From: Fiete Ostkamp Date: Mon, 16 Mar 2026 09:49:47 +0000 (+0100) Subject: Use python 3.11-alpine image in catalog-be backend-init X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=55fc9160aacfcf522e021f9def2405cc22551c3c;p=sdc.git Use python 3.11-alpine image in catalog-be backend-init - use public python:3.11-alpine image [0] - remove unused packages from the image (lib-xml,-ffi,libressl,...) - simplify dockerfile syntax a bit - make sure import_normatives.sh doesn't fail silently (which makes root cause analysis harder) [0] official images are regularly updated and make it easier to reason what they contain (as opposed to custom images) Issue-ID: SDC-4803 Change-Id: Id2676b4e92298a0823da35dd601a1991b9e93400 Signed-off-by: Fiete Ostkamp --- diff --git a/catalog-be/sdc-backend-init/Dockerfile b/catalog-be/sdc-backend-init/Dockerfile index 3473a0d763..66d2a595ae 100644 --- a/catalog-be/sdc-backend-init/Dockerfile +++ b/catalog-be/sdc-backend-init/Dockerfile @@ -1,56 +1,38 @@ -FROM onap/integration-python:9.0.0 +FROM python:3.11-alpine USER root -# Needed for pycurl +# Create onap user/group (previously provided by onap/integration-python base image) +RUN addgroup -S onap && adduser -S -G onap onap + +# Needed for pycurl SSL backend selection ENV PYCURL_SSL_LIBRARY=openssl -RUN apk update && apk upgrade && apk add --no-cache expat apk-tools - -# Install only runtime packages and build dependencies temporarily -RUN apk update && \ - apk add --no-cache libcurl jq libpng python3 py3-pip && \ - apk add --no-cache --virtual .build-deps \ - libressl-dev \ - libffi-dev \ - libxml2-dev \ - build-base \ - curl-dev && \ +# Install runtime libcurl, build and install pycurl, then remove build deps +RUN apk add --no-cache libcurl && \ + apk add --no-cache --virtual .build-deps build-base curl-dev openssl-dev && \ pip install --no-cache-dir pycurl==7.44.1 && \ apk del .build-deps ENV ONAP_LOG=/home/onap/logs RUN mkdir -p $ONAP_LOG && chown onap:onap $ONAP_LOG -# user/group are the same as in integration/docker/onap-python base image -ENV user=onap group=onap - USER onap -# Copy scripts and install them under sdc user +# Copy and install Python sdcBePy package COPY --chown=onap:onap scripts /home/onap/scripts +RUN cd /home/onap/scripts && \ + pip install --no-cache-dir --user . -RUN chmod -R a+rx /home/onap/scripts && \ - cd /home/onap/scripts && \ - pip install --user . - -# Ensure ALL .local/bin scripts are accessible to any UID -RUN chmod -R a+rx /home/onap/.local && \ - chmod -R a+rx /home/onap/.local/bin && \ - chmod -R a+rx /home/onap - -# Add .local/bin to PATH and Python site-packages to PYTHONPATH ENV PATH=$PATH:/home/onap/.local/bin -ENV PYTHONPATH=/home/onap/.local/lib/python3.9/site-packages:$PYTHONPATH -# Copy other required files +# Copy remaining files COPY --chown=onap:onap normatives.tar.gz /home/onap/ -COPY --chown=onap:onap custom-scripts/create_consumer_and_user.sh /home/onap/create_consumer_and_user.sh -COPY --chown=onap:onap custom-scripts/check_backend.sh /home/onap/check_backend.sh -COPY --chown=onap:onap custom-scripts/import_normatives.sh /home/onap/import_normatives.sh +COPY --chown=onap:onap custom-scripts/ /home/onap/ COPY --chown=onap:onap startup.sh /home/onap/startup.sh -RUN chmod a+rx /home/onap/*.sh +# Ensure all files are accessible to any UID (OpenShift compatibility) +RUN chmod -R a+rx /home/onap WORKDIR /home/onap/ diff --git a/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh b/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh index 12da11d64d..a24d6047ce 100644 --- a/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh +++ b/catalog-be/sdc-backend-init/custom-scripts/import_normatives.sh @@ -1,12 +1,13 @@ #!/bin/sh +set -e # Set protocol and port based on DISABLE_HTTP if [ "$DISABLE_HTTP" = "true" ]; then protocol="https" be_port=$BE_HTTPS_PORT param="-i $BE_IP -p $be_port --https" - + # Set TLS flags if certificates are provided if [ -n "$TLS_CERT" ]; then tls_cert="--tls_cert $TLS_CERT" @@ -30,7 +31,7 @@ fi if [ "$BASIC_AUTH_ENABLED" = "true" ]; then basic_auth_user="${BASIC_AUTH_USER:-}" basic_auth_pass="${BASIC_AUTH_PASS:-}" - + if [ -n "$basic_auth_user" ] && [ -n "$basic_auth_pass" ]; then basic_auth_config="--header $(echo -n "$basic_auth_user:$basic_auth_pass" | base64)" else @@ -46,20 +47,14 @@ cd /var/tmp/ || exit 1 cp /home/onap/normatives.tar.gz /var/tmp/ tar -xvf /var/tmp/normatives.tar.gz -start_time=$(date +"%Y-%m-%d %H:%M:%S") -echo "[$start_time] Starting sdcinit..." +start_ts=$(date +%s) +echo "[$(date +"%Y-%m-%d %H:%M:%S")] Starting sdcinit..." # Run sdcinit command with the constructed parameters cd /var/tmp/normatives/import/tosca || exit 1 sdcinit $param $basic_auth_config $tls_cert $tls_key $tls_key_pw $ca_cert -end_time=$(date +"%Y-%m-%d %H:%M:%S") -echo "[$end_time] Done sdcinit." - -start_ts=$(date -d "$start_time" +%s) -end_ts=$(date -d "$end_time" +%s) -elapsed=$((end_ts - start_ts)) -echo "Elapsed time: $elapsed seconds" +elapsed=$(( $(date +%s) - start_ts )) +echo "[$(date +"%Y-%m-%d %H:%M:%S")] sdcinit completed successfully. Elapsed time: ${elapsed} seconds" echo "SDC initialization Done." -