1 FROM openecomp/wildfly:1.0
4 ### File Author / Maintainer
5 MAINTAINER "The ONAP Team"
6 LABEL Description="This image contains the ONAP SO" Version="1.0"
10 ENV HTTP_PROXY=$http_proxy
11 ENV HTTPS_PROXY=$https_proxy
12 ENV http_proxy=$HTTP_PROXY
13 ENV https_proxy=$HTTPS_PROXY
15 ENV CHEF_REPO_NAME="chef-repo"
16 ENV CHEF_CONFIG_NAME="mso-config"
20 ### Downloading dependencies
21 # Install specific system libraries to fix CVE vulnerabilities
22 RUN echo "deb http://archive.ubuntu.com/ubuntu/ artful main restricted" >> /etc/apt/sources.list && \
23 echo "deb http://security.ubuntu.com/ubuntu/ artful-security main restricted" >> /etc/apt/sources.list && \
24 echo "deb http://archive.ubuntu.com/ubuntu/ bionic main restricted" >> /etc/apt/sources.list && \
28 # For CVE-2017-15088 CVE-2017-11462
29 # libvorbis 1.3.5-4ubuntu0.2
30 # For CVE-2017-14632 CVE-2017-14160
32 # For CVE-2016-7943 CVE-2016-7942
35 # ncurses 6.1-1ubuntu1
36 # For CVE-2017-10685 CVE-2017-10684
37 # libsqllite3-0 3.22.0-1
39 # libtiff5 4.0.8-5ubuntu0.1
40 # For CVE-2017-9117 CVE-2016-9540 CVE-2016-9539 CVE-2016-9538 CVE-2016-9537 CVE-2016-9536 CVE-2016-9535 CVE-2016-9534 CVE-2016-9533 CVE-2015-8668 CVE-2015-7554 CVE-2016-6223 CVE-2017-5563 CVE-2016-3621 CVE-2016-8331
41 # shadow 1:4.5-1ubuntu1
43 # perl-base 5.26.0-8ubuntu1.1
44 # For CVE-2015-8608 CVE-2017-12883
45 # openssl 1.1.0g-2ubuntu3
46 # For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2176
47 # zlib1g 1:1.2.11.dfsg-0ubuntu2
48 # For CVE-2016-9843 CVE-2016-9841 CVE-2016-9842 CVE-2016-9840
50 # For CVE-2016-0718 CVE-2016-4472
51 # libc-bin libc6 2.26-0ubuntu2.1
53 # openssl 1.1.0g-2ubuntu3
54 # For CVE-2016-6303 CVE-2016-2182 CVE-2016-2177
55 # libpcre3 2:8.39-5ubuntu3
56 # For CVE-2016-3191 CVE-2016-1283
58 # For CVE-2016-3418 CVE-2016-0694 CVE-2016-0689 CVE-2016-0682
62 # For CVE-2016-7946 CVE-2016-7945
70 RUN apt-get -y --only-upgrade install \
71 libkrb5-3 krb5-locales \
73 libx11-6 libx11-data libx11-doc libx11-xcb1 \
75 ncurses-base ncurses-bin libncurses5 libncursesw5 \
83 libc-bin libc6 multiarch-support \
92 RUN apt-get install -y netcat curl && curl -LO https://packages.chef.io/files/stable/chefdk/2.5.3/ubuntu/16.04/chefdk_2.5.3-1_amd64.deb && curl -LO http://central.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/1.5.4/mariadb-java-client-1.5.4.jar && apt-get remove --purge -y curl && apt-get autoremove -y
95 #RUN dpkg -i chefdk_0.17.17-1_amd64.deb
96 RUN dpkg -i chefdk_2.5.3-1_amd64.deb
98 COPY scripts/start-jboss-server.sh /opt/mso/scripts/start-jboss-server.sh
100 RUN chown jboss:jboss /opt/mso/scripts/*
101 RUN chmod u+rx /opt/mso/scripts/*
104 RUN chown jboss:jboss /etc/chef
105 RUN chmod u+xrw /etc/chef
107 RUN mkdir -p /etc/mso
108 RUN chown -R jboss:jboss /etc/mso
109 RUN chmod u+xrw /etc/mso
111 # Setup shared folder
113 RUN chown jboss:jboss /shared
116 RUN mkdir -p /var/chef/nodes
117 RUN chown jboss:jboss /var/chef/nodes
118 RUN mkdir /var/berks-cookbooks
119 RUN chown jboss:jboss /var/berks-cookbooks
120 RUN mkdir -p /home/jboss/.chef/nodes
121 RUN chown jboss:jboss /home/jboss/.chef/nodes
123 COPY chef-configs/${CHEF_REPO_NAME} /var/berks-cookbooks/${CHEF_REPO_NAME}
124 COPY chef-configs/${CHEF_CONFIG_NAME} /var/berks-cookbooks/${CHEF_CONFIG_NAME}
125 COPY chef-configs/solo.rb /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb
128 RUN sed "s/CHEF_REPO_NAME_TO_REPLACE/${CHEF_REPO_NAME}/g" -i /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb
129 RUN chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
131 RUN mv /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker-init.json
132 RUN echo "" > /shared/mso-docker.json
133 RUN ln -s /shared/mso-docker.json /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json
135 ## Create the log folder for MSO
136 RUN mkdir -p /var/log/ecomp/MSO/
137 RUN chown jboss:jboss /var/log/ecomp/MSO
139 ### Configure Jboss WildFly
140 RUN mkdir -p $JBOSS_HOME/modules/mariadb/main
141 RUN cp mariadb-java-client-1.5.4.jar $JBOSS_HOME/modules/mariadb/main
142 COPY jboss-configs/modules/mariadb/main/module.xml $JBOSS_HOME/modules/mariadb/main
143 COPY jboss-configs/configuration/standalone-full-ha.xml $JBOSS_HOME/standalone/configuration/standalone-full-ha-mso.xml
144 COPY jboss-configs/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-users.properties
145 COPY jboss-configs/configuration/mgmt-groups.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties
146 COPY jboss-configs/configuration/application-users.properties $JBOSS_HOME/standalone/configuration/application-users.properties
147 COPY jboss-configs/configuration/application-roles.properties $JBOSS_HOME/standalone/configuration/application-roles.properties
149 RUN echo "JAVA_OPTS=\"\$JAVA_OPTS -Xms64m -Xmx4g -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=1g -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0 -Dmso.db=MARIADB -Dmso.config.path=/etc/mso/config.d/\"" >> $JBOSS_HOME/bin/standalone.conf
150 RUN echo "LAUNCH_JBOSS_IN_BACKGROUND=true" >> $JBOSS_HOME/bin/standalone.conf
152 COPY ./maven/artifacts/* $JBOSS_HOME/standalone/deployments/
154 RUN mkdir -p /etc/mso/config.d/ASDC && chown -R jboss:jboss /etc/mso/config.d/ASDC && chmod u+xrw /etc/mso/config.d/ASDC
158 ## Install heatbridge
159 #RUN apt-get install -y python && apt-get install -y python-pip && echo 'PIP Installed, doing upgrade' && pip install --upgrade pip
160 #RUN mkdir /opt/mso/heatbridge
161 #COPY heatbridge/heatbridge-0.3.0.dev0-py2-none-any.whl /opt/mso/heatbridge
162 #RUN pip install /opt/mso/heatbridge/heatbridge-0.3.0.dev0-py2-none-any.whl
171 CMD ["/opt/mso/scripts/start-jboss-server.sh"]