update AAF service dockerfiles to run as user AAF, reusing existing script infra
Issue-ID: AAF-1102
Signed-off-by: ChrisC <christophe.closset@intl.att.com>, JulienBe <jb3179x@att.com>
Change-Id: I2d9feef65a98d4545e407825533cd1741f891b45
DIR="/opt/app/aaf/status"
INSTALLED_VERSION=/var/lib/cassandra/AAF_VERSION
AAF_INIT_DATA=/var/lib/cassandra/AAF_INIT_DATA
+CQLSH=${CQLSH:=/opt/cassandra/bin/cqlsh}
if [ ! -e /aaf_cmd ]; then
ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd
function wait_cql {
status wait for keyspace to be initialized
for CNT in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
- if [ -n "$(cqlsh -e 'describe keyspaces' | grep authz)" ]; then
+ if [ -n "$($CQLSH -e 'describe keyspaces' | grep authz)" ]; then
break
else
echo "Waiting for Keyspaces to be loaded... Sleep 10"
function install_cql {
wait_start cassandra responsive
# Now, make sure data exists
- if [ ! -e $INSTALLED_VERSION ] && [ -n "$(cqlsh -e 'describe keyspaces' | grep authz)" ]; then
- cqlsh --request-timeout=60 -e 'DROP KEYSPACE authz'
+ if [ ! -e $INSTALLED_VERSION ] && [ -n "$($CQLSH -e 'describe keyspaces' | grep authz)" ]; then
+ $CQLSH --request-timeout=60 -e 'DROP KEYSPACE authz'
fi
- if [ -z "`cqlsh --request-timeout 60 -e 'describe keyspaces' | grep authz`" ]; then
+ if [ -z "$($CQLSH --request-timeout 60 -e 'describe keyspaces' | grep authz)" ]; then
status install
echo "Initializing Cassandra DB"
echo "Docker Installed Basic Cassandra on aaf.cass. Executing the following "
echo " cd /opt/app/aaf/cass_init"
cd /opt/app/aaf/cass_init
echo " cqlsh -f keyspace.cql"
- cqlsh --request-timeout=100 -f keyspace.cql
+ $CQLSH --request-timeout=100 -f keyspace.cql
status keyspace installed
echo " cqlsh -f init.cql"
- cqlsh --request-timeout=100 -f init.cql
+ $CQLSH --request-timeout=100 -f init.cql
status data initialized
echo ""
echo "The following will give you a temporary identity with which to start working, or emergency"
echo `date`
ENV=DOCKER
-CQLSH="cqlsh -k authz"
+CQLSH="${CQLSH:=/opt/cassandra/bin/cqlsh} -k authz"
cd dats
if [ "$*" = "" ]; then
COPY cass_data/*.dat /opt/app/aaf/cass_init/dats/
COPY sample.identities.dat /opt/app/aaf/cass_init/data/identites.dat
-RUN mkdir -p /opt/app/aaf/status && chmod 777 /opt/app/aaf/status && \
- addgroup ${USER} && adduser --no-create-home --ingroup ${USER} --disabled-password --gecos "" --shell /bin/bash ${USER} && \
- chown -R ${USER}:${USER} /opt/app/aaf/cass_init
-
+RUN mkdir -p /opt/app/aaf/status &&\
+ chmod 777 /opt/app/aaf/status && \
+ addgroup ${DUSER} && adduser --ingroup cassandra --disabled-password --gecos "" --shell /bin/bash ${DUSER} && \
+ chown -R ${DUSER}:cassandra /opt/app/aaf/cass_init &&\
+ chown -R ${DUSER}:cassandra /etc/cassandra &&\
+ mkdir -p /var/lib/cassandra/data && chown -R ${DUSER}:cassandra /var/lib/cassandra &&\
+ chown -R ${DUSER}:cassandra /var/log/cassandra &&\
+ ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd && chmod a+x /aaf_cmd
+USER ${DUSER}
ENTRYPOINT ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh"]
CMD ["start"]
# Default is to start up with CQL setup only
. ../../docker/d.props
fi
DOCKER=${DOCKER:-docker}
-
+
function SCP() {
SANS=${1/-SNAPSHOT/}
echo $1 = $SANS
DIR=$(pwd)
cd ..
sed -e 's/${AAF_VERSION}/'${VERSION/-SNAPSHOT/}'/g' \
- -e 's/${USER}/'${USER}'/g' \
+ -e 's/${DUSER}/'${DUSER}'/g' \
-e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \
$DIR/Dockerfile.cass > Dockerfile
cd ..
if [ -e ../../docker/d.props ]; then
. ../../docker/d.props
fi
-${DOCKER:=docker} exec -it aaf-cass /usr/bin/cqlsh -k authz
+${DOCKER:=docker} exec -it aaf-cass ${CQLSH:=/usr/bin/cqlsh} -k authz
COPY cert/*trust*.b64 /opt/app/aaf_config/cert/
RUN chmod 755 /opt/app/aaf_config/bin/* &&\
if [ -n "${DUSER}" ]; then chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
-
+USER ${DUSER}
CMD []
RUN mkdir -p /opt/app/osaaf &&\
chmod 755 /opt/app/aaf_config/bin/*.sh &&\
if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/osaaf && chown -R ${DUSER}:${DUSER} /opt/app/aaf_config; fi
-
+USER ${DUSER}
CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"]
&& chown ${DUSER}:${DUSER} /opt/app/osaaf \
&& chown -R ${DUSER}:${DUSER} /opt/app/aaf;\
fi
-
+USER ${DUSER}
&& chown ${DUSER}:${DUSER} /opt/app/osaaf \
&& chown -R ${DUSER}:${DUSER} /opt/app/aaf;\
fi
-
+USER ${DUSER}
CMD []
persistentVolumeClaim:
claimName: aaf-hello-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-hello-vol
- name: aaf-hello-config
image: "{{ .Values.image.repository }}{{ .Values.service.agentImage }}"
imagePullPolicy: IfNotPresent
- name: aaf-status-vol
persistentVolumeClaim:
claimName: aaf-status-pvc
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /var/lib/cassandra
+ chown -R 1000:1000 /var/lib/cassandra
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /var/lib/cassandra
+ name: aaf-cass-vol
containers:
###
### AAF-CASS
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent
persistentVolumeClaim:
claimName: aaf-status-pvc
initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ chmod -R 775 /opt/app/aaf/status
+ chown -R 1000:1000 /opt/app/aaf/status
+ chmod -R 775 /opt/app/osaaf
+ chown -R 1000:1000 /opt/app/osaaf
+ image: busybox:1.28
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - mountPath: /opt/app/aaf/status
+ name: aaf-status-vol
+ - mountPath: /opt/app/osaaf
+ name: aaf-config-vol
- name: aaf-config-container
image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }}
imagePullPolicy: IfNotPresent