From b33cb6c38637ffff8483f8b15763183abdbd5497 Mon Sep 17 00:00:00 2001 From: danielhanrahan Date: Fri, 8 Jul 2022 15:52:48 +0100 Subject: [PATCH] Reduce size of docker images for XACML-PDP Avoid creating extra layers when extracting tarball Remove redundant chown/chmod commands Reduce size of Alpine image by 32% (379MB to 259MB) Reduce size of OpenSuse image by 23% (546MB to 423MB) Issue-ID: POLICY-4273 Signed-off-by: danielhanrahan Change-Id: I5b141b27d9db855c0b624612a54fc525845a02d7 --- .../src/main/docker/Dockerfile | 20 +++++++++++-------- .../src/main/docker/suse.Dockerfile | 23 ++++++++++++---------- .../src/main/package/tarball/assembly.xml | 2 ++ 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile b/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile index dd76e509..d87cfecc 100644 --- a/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile +++ b/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile @@ -19,6 +19,12 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= #------------------------------------------------------------------------------- + +FROM busybox AS tarball +RUN mkdir /packages /extracted +COPY /maven/lib/policy-xacmlpdp.tar.gz /packages/ +RUN tar xvzf /packages/policy-xacmlpdp.tar.gz --directory /extracted/ + FROM onap/policy-jre-alpine:2.4.3 LABEL maintainer="Policy Team" @@ -39,17 +45,15 @@ ENV POLICY_HOME=$POLICY_HOME/pdpx RUN apk update && \ apk add mariadb-client && \ apk add postgresql-client && \ - mkdir -p $POLICY_HOME $POLICY_LOGS $POLICY_HOME/etc/ssl $POLICY_HOME/bin $POLICY_HOME/apps && \ - chown -R policy:policy $POLICY_HOME $POLICY_LOGS && mkdir /packages + mkdir -p $POLICY_HOME $POLICY_LOGS && \ + chown -R policy:policy $POLICY_HOME $POLICY_LOGS -COPY /maven/* /packages -RUN tar xvfz /packages/policy-xacmlpdp.tar.gz --directory $POLICY_HOME && \ - rm /packages/policy-xacmlpdp.tar.gz +COPY --chown=policy:policy --from=tarball /extracted $POLICY_HOME WORKDIR $POLICY_HOME -COPY policy-pdpx.sh bin/. -COPY policy-pdpx-pg.sh bin/. -RUN chown -R policy:policy * && chmod 755 bin/*.sh && chmod 755 mysql/bin/*.sh && chmod 755 postgres/bin/*.sh +COPY --chown=policy:policy policy-pdpx.sh bin/ +COPY --chown=policy:policy policy-pdpx-pg.sh bin/ +RUN chmod 755 bin/*.sh USER policy WORKDIR $POLICY_HOME/bin diff --git a/packages/policy-xacmlpdp-docker/src/main/docker/suse.Dockerfile b/packages/policy-xacmlpdp-docker/src/main/docker/suse.Dockerfile index 67ae7c1e..c8732ca8 100644 --- a/packages/policy-xacmlpdp-docker/src/main/docker/suse.Dockerfile +++ b/packages/policy-xacmlpdp-docker/src/main/docker/suse.Dockerfile @@ -18,6 +18,12 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= #------------------------------------------------------------------------------- + +FROM busybox AS tarball +RUN mkdir /packages /extracted +COPY /maven/lib/policy-xacmlpdp.tar.gz /packages/ +RUN tar xvzf /packages/policy-xacmlpdp.tar.gz --directory /extracted/ + FROM opensuse/leap:15.4 LABEL maintainer="Policy Team" @@ -37,22 +43,19 @@ ENV POLICY_HOME=/opt/app/policy/pdpx ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 ENV JAVA_HOME=/usr/lib64/jvm/java-11-openjdk-11 -RUN zypper -n -q install --no-recommends gzip java-11-openjdk-headless mariadb-client netcat-openbsd postgresql tar && \ +RUN zypper -n -q install --no-recommends java-11-openjdk-headless mariadb-client netcat-openbsd postgresql && \ zypper -n -q update && zypper -n -q clean --all && \ groupadd --system policy && \ useradd --system --shell /bin/sh -G policy policy && \ - mkdir -p $POLICY_LOGS $POLICY_HOME $POLICY_HOME/etc/ssl $POLICY_HOME/bin $POLICY_HOME/apps && \ - chown -R policy:policy $POLICY_HOME $POLICY_LOGS && \ - mkdir /packages + mkdir -p $POLICY_HOME $POLICY_LOGS && \ + chown -R policy:policy $POLICY_HOME $POLICY_LOGS -COPY /maven/* /packages -RUN tar xvfz /packages/policy-xacmlpdp.tar.gz --directory $POLICY_HOME && \ - rm /packages/policy-xacmlpdp.tar.gz +COPY --chown=policy:policy --from=tarball /extracted $POLICY_HOME WORKDIR $POLICY_HOME -COPY policy-pdpx.sh bin/. -COPY policy-pdpx-pg.sh bin/. -RUN chown -R policy:policy * && chmod 755 bin/*.sh && chmod 755 mysql/bin/*.sh && chmod 755 postgres/bin/*.sh +COPY --chown=policy:policy policy-pdpx.sh bin/ +COPY --chown=policy:policy policy-pdpx-pg.sh bin/ +RUN chmod 755 bin/*.sh USER policy WORKDIR $POLICY_HOME/bin diff --git a/packages/policy-xacmlpdp-tarball/src/main/package/tarball/assembly.xml b/packages/policy-xacmlpdp-tarball/src/main/package/tarball/assembly.xml index 354b12a7..8a8c1544 100644 --- a/packages/policy-xacmlpdp-tarball/src/main/package/tarball/assembly.xml +++ b/packages/policy-xacmlpdp-tarball/src/main/package/tarball/assembly.xml @@ -68,6 +68,7 @@ ${file.separator}mysql${file.separator}bin unix + 0755 ${project.basedir}/src/main/resources/mysql/sql @@ -86,6 +87,7 @@ ${file.separator}postgres${file.separator}bin unix + 0755 ${project.basedir}/src/main/resources/postgres/sql -- 2.16.6