Change multivimproxy pod startup to non root

Change-Id: I4d6c97a61984f7cdc8fd261ab7b8387fed1b4d8b Issue-ID: VFC-1637 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
author: yangyan <yangyanyj@chinamobile.com> 2020-03-04 10:32:14 +0800
committer: Yan Yang <yangyanyj@chinamobile.com> 2020-03-04 02:33:19 +0000
commit: 3a9df1e72e715d9a5955b4d6e16ddc402a629d1c (patch)
tree: 7b209a6d39ff339b917bacdcdd559a0d09b998ab
parent: 8f96213a409b413ac3fc19ba1294c5c3900b10b6 (diff)
2 files changed, 54 insertions, 52 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 5c7ef14..0fed968 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,59 +1,12 @@
-#
-# This file was auto-generated by gen-all-dockerfiles.sh; do not modify manually.
-#
-# nfvo-multivimproxy/target/Dockerfile
-#
-
-# 10-basebuild.txt
-
 FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
 ENV JAVA_HOME /usr/lib/jvm/jre
-
-WORKDIR /service
-
-# 20-mysql.txt
-
-# Set up mysql
-#RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm
-#RUN yum -y update
-#RUN yum -y install -y mysql-server
-#RUN mysql_install_db --user=mysql --datadir=/var/lib/mysql
-#COPY init-mysql.sh .
-
-# 30-tomcat.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY
-# Set up tomcat
-RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && rm -f apache-tomcat-8.5.30.tar.gz && rm -rf webapps && mkdir -p webapps/ROOT
-RUN echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
 ENV CATALINA_HOME /service
 
-# 50-microservice.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY
-
-# Set up microservice
+ADD . /service
+WORKDIR /service
+RUN bash docker-env-config.sh
 
-RUN wget -q -O nfvo-multivimproxy.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.multivimproxy&a=vfc-nfvo-multivimproxy-deployment&v=LATEST&e=zip" && unzip -q -o -B nfvo-multivimproxy.zip && rm -f nfvo-multivimproxy.zip
-# Set permissions
-RUN find . -type d -exec chmod o-w {} \;
-RUN find . -name "*.sh" -exec chmod +x {} \;
 EXPOSE 8486
-
-
-
-# 90-entrypoint.txt
-
-RUN yum clean all
-
-COPY instance-config.sh .
-COPY instance-init.sh .
-COPY instance-run.sh .
-COPY instance-workaround.sh .
-COPY docker-entrypoint.sh .
+USER onap
+WORKDIR /service
 ENTRYPOINT /service/docker-entrypoint.sh
-
-COPY LICENSE ./ONAP_LICENSE
diff --git a/docker/docker-env-config.sh b/docker/docker-env-config.sh
new file mode 100644
index 0000000..19e25db
--- /dev/null
+++ b/docker/docker-env-config.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+install_sf(){
+
+        sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+        sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+        yum update -y
+
+        yum install -y wget unzip socat java-1.8.0-openjdk-headless
+        sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+        # Set up tomcat
+        wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
+             tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
+             rm -f apache-tomcat-8.5.30.tar.gz && \
+             rm -rf webapps && \
+             mkdir -p webapps/ROOT
+        echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
+
+        # Set up microservice
+        wget -q -O nfvo-multivimproxy.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.multivimproxy&a=vfc-nfvo-
+multivimproxy-deployment&v=LATEST&e=zip" && \
+             unzip -q -o -B nfvo-multivimproxy.zip && \
+             rm -f nfvo-multivimproxy.zip
+
+        # Set permissions
+        find . -type d -exec chmod o-w {} \;
+        find . -name "*.sh" -exec chmod +x {} \;
+
+}
+
+add_user(){
+
+        useradd onap
+        yum -y install sudo
+        chmod u+x /etc/sudoers
+        sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
+        chmod u-x /etc/sudoers
+        chown onap:onap -R /service
+}
+
+clean_sf_cache(){
+
+        yum clean all
+}
+
+install_sf
+wait
+add_user
+clean_sf_cache
author	yangyan <yangyanyj@chinamobile.com>	2020-03-04 10:32:14 +0800
committer	Yan Yang <yangyanyj@chinamobile.com>	2020-03-04 02:33:19 +0000
commit	3a9df1e72e715d9a5955b4d6e16ddc402a629d1c (patch)
tree	7b209a6d39ff339b917bacdcdd559a0d09b998ab
parent	8f96213a409b413ac3fc19ba1294c5c3900b10b6 (diff)