summaryrefslogtreecommitdiffstats
path: root/vnfmarket-be/deployment
diff options
context:
space:
mode:
authorKanagaraj Manickam <mkr1481@gamil.com>2020-03-19 15:40:52 +0530
committerKanagaraj Manickam k00365106 <kanagaraj.manickam@huawei.com>2020-03-20 09:18:53 +0530
commitcee4b4cb464446b1d98dea8e49af5ef858d87aed (patch)
tree4c2086b30a972bd76134ea030b22f7668a88ac6d /vnfmarket-be/deployment
parent3e90fc1056791e629916a29b12b7b14bcb1e2f15 (diff)
non-root docker support
Issue-ID: VNFSDK-565 Change-Id: I231f28cef791bb1ccbffd407bcd25604a7d18bcc Signed-off-by: Kanagaraj Manickam k00365106 <kanagaraj.manickam@huawei.com>
Diffstat (limited to 'vnfmarket-be/deployment')
-rw-r--r--vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile26
-rwxr-xr-xvnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/docker-entrypoint.sh5
-rw-r--r--vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/install-vtp.sh18
-rwxr-xr-xvnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/instance-run.sh5
-rw-r--r--vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf70
-rw-r--r--vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/vtp-tc.sh13
6 files changed, 69 insertions, 68 deletions
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile
index 7475399a..612aecd0 100644
--- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile
@@ -26,26 +26,19 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get -y install python-software-properties
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install software-properties-common sudo
RUN add-apt-repository ppa:openjdk-r/ppa -y && \
-
# update data from repositories
apt-get update --fix-missing -y && \
-
# upgrade OS
apt-get -y dist-upgrade && \
-
# Make info file about this build
printf "Build of java:openjdk-8-jre-headless, date: %s\n" `date -u +"%Y-%m-%dT%H:%M:%SZ"` > /service/java && \
-
# install application
apt-get install -y --no-install-recommends openjdk-8-jre-headless && \
-
# fix default setting
ln -s java-8-openjdk-amd64 /usr/lib/jvm/default-jvm && \
-
# remove apt cache from image
apt-get clean all
-
# Set up tomcat
RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && rm -f apache-tomcat-8.5.30.tar.gz && rm -rf webapps && mkdir -p webapps/ROOT
RUN echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
@@ -122,8 +115,23 @@ RUN chmod a+x /service/vtp-tc.sh
RUN /service/install-vtp.sh
EXPOSE 50051
-ENTRYPOINT /service/docker-entrypoint.sh
-RUN chmod a+x /service/docker-entrypoint.sh
+RUN groupadd -r vnfadmin && useradd -m --no-log-init -r -g vnfadmin vnfadmin && \
+ usermod -aG sudo vnfadmin && echo "vnfadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
+ chmod -R 777 /usr/local/
+
+USER vnfadmin
+
+RUN RUN umask 000 && sudo chmod +x /service/bin/*.sh /service/*.sh && \
+ mkdir -p /service/logs && mkdir -p /var/log/nginx/ && \
+ sudo chown -R vnfadmin:vnfadmin /var/log/nginx/ && \
+ sudo chown -R vnfadmin:vnfadmin /service/ /opt/vtp /var/log && \
+ sudo chmod -R +w /service/ /opt/vtp /var/log && \
+ sudo touch /run/nginx.pid && sudo chown -R vnfadmin:vnfadmin /run/nginx.pid && \
+ chmod +w /run/nginx.pid && sudo chown -R vnfadmin:vnfadmin /var/log/nginx/ && \
+ sudo usermod -aG www-data vnfadmin && sudo chmod -R a+w /var/lib/nginx
+
+
+#ENTRYPOINT /service/docker-entrypoint.sh
ENTRYPOINT ["/service/docker-entrypoint.sh"]
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/docker-entrypoint.sh b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/docker-entrypoint.sh
index c7941209..3bb1414c 100755
--- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/docker-entrypoint.sh
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/docker-entrypoint.sh
@@ -20,6 +20,8 @@
# vnf-sdk-marketplace/target/docker-entrypoint.sh
#
+umask 000 && sudo chmod +x /service/bin/*.sh /service/*.sh && mkdir -p /service/logs && mkdir -p /var/log/nginx/ && sudo chown -R vnfadmin:vnfadmin /var/log/nginx/ /service/ /opt/vtp /var/log && sudo chmod -R +w /service/ /opt/vtp /var/log && sudo touch /run/nginx.pid && sudo chown -R vnfadmin:vnfadmin /run/nginx.pid && chmod +w /run/nginx.pid && sudo chown -R vnfadmin:vnfadmin /var/log/nginx/ && sudo usermod -aG www-data vnfadmin && sudo chmod -R a+w /var/lib/nginx
+
if [ -z "$SERVICE_IP" ]; then
export SERVICE_IP=`hostname -i`
fi
@@ -44,7 +46,7 @@ if [ ! -e init.log ]; then
# Perform workarounds due to defects in release binary
./instance-workaround.sh
-
+
# microservice-specific one-time initialization
./instance-init.sh
@@ -54,4 +56,3 @@ fi
# Start the microservice
./instance-run.sh
-
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/install-vtp.sh b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/install-vtp.sh
index 005ce53c..713b28c2 100644
--- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/install-vtp.sh
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/install-vtp.sh
@@ -18,13 +18,13 @@
export _PWD=`pwd`
echo ################ Check for java
-apt-get install -y wget unzip
+sudo apt-get install -y wget unzip
#check for java
java -version
if [ $? == 127 ]
then
- apt-get install -y openjdk-8-jre
+ sudo apt-get install -y openjdk-8-jre
fi
echo ################ Install OCLIP
@@ -53,17 +53,17 @@ do
mv ${cmd}_ ${cmd}
done
-chmod +x ./bin/oclip.sh
-chmod +x ./bin/oclip-rcli.sh
-chmod +x ./bin/oclip-grpc-server.sh
+sudo chmod +x ./bin/oclip.sh
+sudo chmod +x ./bin/oclip-rcli.sh
+sudo chmod +x ./bin/oclip-grpc-server.sh
echo export OPEN_CLI_HOME=/opt/vtp > $OPEN_CLI_HOME/bin/vtp.sh
echo $OPEN_CLI_HOME/bin/oclip-grpc-server.sh>> $OPEN_CLI_HOME/bin/vtp.sh
-chmod +x $OPEN_CLI_HOME/bin/vtp.sh
+sudo chmod +x $OPEN_CLI_HOME/bin/vtp.sh
-ln -sf $OPEN_CLI_HOME/bin/oclip.sh /usr/bin/oclip
-ln -sf $OPEN_CLI_HOME/bin/oclip-rcli.sh /usr/bin/vtp-cli
-ln -sf $OPEN_CLI_HOME/bin/oclip-grpc-server.sh /usr/bin/vtp-tc
+ln -sf $OPEN_CLI_HOME/bin/oclip.sh /usr/local/bin/oclip
+ln -sf $OPEN_CLI_HOME/bin/oclip-rcli.sh /usr/local/bin/vtp-cli
+ln -sf $OPEN_CLI_HOME/bin/oclip-grpc-server.sh /usr/local/bin/vtp-tc
echo ################ Deploy sample csar validation test case
CSARVALIDATOR_LATEST_BINARY="https://nexus.onap.org/service/local/artifact/maven/redirect?r=releases&g=org.onap.vnfsdk.validation&a=csarvalidation-deployment&e=zip&v=LATEST"
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/instance-run.sh b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/instance-run.sh
index 5e3f9bda..1f0d14d0 100755
--- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/instance-run.sh
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/instance-run.sh
@@ -16,12 +16,11 @@
#
#Start VTP service
-service vtp-tc start
+./vtp-tc.sh start
# Start tomcat service
./bin/start.sh
-
service nginx start
# Show log files
echo Waiting for log file...
@@ -30,5 +29,3 @@ while [ ! -f /service/logs/* ]; do
done
echo /service/logs/*
tail -F /service/logs/*
-
-
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf
index 7f223de7..ef50c595 100644
--- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf
@@ -3,48 +3,48 @@ daemon off;
#pid /run/nginx.pid;
events {
- worker_connections 500;
- # multi_accept on;
+ worker_connections 500;
+ # multi_accept on;
}
http {
-
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
+ ##
+ # Basic Settings
+ ##
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
#Comment or disable the access_log once tested to avoid runtime logs
# access_log /var/log/nginx/access.log format gzip;
access_log off;
error_log /var/log/nginx/error.log;
- server {
- listen *:8703 ssl;
- server_name
- ssl on;
- ssl_certificate /etc/nginx/ssl/cert.crt;
- ssl_certificate_key /etc/nginx/ssl/cert.key;
- ssl_session_cache builtin:1000 shared:SSL:80m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
- ssl_prefer_server_ciphers on;
- ssl_session_timeout 10m;
- keepalive_timeout 70;
-
- location / {
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
-
- proxy_pass http://localhost:8702;
- proxy_read_timeout 90;
- proxy_redirect off;
- }
- }
+ server {
+ listen *:8703 ssl;
+ server_name
+ ssl on;
+ ssl_certificate /etc/nginx/ssl/cert.crt;
+ ssl_certificate_key /etc/nginx/ssl/cert.key;
+ ssl_session_cache builtin:1000 shared:SSL:80m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
+ ssl_prefer_server_ciphers on;
+ ssl_session_timeout 10m;
+ keepalive_timeout 70;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://localhost:8702;
+ proxy_read_timeout 90;
+ proxy_redirect off;
+ }
+ }
}
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/vtp-tc.sh b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/vtp-tc.sh
index 38f50c42..29b3562d 100644
--- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/vtp-tc.sh
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/vtp-tc.sh
@@ -26,13 +26,12 @@
dir="/opt"
cmd="/opt/vtp/bin/vtp.sh"
-user="root"
name=`basename $0`
-pid_file="/var/run/$name.pid"
+pid_file="/var/log/$name.pid"
stdout_log="/var/log/$name.log"
stderr_log="/var/log/$name.err"
-
+export JAVA_HOME=/usr/lib/jvm/default-jvm
get_pid() {
cat "$pid_file"
}
@@ -48,11 +47,7 @@ case "$1" in
else
echo "Starting $name"
cd "$dir"
- if [ -z "$user" ]; then
- sudo $cmd >> "$stdout_log" 2>> "$stderr_log" &
- else
- sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" &
- fi
+ $cmd >> "$stdout_log" 2>> "$stderr_log" &
echo $! > "$pid_file"
if ! is_running; then
echo "Unable to start, see $stdout_log and $stderr_log"
@@ -63,7 +58,7 @@ case "$1" in
stop)
if is_running; then
echo -n "Stopping $name.."
- kill `get_pid`
+ sudo kill `get_pid`
for i in {1..10}
do
if ! is_running; then