X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fdocker%2FDockerfile;h=036091e166e11c8e43079665afbea2a508739746;hb=34c72a4d56324182b2e1d6f6fbaa508ca0953d2f;hp=343ed4d41da8c1675a35f8def84ebae734d3704d;hpb=bbe7efa2068e0d5393abc2a0240814ef18960786;p=aai%2Fgizmo.git diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index 343ed4d..036091e 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -1,45 +1,30 @@ -FROM ubuntu:14.04 +FROM @aai.docker.namespace@/aai-common-@aai.base.image@:@aai.base.image.version@ ARG MICRO_HOME=/opt/app/crud-api ARG BIN_HOME=$MICRO_HOME/bin +ARG USERS_HOME=/opt/aaihome -RUN apt-get update - -# Install and setup java8 -RUN apt-get update && apt-get install -y software-properties-common -## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step -RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk -## Setup JAVA_HOME, this is useful for docker commandline -ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64 -RUN export JAVA_HOME - -# Build up the deployment folder structure -RUN mkdir -p $MICRO_HOME -RUN mkdir -p $MICRO_HOME/bundleconfig/etc -COPY gizmo.jar $MICRO_HOME/ -RUN mkdir -p $BIN_HOME -COPY *.sh $BIN_HOME -COPY bundleconfig-local $MICRO_HOME/bundleconfig -COPY bundleconfig-local/etc/logback.xml $MICRO_HOME/bundleconfig/etc -RUN chmod 755 $BIN_HOME/* - -# Changes related to:AAI-2177 -# Change aai gizmo container processes to run as non-root on the host +# AAI-2177: Change aai gizmo container processes to run as non-root on the host #Note:The group id and user id used below (492382 & 341790 respectively) are chosen arbitarily based on assumption that # these are not used elsewhere. Please see https://jira.onap.org/browse/AAI-2172 for more background on this. -RUN mkdir /opt/aaihome && \ - groupadd -g 492382 aaiadmin && \ - useradd -r -u 341790 -g 492382 -ms /bin/sh -d /opt/aaihome/aaiadmin aaiadmin && \ - chown -R aaiadmin:aaiadmin $MICRO_HOME &&\ - mkdir /logs && \ - chown -R aaiadmin:aaiadmin /logs +RUN mkdir -p $MICRO_HOME $USERS_HOME /logs \ + && groupadd -g 492382 aaiadmin \ + && useradd -r -u 341790 -g 492382 -ms /bin/sh -d $USERS_HOME/aaiadmin aaiadmin +##The following 2 lines are added to add the user to the sudoers group +##The script src\main\bin\start.sh could then optionally run the process as sudo user if an environment variable is set +## By default the sudo mode is disabled. +RUN usermod -aG sudo aaiadmin &&\ + echo 'aaiadmin ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers +WORKDIR $MICRO_HOME +COPY /maven/gizmo/ . +RUN chmod 755 $BIN_HOME/* \ + && ln -snf /logs $MICRO_HOME/logs \ + && chown -R aaiadmin:aaiadmin $MICRO_HOME /logs USER aaiadmin -RUN ln -s /logs $MICRO_HOME/logs - EXPOSE 9520 9520 CMD ["/opt/app/crud-api/bin/start.sh"]