+# Base image
FROM eclipse-temurin:11-jre-jammy
-
# Create a new group and user
-RUN addgroup sdc && \
- adduser --gecos "sdc sdc,1,1,1" --disabled-password --ingroup sdc --shell /bin/sh sdc
-
+RUN addgroup --system sdc && \
+ adduser --system --ingroup sdc --shell /bin/sh sdc
USER sdc
-
+WORKDIR /home/sdc
# Create Cassandra configuration directory and file
RUN mkdir -p ~/.cassandra/ && \
echo '[cql]' > ~/.cassandra/cqlshrc && \
- echo 'version=3.4.4' >> ~/.cassandra/cqlshrc
-
+ echo 'version=3.4.4' >> ~/.cassandra/cqlshrc && \
+ chmod 600 ~/.cassandra/cqlshrc
+# Switch to root to install necessary packages
USER root
-
-# Update package list and install necessary packages
RUN apt-get update --allow-releaseinfo-change && \
- apt-get purge python* -y && \
- apt-get install -y python3-pip && \
+ apt-get install -y --no-install-recommends \
+ python3-pip \
+ libffi-dev \
+ libxml2-dev \
+ curl \
+ wget \
+ perl \
+ ntp \
+ apt-transport-https && \
python3 -m pip install --upgrade pip && \
pip3 install --no-cache-dir cqlsh==6.1.0 && \
- mkdir -p ~/.cassandra/ && \
- echo '[cql]' > ~/.cassandra/cqlshrc && \
- echo 'version=3.4.4' >> ~/.cassandra/cqlshrc && \
- apt-get install -y \
- libffi-dev \
- libxml2-dev && \
- apt-get clean
-
-# Remove bash only if absolutely necessary
-RUN apt-get remove bash -y --allow-remove-essential || true
-
+ apt-get purge -y python3-dev python3-apt && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/* /root/.cache/pip
+# Switch back to system user for runtime
USER sdc
-
+WORKDIR /home/sdc
# Copy sdctool tar and startup
COPY --chown=sdc:sdc sdctool.tar /home/sdc/sdctool.tar
COPY --chown=sdc:sdc scripts /home/sdc/scripts
COPY --chown=sdc:sdc startup.sh /home/sdc
-
# Extract and prepare sdctool
RUN tar -xvf /home/sdc/sdctool.tar -C /home/sdc && \
rm /home/sdc/sdctool.tar && \
chmod +x /home/sdc/scripts/* && \
cp -r /home/sdc/scripts/janusgraph.properties /home/sdc/sdctool/config && \
cp -r /home/sdc/scripts/configuration.yaml /home/sdc/sdctool/config
-
-# Define entrypoint
-ENTRYPOINT [ "sh", "-c", "/home/sdc/startup.sh" ]
+# Ensure all scripts are executable and owned by sdc
+RUN find /home/sdc -type f -name "*.sh" -exec chmod 750 {} \; && \
+ chown -R sdc:sdc /home/sdc
+ENTRYPOINT ["/bin/sh", "/home/sdc/startup.sh"]
<dependency>
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit</artifactId>
- <version>3.4.1.201406201815-r</version>
+ <version>6.9.0.202403050737-r</version>
</dependency>
<!-- spring - used by A4C -->
# Needed for pycurl
ENV PYCURL_SSL_LIBRARY=openssl
-# Install packages only needed for building
+RUN apk update && apk upgrade && apk add --no-cache expat apk-tools
+
+# Install only runtime packages and build dependencies temporarily
RUN apk update && \
- apk add binutils jq libpng && \
- apk add --no-cache \
- libcurl && \
- apk add --no-cache --virtual .build-dependencies \
+ apk add --no-cache libcurl jq libpng python3 py3-pip && \
+ apk add --no-cache --virtual .build-deps \
libressl-dev \
libffi-dev \
libxml2-dev \
build-base \
curl-dev && \
- # needed libcurl to install correctly \
- python -m pip install --upgrade pip && \
- pip install 'pycurl==7.44.1' && \
- apk del .build-dependencies
+ pip install --no-cache-dir pycurl==7.44.1 && \
+ apk del .build-deps
ENV ONAP_LOG=/home/onap/logs
-RUN mkdir $ONAP_LOG && chown onap:onap $ONAP_LOG
+RUN mkdir -p $ONAP_LOG && chown onap:onap $ONAP_LOG
# user/group are the same as in integration/docker/onap-python base image
ENV user=onap group=onap
USER onap
-# Copy scripts and install them
+# Copy scripts and install them under sdc user
COPY --chown=onap:onap scripts /home/onap/scripts
RUN chmod -R a+rx /home/onap/scripts && \
- cd /home/onap/scripts && \
+ cd /home/onap/scripts && \
pip install --user .
# Ensure ALL .local/bin scripts are accessible to any UID
chmod -R a+rx /home/onap/.local/bin && \
chmod -R a+rx /home/onap
-# Make sure PATH includes .local/bin
+# Add .local/bin to PATH and Python site-packages to PYTHONPATH
ENV PATH=$PATH:/home/onap/.local/bin
ENV PYTHONPATH=/home/onap/.local/lib/python3.9/site-packages:$PYTHONPATH
# Copy other required files
COPY --chown=onap:onap normatives.tar.gz /home/onap/
-COPY --chown=onap:onap custom-scripts/create_consumer_and_user.sh /home/onap/create_consumer_and_user.sh
-
+COPY --chown=onap:onap custom-scripts/create_consumer_and_user.sh /home/onap/create_consumer_and_user.sh
COPY --chown=onap:onap custom-scripts/check_backend.sh /home/onap/check_backend.sh
-
-
COPY --chown=onap:onap custom-scripts/import_normatives.sh /home/onap/import_normatives.sh
-
-
COPY --chown=onap:onap startup.sh /home/onap/startup.sh
RUN chmod a+rx /home/onap/*.sh
USER root
ARG JETTY_FOLDER=/app/jetty
-# Install curl for Alpine
-RUN apk update && apk add curl jq gettext
+RUN apk update && \
+ apk add --no-cache curl jq && \
+ rm -rf /var/cache/apk/*
-# Create the Jetty folder and necessary config directories
-RUN mkdir -p $JETTY_FOLDER/ && chown onap:onap $JETTY_FOLDER
+# Create Jetty folder and set permissions
+RUN mkdir -p $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER
ENV JETTY_HOME=$JETTY_FOLDER
ENV JETTY_BASE=$JETTY_FOLDER
ENV JETTY_GROUP=onap
#Download jetty
+
RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz --tries=3 -O $JETTY_FOLDER/jetty.tar.gz && \
tar xz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \
rm -rf $JETTY_FOLDER/jetty.tar.gz
COPY --chown=onap:onap artifacts/files/org.onap.sdc.trust.jks $JETTY_FOLDER/etc/
# Set permissions
-RUN chown -R onap:onap $JETTY_FOLDER/* && \
- chmod 770 $JETTY_FOLDER/startup.sh && \
- chmod 770 $JETTY_FOLDER/set-http-module.sh && $JETTY_FOLDER/set-http-module.sh && \
- chmod 755 $JETTY_FOLDER/setup-keystore-truststore.sh && \
- chmod 755 $JETTY_FOLDER/ready-probe.sh && \
- chmod 755 $JETTY_FOLDER/config/catalog-fe/* && \
- chmod 644 $JETTY_FOLDER/etc/* && \
- chmod 770 /tmp/logback.xml && \
- chmod 755 $JETTY_FOLDER/config/onboarding-fe/* && \
- chmod 755 $JETTY_FOLDER/start.d/*
+RUN chown -R onap:onap $JETTY_FOLDER && \
+ chmod 770 $JETTY_FOLDER/startup.sh $JETTY_FOLDER/set-http-module.sh && \
+ chmod 755 $JETTY_FOLDER/setup-keystore-truststore.sh $JETTY_FOLDER/ready-probe.sh && \
+ chmod 755 $JETTY_FOLDER/config/catalog-fe/* $JETTY_FOLDER/config/onboarding-fe/* $JETTY_FOLDER/start.d/* && \
+ chmod 644 $JETTY_FOLDER/etc/* && chmod 770 /tmp/logback.xml && \
+ # Run HTTP module setup
+ $JETTY_FOLDER/set-http-module.sh && \
+ # Clean apk cache to minimize image size
+ rm -rf /var/cache/apk/*
# Add Jetty rewrite and configuration settings
RUN echo "etc/rewrite-root-to-sdc1.xml" >> "$JETTY_FOLDER/start.d/rewrite.ini" && \
-echo "jetty.httpConfig.sendServerVersion=false" >> "$JETTY_FOLDER/start.d/start.ini"
+ echo "jetty.httpConfig.sendServerVersion=false" >> "$JETTY_FOLDER/start.d/start.ini"
+
USER onap
WORKDIR $JETTY_FOLDER
-ENTRYPOINT [ "sh", "-c", "${JETTY_HOME}/startup.sh"]
+ENTRYPOINT [ "sh", "-c", "${JETTY_HOME}/startup.sh" ]
</env>
<hostname>sdc-cs-init</hostname>
<wait>
- <time>400000</time>
+ <time>600000</time>
<log>SdcSchemaFileImport successfully completed</log>
</wait>
<network>
FROM onap/integration-java11:10.0.0
-# Switch to root user for system installations
USER root
ARG JETTY_FOLDER=/app/jetty
# Install necessary packages and dependencies
RUN set -ex && \
apk update && \
- apk add --no-cache \
- wget \
- build-base \
- libffi-dev \
- libxml2-dev \
- libressl-dev && \
- apk update
+ apk add --no-cache --virtual .build-deps \
+ build-base libffi-dev libxml2-dev libressl-dev wget
ENV JETTY_HOME=$JETTY_FOLDER
ENV JETTY_BASE=$JETTY_FOLDER
ENV JETTY_USER=onap
ENV JETTY_GROUP=onap
-RUN mkdir $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER
+RUN mkdir -p $JETTY_FOLDER && chown onap:onap $JETTY_FOLDER
USER onap
-#Download jetty
-RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz --tries=3 -O $JETTY_FOLDER/jetty.tar.gz && \
- tar xz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \
- rm -rf $JETTY_FOLDER/jetty.tar.gz
+# Download jetty
+RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${jetty-distribution.version}/jetty-distribution-${jetty-distribution.version}.tar.gz \
+ --tries=3 -O $JETTY_FOLDER/jetty.tar.gz && \
+ tar xz -C $JETTY_FOLDER -f $JETTY_FOLDER/jetty.tar.gz --strip 1 && \
+ rm -rf $JETTY_FOLDER/jetty.tar.gz
+
RUN sed -i 's/"jetty"/"onap"/g' $JETTY_FOLDER/etc/jetty-setuid.xml
# Download OpenTelemetry Java Agent
COPY --chown=onap:onap startup.sh $JETTY_FOLDER/
COPY --chown=onap:onap scripts/cleanup_jettydir.sh $JETTY_FOLDER/
COPY --chown=onap:onap scripts/create_jetty_modules.sh $JETTY_FOLDER/
+
# Set executable permissions on the startup script
-RUN chmod 770 $JETTY_FOLDER/startup.sh
-RUN chmod 770 $JETTY_FOLDER/cleanup_jettydir.sh && $JETTY_FOLDER/cleanup_jettydir.sh
-RUN chmod +x $JETTY_FOLDER/create_jetty_modules.sh && $JETTY_FOLDER/create_jetty_modules.sh
+RUN chmod 770 $JETTY_FOLDER/startup.sh && \
+ chmod 770 $JETTY_FOLDER/cleanup_jettydir.sh && $JETTY_FOLDER/cleanup_jettydir.sh && \
+ chmod +x $JETTY_FOLDER/create_jetty_modules.sh && $JETTY_FOLDER/create_jetty_modules.sh
+#Copy configuration files
COPY --chown=onap:onap files/logback.xml $JETTY_FOLDER/config/onboarding-be/
COPY --chown=onap:onap files/org.onap.sdc.p12 $JETTY_FOLDER/etc/
COPY --chown=onap:onap files/org.onap.sdc.trust.jks $JETTY_FOLDER/etc/
COPY --chown=onap:onap files/base_template.yaml $JETTY_BASE/resources/
COPY --chown=onap:onap files/base_template.env $JETTY_BASE/resources/
-ENTRYPOINT [ "sh", "-c", "${JETTY_HOME}/startup.sh"]
+
+
+USER root
+RUN apk del .build-deps
+
+USER onap
+ENTRYPOINT ["sh", "-c", "${JETTY_HOME}/startup.sh"]
<ws.rs.version>2.1.6</ws.rs.version>
<javax.validation.version>2.0.1.Final</javax.validation.version>
- <jetty.version>9.4.51.v20230217</jetty.version>
+ <jetty.version>9.4.54.v20240208</jetty.version>
<jetty-distribution.version>${jetty.version}</jetty-distribution.version>
- <cxf.version>3.6.1</cxf.version>
+ <cxf.version>3.6.3</cxf.version>
<org.owasp.esapi.version>2.4.0.0</org.owasp.esapi.version>
<org.dom4j.version>2.1.3</org.dom4j.version>
<!-- Logging start -->
<!-- logback -->
<logback.version>1.2.12</logback.version>
+ <logstash.encoder.version>7.3</logstash.encoder.version>
<slf4j-api.version>1.7.36</slf4j-api.version>
<commons-codec>1.15</commons-codec>
<janino.version>3.1.9</janino.version>
<artifactId>swagger-maven-plugin</artifactId>
<version>${swagger-core-mvn-plugin.version}</version>
</dependency>
+ <dependency>
+ <groupId>net.logstash.logback</groupId>
+ <artifactId>logstash-logback-encoder</artifactId>
+ <version>${logstash.encoder.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
<dependencies>
+
<dependency>
<!-- must be on the classpath -->
<groupId>org.jacoco</groupId>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
- <version>5.6.3</version>
+ <version>5.6.10</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
</exclusions>
- </dependency>
+ </dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
+ <dependency>
+ <groupId>net.logstash.logback</groupId>
+ <artifactId>logstash-logback-encoder</artifactId>
+ </dependency>
</dependencies>
<reporting>
</exclusions>
</dependency>
- <!-- Proxy servlet -->
+ <!-- Proxy servlet -->
<dependency>
<groupId>com.typesafe</groupId>
<artifactId>config</artifactId>
RUN chmod 770 $JETTY_FOLDER/startup.sh
-ENTRYPOINT [ "sh", "-c", "${JETTY_HOME}/startup.sh"]
+ENTRYPOINT [ "sh", "-c", "${JETTY_HOME}/startup.sh"]
\ No newline at end of file
Code Review / sdc.git / commitdiff