webapps/ROOT
-RUN echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
-ENV CATALINA_HOME /service
-
-# Set up microservice
-RUN wget -q -O vfc-gvnfm-jujudriver.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.vnfm.gvnfm&a=juju-vnfmadapterservice-deployment&v=LATEST&e=zip" && unzip -q -o -B vfc-gvnfm-jujudriver.zip && rm -f vfc-gvnfm-jujudriver.zip
-# Set permissions
-RUN find . -type d -exec chmod o-w {} \;
-RUN find . -name "*.sh" -exec chmod +x {} \;
EXPOSE 8483
-
-# 90-entrypoint.txt
-RUN yum clean all
-
-COPY instance-config.sh .
-COPY instance-init.sh .
-COPY instance-run.sh .
-COPY instance-workaround.sh .
-COPY docker-entrypoint.sh .
+USER onap
+WORKDIR /service
ENTRYPOINT /service/docker-entrypoint.sh
-
-COPY LICENSE ./ONAP_LICENSE
diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh
index cdcf196..9b97fc0 100644
--- a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh
@@ -41,7 +41,7 @@ echo
./instance-config.sh
# Start mysql
-su mysql -c /usr/bin/mysqld_safe &
+sudo su mysql -c /usr/bin/mysqld_safe &
# Perform one-time config
if [ ! -e init.log ]; then
diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
new file mode 100644
index 0000000..8b6b4f7
--- /dev/null
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+install_sf(){
+
+ sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+ sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+ yum update -y
+
+ yum install -y wget unzip socat java-1.8.0-openjdk-headless
+ sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+ # Set up mysql
+ wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && \
+ rpm -ivh mysql-community-release-el7-5.noarch.rpm && \
+ rm -f mysql-community-release-el7-5.noarch.rpm
+ yum -y update
+ yum -y install mysql-server
+ mysql_install_db --user=mysql --datadir=/var/lib/mysql
+
+ # Set up tomcat
+ wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
+ tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
+ rm -f apache-tomcat-8.5.30.tar.gz && \
+ rm -rf webapps && \
+ mkdir -p webapps/ROOT
+ echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
+
+ # Set up microservice
+ wget -q -O vfc-gvnfm-jujudriver.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.vnfm.gvnfm&a=juj
+u-vnfmadapterservice-deployment&v=LATEST&e=zip" && \
+ unzip -q -o -B vfc-gvnfm-jujudriver.zip && \
+ rm -f vfc-gvnfm-jujudriver.zip
+ # Set permissions
+ find . -type d -exec chmod o-w {} \;
+ find . -name "*.sh" -exec chmod +x {} \;
+}
+
+add_user(){
+
+ useradd onap
+ yum -y install sudo
+ chmod u+x /etc/sudoers
+ sed -i '/Same thing without a password/a\onap ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
+ chmod u-x /etc/sudoers
+ chown onap:onap -R /service
+}
+
+clean_sf_cache(){
+
+ yum clean all
+}
+
+install_sf
+wait
+add_user
+clean_sf_cache