Change gvnfm of juju pod startup to non root

Change-Id: Iebca22ee2174a7c49b7e143a8733ac09fc34e154
Issue-ID: VFC-1637
Signed-off-by: yangyan <yangyanyj@chinamobile.com>

diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile
index ea863fa..cc683c8 100644 (file)
--- a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/Dockerfile
@@ -1,46 +1,12 @@
 FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
 ENV JAVA_HOME /usr/lib/jvm/jre
-
+ENV CATALINA_HOME /service
+ADD . /service
 WORKDIR /service
-
-# Set up mysql
-RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm
-RUN yum -y update
-RUN yum -y install -y mysql-server
-RUN mysql_install_db --user=mysql --datadir=/var/lib/mysql
-
+RUN bash docker-env-config.sh
 VOLUME /var/lib/mysql
 
-COPY init-mysql.sh .
-
-# 30-tomcat.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY
-# Set up tomcat
-RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && rm -f apache-tomcat-8.5.30.tar.gz && rm -rf webapps && mkdir -p webapps/ROOT
-RUN echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
-ENV CATALINA_HOME /service
-
-# Set up microservice
-RUN wget -q -O vfc-gvnfm-jujudriver.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.vnfm.gvnfm&a=juju-vnfmadapterservice-deployment&v=LATEST&e=zip" && unzip -q -o -B vfc-gvnfm-jujudriver.zip && rm -f vfc-gvnfm-jujudriver.zip
-# Set permissions
-RUN find . -type d -exec chmod o-w {} \;
-RUN find . -name "*.sh" -exec chmod +x {} \;
 EXPOSE 8483
-
-# 90-entrypoint.txt
-RUN yum clean all
-
-COPY instance-config.sh .
-COPY instance-init.sh .
-COPY instance-run.sh .
-COPY instance-workaround.sh .
-COPY docker-entrypoint.sh .
+USER onap
+WORKDIR /service
 ENTRYPOINT /service/docker-entrypoint.sh
-
-COPY LICENSE ./ONAP_LICENSE

diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh
index cdcf196..9b97fc0 100644 (file)
--- a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-entrypoint.sh
@@ -41,7 +41,7 @@ echo
 ./instance-config.sh
 
 # Start mysql
-su mysql -c /usr/bin/mysqld_safe &
+sudo su mysql -c /usr/bin/mysqld_safe &
 
 # Perform one-time config
 if [ ! -e init.log ]; then

diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
new file mode 100644 (file)
index 0000000..8b6b4f7
--- /dev/null
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+install_sf(){
+
+        sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+        sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+        yum update -y
+
+        yum install -y wget unzip socat java-1.8.0-openjdk-headless
+        sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+        # Set up mysql
+        wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && \
+                rpm -ivh mysql-community-release-el7-5.noarch.rpm && \
+                rm -f mysql-community-release-el7-5.noarch.rpm
+        yum -y update
+        yum -y install mysql-server
+        mysql_install_db --user=mysql --datadir=/var/lib/mysql
+
+        # Set up tomcat
+        wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
+                tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
+                rm -f apache-tomcat-8.5.30.tar.gz && \
+                rm -rf webapps && \
+                mkdir -p webapps/ROOT
+        echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
+
+        # Set up microservice
+        wget -q -O vfc-gvnfm-jujudriver.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.vnfm.gvnfm&a=juj
+u-vnfmadapterservice-deployment&v=LATEST&e=zip" && \
+                unzip -q -o -B vfc-gvnfm-jujudriver.zip && \
+                rm -f vfc-gvnfm-jujudriver.zip
+        # Set permissions
+        find . -type d -exec chmod o-w {} \;
+        find . -name "*.sh" -exec chmod +x {} \;
+}
+
+add_user(){
+
+        useradd onap
+        yum -y install sudo
+        chmod u+x /etc/sudoers
+        sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
+        chmod u-x /etc/sudoers
+        chown onap:onap -R /service
+}
+
+clean_sf_cache(){
+
+        yum clean all
+}
+
+install_sf
+wait
+add_user
+clean_sf_cache