Remove sudo capability for onap user for VF-C resmanagement docker

Change-Id: Iee12bf6a1211cab2a97ea9985eeec883e9ecdff5
Issue-ID: VFC-1640
Signed-off-by: yangyan <yangyanyj@chinamobile.com>

diff --git a/ResmanagementService/docker/Dockerfile b/ResmanagementService/docker/Dockerfile
index e2097cc..1b71e77 100644 (file)
--- a/ResmanagementService/docker/Dockerfile
+++ b/ResmanagementService/docker/Dockerfile
@@ -1,62 +1,11 @@
-#
-# This file was auto-generated by gen-all-dockerfiles.sh; do not modify manually.
-#
-# nfvo-resmanagement/target/Dockerfile
-#
-
-# 10-basebuild.txt
-
 FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
 ENV JAVA_HOME /usr/lib/jvm/jre
-
+ENV CATALINA_HOME /service
+ADD . /service
 WORKDIR /service
-
-# 20-mysq.txt
-
-# Set up mysql
-RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm
-RUN yum -y update
-RUN yum -y install -y mysql-server
-RUN mysql_install_db --user=mysql --datadir=/var/lib/mysql
-
+RUN bash docker-env-config.sh
 VOLUME /var/lib/mysql
-
-COPY init-mysql.sh .
-
-# 30-tomcat.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY
-# Set up tomcat
-RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && rm -f apache-tomcat-8.5.30.tar.gz && rm -rf webapps && mkdir -p webapps/ROOT
-RUN echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
-ENV CATALINA_HOME /service
-
-# 50-microservice.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY
-
-# Set up microservice
-
-RUN wget -q -O nfvo-resmanagement.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.resmanagement&a=vfc-nfvo-resmanagement-deployment&v=LATEST&e=zip" && unzip -q -o -B nfvo-resmanagement.zip && rm -f nfvo-resmanagement.zip
-# Set permissions
-RUN find . -type d -exec chmod o-w {} \;
-RUN find . -name "*.sh" -exec chmod +x {} \;
 EXPOSE 8480
-
-
-
-# 90-entrypoint.txt
-
-RUN yum clean all
-
-COPY instance-config.sh .
-COPY instance-init.sh .
-COPY instance-run.sh .
-COPY instance-workaround.sh .
-COPY docker-entrypoint.sh .
+USER onap
+WORKDIR /service
 ENTRYPOINT /service/docker-entrypoint.sh
-
-COPY LICENSE ./ONAP_LICENSE

diff --git a/ResmanagementService/docker/docker-entrypoint.sh b/ResmanagementService/docker/docker-entrypoint.sh
index c2cf899..5bf25a6 100644 (file)
--- a/ResmanagementService/docker/docker-entrypoint.sh
+++ b/ResmanagementService/docker/docker-entrypoint.sh
@@ -36,7 +36,7 @@ echo
 
 # Wait for MSB initialization
 echo Wait for MSB initialization
-for i in {1..10}; do
+for i in {1..5}; do
     curl -sS -m 1 $MSB_ADDR > /dev/null && break
     sleep $i
 done
@@ -47,7 +47,7 @@ echo
 ./instance-config.sh
 
 # Start mysql
-su mysql -c /usr/bin/mysqld_safe &
+/usr/bin/mysqld_safe &
 
 # Perform one-time config
 if [ ! -e init.log ]; then

diff --git a/ResmanagementService/docker/docker-env-config.sh b/ResmanagementService/docker/docker-env-config.sh
new file mode 100644 (file)
index 0000000..b187d0b
--- /dev/null
+++ b/ResmanagementService/docker/docker-env-config.sh
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+add_user(){
+
+       useradd  onap
+}
+
+set_up_mysql_jdk(){
+
+       sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+       sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+       yum update -y
+       
+       yum install -y wget unzip socat java-1.8.0-openjdk-headless
+       sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+       # Set up mysql
+       wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && \
+               rpm -ivh mysql-community-release-el7-5.noarch.rpm && \
+               rm -f mysql-community-release-el7-5.noarch.rpm
+       yum -y update
+       yum -y install -y mysql-server
+       mysql_install_db --user=onap --datadir=/var/lib/mysql
+       chown onap:onap -R /var/run/mysqld
+       chmod g+s /var/run/mysqld
+       setfacl -d --set u:onap:rwx /var/run/mysqld
+       chown onap:onap /var/log/mysqld.log
+       chmod g+s /var/log/mysqld.log
+       chown onap:onap -R /var/lib/mysql-files
+       chmod g+s /var/lib/mysql-files
+       setfacl -d --set u:onap:rwx /var/lib/mysql-files
+       chown onap:onap /etc/my.cnf
+}
+
+set_up_tomcat(){
+       # Set up tomcat
+       wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
+               tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
+               rm -f apache-tomcat-8.5.30.tar.gz && 
+               rm -rf webapps && \
+               mkdir -p webapps/ROOT
+       echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh
+       
+       #wget -q -O nfvo-resmanagement.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.resmanagement&a=vfc-nfvo-resmanagement-deployment&v=LATEST&e=zip" && \
+               unzip -q -o -B nfvo-resmanagement.zip && \
+               rm -f nfvo-resmanagement.zip
+       # Set permissions
+       find . -type d -exec chmod o-w {} \;
+       find . -name "*.sh" -exec chmod +x {} \;
+       chown onap:onap -R /service
+       chmod g+s /service
+       setfacl -d --set u:onap:rwx /service
+
+}
+
+clean_sf_cache(){
+
+       yum clean all
+}
+
+add_user
+set_up_mysql_jdk
+wait
+set_up_tomcat
+wait
+clean_sf_cache
+