packages/docker/src/main/docker/docker-files/Dockerfile.mso-chef-final

   1 FROM openecomp/wildfly:1.0
   2
   3
   4 ### File Author / Maintainer
   5 MAINTAINER "The ONAP Team"
   6 LABEL Description="This image contains the ONAP SO" Version="1.0"
   7
   8 ARG http_proxy
   9 ARG https_proxy
  10 ENV HTTP_PROXY=$http_proxy
  11 ENV HTTPS_PROXY=$https_proxy
  12 ENV http_proxy=$HTTP_PROXY
  13 ENV https_proxy=$HTTPS_PROXY
  14
  15 ENV CHEF_REPO_NAME="chef-repo"
  16 ENV CHEF_CONFIG_NAME="mso-config"
  17
  18 USER root
  19
  20 ### Downloading dependencies
  21 # Install specific system libraries to fix CVE vulnerabilities
  22 RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/apt/sources.list && \
  23     echo "deb http://security.ubuntu.com/ubuntu/ artful-security main restricted" >> /etc/apt/sources.list && \
  24     echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \
  25     apt-get -y update
  26
  27 # krb5 1.16-2build1
  28 #   For CVE-2017-15088 CVE-2017-11462
  29 # libvorbis 1.3.5-4ubuntu0.2
  30 #   For CVE-2017-14632 CVE-2017-14160
  31 # libx11 2:1.6.4-3
  32 #    For CVE-2016-7943 CVE-2016-7942
  33 # libxtst 1.2.3-1
  34 #    For CVE-2016-7951
  35 # ncurses 6.1-1ubuntu1
  36 #    For CVE-2017-10685 CVE-2017-10684
  37 # libsqllite3-0 3.22.0-1
  38 #   For CVE-2017-10989
  39 # libtiff5 4.0.8-5ubuntu0.1
  40 #   For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331
  41 # shadow 1:4.5-1ubuntu1
  42 #   For CVE-2017-12424
  43 # perl-base 5.26.0-8ubuntu1.1
  44 #   For CVE-2015-8608 CVE-2017-12883
  45 # openssl 1.1.0g-2ubuntu3
  46 #   For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176
  47 # zlib1g 1:1.2.11.dfsg-0ubuntu2
  48 #   For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
  49 # libexpat1 2.2.5-3
  50 #   For CVE-2016-0718 CVE-2016-4472
  51 # libc-bin libc6 2.26-0ubuntu2.1
  52 #   For CVE-2018-6485
  53 # openssl 1.1.0g-2ubuntu3
  54 #   For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177
  55 # libpcre3 2:8.39-5ubuntu3
  56 #   For CVE-2016-3191 CVE-2016-1283
  57 # berkeleydb
  58 #   For CVE-2016-3418 CVE-2016-0694 CVE-2016-0689 CVE-2016-0682
  59 # jetty
  60 #   For CVE-2017-9735
  61 # libxi
  62 #   For CVE-2016-7946 CVE-2016-7945
  63 # xalan
  64 #   For CVE-2014-0107
  65 # git
  66 #   For CVE-2017-14867
  67 #
  68
  69 USER root
  70 RUN apt-get -y --only-upgrade install \
  71     libkrb5-3 krb5-locales \
  72     libvorbis0a \
  73     libx11-6 libx11-data libx11-doc libx11-xcb1 \
  74     libxtst6 \
  75     ncurses-base ncurses-bin libncurses5 libncursesw5 \
  76     libsqlite3-0 \
  77     libtiff5 \
  78     passwd \
  79     perl-base \
  80     openssl \
  81     zlib1g \
  82     libdb5.3 \
  83     libc-bin libc6 multiarch-support \
  84     libxi6 \
  85     libpcre3 \
  86     expat \
  87     jetty9 \
  88     xalan \
  89     git
  90
  91
  92 RUN apt-get install -y netcat curl && curl -LO  https://packages.chef.io/files/stable/chefdk/2.5.3/ubuntu/16.04/chefdk_2.5.3-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y
  93
  94 ### Install Chef
  95 #RUN dpkg -i chefdk_0.17.17-1_amd64.deb
  96 RUN dpkg -i chefdk_2.5.3-1_amd64.deb
  97
  98 COPY scripts/start-jboss-server.sh /opt/mso/scripts/start-jboss-server.sh
  99
 100 RUN chown jboss:jboss /opt/mso/scripts/*
 101 RUN chmod u+rx /opt/mso/scripts/*
 102
 103 RUN mkdir /etc/chef
 104 RUN chown jboss:jboss /etc/chef
 105 RUN chmod u+xrw /etc/chef
 106
 107 RUN mkdir -p /etc/mso
 108 RUN chown -R jboss:jboss /etc/mso
 109 RUN chmod u+xrw /etc/mso
 110
 111 # Setup shared folder
 112 RUN mkdir /shared
 113 RUN chown jboss:jboss /shared
 114
 115 # Setup chef folders
 116 RUN mkdir -p /var/chef/nodes
 117 RUN chown jboss:jboss /var/chef/nodes
 118 RUN mkdir /var/berks-cookbooks
 119 RUN chown jboss:jboss /var/berks-cookbooks
 120 RUN mkdir -p /home/jboss/.chef/nodes
 121 RUN chown jboss:jboss /home/jboss/.chef/nodes
 122
 123 COPY chef-configs/${CHEF_REPO_NAME} /var/berks-cookbooks/${CHEF_REPO_NAME}
 124 COPY chef-configs/${CHEF_CONFIG_NAME} /var/berks-cookbooks/${CHEF_CONFIG_NAME}
 125 COPY chef-configs/solo.rb /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb
 126
 127 # Start Chef config
 128 RUN sed "s/CHEF_REPO_NAME_TO_REPLACE/${CHEF_REPO_NAME}/g" -i /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb
 129 RUN chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
 130
 131 RUN mv /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker-init.json
 132 RUN echo "" > /shared/mso-docker.json
 133 RUN ln -s /shared/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json
 134
 135 ## Create the log folder for MSO
 136 RUN mkdir -p /var/log/ecomp/MSO/
 137 RUN chown jboss:jboss /var/log/ecomp/MSO
 138
 139 ### Configure Jboss WildFly
 140 RUN mkdir -p $JBOSS_HOME/modules/mariadb/main
 141 RUN cp mariadb-java-client-1.5.4.jar $JBOSS_HOME/modules/mariadb/main
 142 COPY jboss-configs/modules/mariadb/main/module.xml $JBOSS_HOME/modules/mariadb/main
 143 COPY jboss-configs/configuration/standalone-full-ha.xml $JBOSS_HOME/standalone/configuration/standalone-full-ha-mso.xml
 144 COPY jboss-configs/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-users.properties
 145 COPY jboss-configs/configuration/mgmt-groups.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties
 146 COPY jboss-configs/configuration/application-users.properties $JBOSS_HOME/standalone/configuration/application-users.properties
 147 COPY jboss-configs/configuration/application-roles.properties $JBOSS_HOME/standalone/configuration/application-roles.properties
 148
 149 RUN echo "JAVA_OPTS=\"\$JAVA_OPTS -Xms64m -Xmx4g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=1g -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0 -Dmso.db=MARIADB -Dmso.config.path=/etc/mso/config.d/\"" >> $JBOSS_HOME/bin/standalone.conf
 150 RUN echo "LAUNCH_JBOSS_IN_BACKGROUND=true" >> $JBOSS_HOME/bin/standalone.conf
 151
 152 COPY ./maven/artifacts/* $JBOSS_HOME/standalone/deployments/
 153
 154 RUN mkdir -p /etc/mso/config.d/ASDC && chown -R jboss:jboss /etc/mso/config.d/ASDC && chmod u+xrw /etc/mso/config.d/ASDC
 155
 156 COPY wait-for.sh /
 157
 158 ## Install heatbridge
 159 #RUN apt-get install -y python && apt-get install -y python-pip && echo 'PIP Installed, doing upgrade' && pip install --upgrade pip
 160 #RUN mkdir /opt/mso/heatbridge
 161 #COPY heatbridge/heatbridge-0.3.0.dev0-py2-none-any.whl /opt/mso/heatbridge
 162 #RUN pip install /opt/mso/heatbridge/heatbridge-0.3.0.dev0-py2-none-any.whl
 163
 164 ### Open Ports
 165 EXPOSE 8080
 166
 167 VOLUME /shared
 168
 169 ### Start EAP
 170 USER root
 171 CMD ["/opt/mso/scripts/start-jboss-server.sh"]