Use python 3.11-alpine image in catalog-be backend-init

- use public python:3.11-alpine image [0]
- remove unused packages from the image (lib-xml,-ffi,libressl,...)
- simplify dockerfile syntax a bit
- make sure import_normatives.sh doesn't fail silently
  (which makes root cause analysis harder)

[0] official images are regularly updated and make it easier to
    reason what they contain (as opposed to custom images)

Issue-ID: SDC-4803
Change-Id: Id2676b4e92298a0823da35dd601a1991b9e93400
Signed-off-by: Fiete Ostkamp <fiete.ostkamp@telekom.de>

diff --git a/catalog-be/sdc-backend-init/Dockerfile b/catalog-be/sdc-backend-init/Dockerfile
index 3473a0d..66d2a59 100644 (file)
--- a/catalog-be/sdc-backend-init/Dockerfile
+++ b/catalog-be/sdc-backend-init/Dockerfile
@@ -1,56 +1,38 @@
-FROM onap/integration-python:9.0.0
+FROM python:3.11-alpine
 
 USER root
 
-# Needed for pycurl
+# Create onap user/group (previously provided by onap/integration-python base image)
+RUN addgroup -S onap && adduser -S -G onap onap
+
+# Needed for pycurl SSL backend selection
 ENV PYCURL_SSL_LIBRARY=openssl
 
-RUN apk update && apk upgrade && apk add --no-cache expat apk-tools
-
-# Install only runtime packages and build dependencies temporarily
-RUN apk update && \
-    apk add --no-cache libcurl jq libpng python3 py3-pip && \
-    apk add --no-cache --virtual .build-deps \
-        libressl-dev \
-        libffi-dev \
-        libxml2-dev \
-        build-base \
-        curl-dev && \
+# Install runtime libcurl, build and install pycurl, then remove build deps
+RUN apk add --no-cache libcurl && \
+    apk add --no-cache --virtual .build-deps build-base curl-dev openssl-dev && \
     pip install --no-cache-dir pycurl==7.44.1 && \
     apk del .build-deps
 
 ENV ONAP_LOG=/home/onap/logs
 RUN mkdir -p $ONAP_LOG && chown onap:onap $ONAP_LOG
 
-# user/group are the same as in integration/docker/onap-python base image
-ENV user=onap group=onap
-
 USER onap
 
-# Copy scripts and install them under sdc user
+# Copy and install Python sdcBePy package
 COPY --chown=onap:onap scripts /home/onap/scripts
+RUN cd /home/onap/scripts && \
+    pip install --no-cache-dir --user .
 
-RUN chmod -R a+rx /home/onap/scripts && \
-   cd /home/onap/scripts && \
-    pip install --user .
-
-# Ensure ALL .local/bin scripts are accessible to any UID
-RUN chmod -R a+rx /home/onap/.local && \
-    chmod -R a+rx /home/onap/.local/bin && \
-    chmod -R a+rx /home/onap
-
-# Add .local/bin to PATH and Python site-packages to PYTHONPATH
 ENV PATH=$PATH:/home/onap/.local/bin
-ENV PYTHONPATH=/home/onap/.local/lib/python3.9/site-packages:$PYTHONPATH
 
-# Copy other required files
+# Copy remaining files
 COPY --chown=onap:onap normatives.tar.gz /home/onap/
-COPY --chown=onap:onap custom-scripts/create_consumer_and_user.sh /home/onap/create_consumer_and_user.sh
-COPY --chown=onap:onap custom-scripts/check_backend.sh /home/onap/check_backend.sh
-COPY --chown=onap:onap custom-scripts/import_normatives.sh /home/onap/import_normatives.sh
+COPY --chown=onap:onap custom-scripts/ /home/onap/
 COPY --chown=onap:onap startup.sh /home/onap/startup.sh
 
-RUN chmod a+rx /home/onap/*.sh
+# Ensure all files are accessible to any UID (OpenShift compatibility)
+RUN chmod -R a+rx /home/onap
 
 WORKDIR /home/onap/
 

diff --git a/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh b/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh
index 12da11d..a24d604 100644 (file)
--- a/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh
+++ b/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh
@@ -1,12 +1,13 @@
 #!/bin/sh
 
+set -e
 
 # Set protocol and port based on DISABLE_HTTP
 if [ "$DISABLE_HTTP" = "true" ]; then
   protocol="https"
   be_port=$BE_HTTPS_PORT
   param="-i $BE_IP -p $be_port --https"
-  
+
   # Set TLS flags if certificates are provided
   if [ -n "$TLS_CERT" ]; then
     tls_cert="--tls_cert $TLS_CERT"
@@ -30,7 +31,7 @@ fi
 if [ "$BASIC_AUTH_ENABLED" = "true" ]; then
   basic_auth_user="${BASIC_AUTH_USER:-}"
   basic_auth_pass="${BASIC_AUTH_PASS:-}"
-  
+
   if [ -n "$basic_auth_user" ] && [ -n "$basic_auth_pass" ]; then
     basic_auth_config="--header $(echo -n "$basic_auth_user:$basic_auth_pass" | base64)"
   else
@@ -46,20 +47,14 @@ cd /var/tmp/ || exit 1
 cp /home/onap/normatives.tar.gz /var/tmp/
 tar -xvf /var/tmp/normatives.tar.gz
 
-start_time=$(date +"%Y-%m-%d %H:%M:%S")
-echo "[$start_time] Starting sdcinit..."
+start_ts=$(date +%s)
+echo "[$(date +"%Y-%m-%d %H:%M:%S")] Starting sdcinit..."
 
 # Run sdcinit command with the constructed parameters
 cd /var/tmp/normatives/import/tosca || exit 1
 sdcinit $param $basic_auth_config $tls_cert $tls_key $tls_key_pw $ca_cert
 
-end_time=$(date +"%Y-%m-%d %H:%M:%S")
-echo "[$end_time] Done sdcinit."
-
-start_ts=$(date -d "$start_time" +%s)
-end_ts=$(date -d "$end_time" +%s)
-elapsed=$((end_ts - start_ts))
-echo "Elapsed time: $elapsed seconds"
+elapsed=$(( $(date +%s) - start_ts ))
+echo "[$(date +"%Y-%m-%d %H:%M:%S")] sdcinit completed successfully. Elapsed time: ${elapsed} seconds"
 
 echo "SDC initialization Done."
-