diff options
author | yangyan <yangyanyj@chinamobile.com> | 2020-03-04 10:32:14 +0800 |
---|---|---|
committer | Yan Yang <yangyanyj@chinamobile.com> | 2020-03-04 02:33:19 +0000 |
commit | 3a9df1e72e715d9a5955b4d6e16ddc402a629d1c (patch) | |
tree | 7b209a6d39ff339b917bacdcdd559a0d09b998ab | |
parent | 8f96213a409b413ac3fc19ba1294c5c3900b10b6 (diff) |
Change multivimproxy pod startup to non root
Change-Id: I4d6c97a61984f7cdc8fd261ab7b8387fed1b4d8b
Issue-ID: VFC-1637
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
-rw-r--r-- | docker/Dockerfile | 57 | ||||
-rw-r--r-- | docker/docker-env-config.sh | 49 |
2 files changed, 54 insertions, 52 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index 5c7ef14..0fed968 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,59 +1,12 @@ -# -# This file was auto-generated by gen-all-dockerfiles.sh; do not modify manually. -# -# nfvo-multivimproxy/target/Dockerfile -# - -# 10-basebuild.txt - FROM centos:7 - -RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf -RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo -RUN yum update -y - -RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless -RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security ENV JAVA_HOME /usr/lib/jvm/jre - -WORKDIR /service - -# 20-mysql.txt - -# Set up mysql -#RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm -#RUN yum -y update -#RUN yum -y install -y mysql-server -#RUN mysql_install_db --user=mysql --datadir=/var/lib/mysql -#COPY init-mysql.sh . - -# 30-tomcat.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY -# Set up tomcat -RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && rm -f apache-tomcat-8.5.30.tar.gz && rm -rf webapps && mkdir -p webapps/ROOT -RUN echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh ENV CATALINA_HOME /service -# 50-microservice.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY - -# Set up microservice +ADD . /service +WORKDIR /service +RUN bash docker-env-config.sh -RUN wget -q -O nfvo-multivimproxy.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.multivimproxy&a=vfc-nfvo-multivimproxy-deployment&v=LATEST&e=zip" && unzip -q -o -B nfvo-multivimproxy.zip && rm -f nfvo-multivimproxy.zip -# Set permissions -RUN find . -type d -exec chmod o-w {} \; -RUN find . -name "*.sh" -exec chmod +x {} \; EXPOSE 8486 - - - -# 90-entrypoint.txt - -RUN yum clean all - -COPY instance-config.sh . -COPY instance-init.sh . -COPY instance-run.sh . -COPY instance-workaround.sh . -COPY docker-entrypoint.sh . +USER onap +WORKDIR /service ENTRYPOINT /service/docker-entrypoint.sh - -COPY LICENSE ./ONAP_LICENSE diff --git a/docker/docker-env-config.sh b/docker/docker-env-config.sh new file mode 100644 index 0000000..19e25db --- /dev/null +++ b/docker/docker-env-config.sh @@ -0,0 +1,49 @@ +#!/bin/bash +install_sf(){ + + sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf + sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo + yum update -y + + yum install -y wget unzip socat java-1.8.0-openjdk-headless + sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security + + # Set up tomcat + wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \ + tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \ + rm -f apache-tomcat-8.5.30.tar.gz && \ + rm -rf webapps && \ + mkdir -p webapps/ROOT + echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh + + # Set up microservice + wget -q -O nfvo-multivimproxy.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.multivimproxy&a=vfc-nfvo- +multivimproxy-deployment&v=LATEST&e=zip" && \ + unzip -q -o -B nfvo-multivimproxy.zip && \ + rm -f nfvo-multivimproxy.zip + + # Set permissions + find . -type d -exec chmod o-w {} \; + find . -name "*.sh" -exec chmod +x {} \; + +} + +add_user(){ + + useradd onap + yum -y install sudo + chmod u+x /etc/sudoers + sed -i '/Same thing without a password/a\onap ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers + chmod u-x /etc/sudoers + chown onap:onap -R /service +} + +clean_sf_cache(){ + + yum clean all +} + +install_sf +wait +add_user +clean_sf_cache |