From 27afb0201ce717c25d8ffcc50f8b4972fc98f5c5 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Thu, 7 Feb 2019 16:36:56 -0600 Subject: [PATCH] Refine properties for non-root Issue-ID: AAF-698 Change-Id: I266f0e36842fb506dbb3e412e12eedf64e24418a Signed-off-by: Instrumental --- auth/auth-cass/cass_init/cmd.sh | 5 +++-- auth/auth-cass/docker/Dockerfile.cass | 5 +++++ auth/auth-cass/docker/dbash.sh | 28 ---------------------------- auth/auth-cass/docker/dbuild.sh | 4 +++- auth/auth-cass/docker/drun.sh | 1 + auth/docker/Dockerfile.base | 2 +- auth/docker/Dockerfile.client | 2 +- auth/docker/Dockerfile.config | 3 ++- auth/docker/Dockerfile.core | 2 +- auth/docker/Dockerfile.ms | 4 +++- auth/docker/aaf.sh | 3 ++- auth/docker/dbuild.sh | 5 +++++ auth/docker/drun.sh | 5 ++++- auth/sample/bin/service.sh | 3 --- conf/CA/bootstrap.sh | 3 ++- 15 files changed, 33 insertions(+), 42 deletions(-) delete mode 100644 auth/auth-cass/docker/dbash.sh diff --git a/auth/auth-cass/cass_init/cmd.sh b/auth/auth-cass/cass_init/cmd.sh index ffaf182d..ba55648e 100644 --- a/auth/auth-cass/cass_init/cmd.sh +++ b/auth/auth-cass/cass_init/cmd.sh @@ -33,6 +33,7 @@ fi # Always need startup status... if [ ! -e "$DIR" ]; then mkdir -p "$DIR" + chmod 777 $DIR fi function status { @@ -134,7 +135,7 @@ case "$1" in # Startup like normal echo "Cassandra Startup" - /usr/local/bin/docker-entrypoint.sh + exec /usr/local/bin/docker-entrypoint.sh ;; wait) # Wait for initialization. This can be called from Docker only as a check to make sure it is ready @@ -148,7 +149,7 @@ case "$1" in # Startup like normal echo "Cassandra Startup" - /usr/local/bin/docker-entrypoint.sh + exec /usr/local/bin/docker-entrypoint.sh ;; esac diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass index e79b33fc..aa6a9efb 100644 --- a/auth/auth-cass/docker/Dockerfile.cass +++ b/auth/auth-cass/docker/Dockerfile.cass @@ -30,6 +30,11 @@ COPY cass_init/*.props /opt/app/aaf/cass_init/ COPY aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf/cass_init/ COPY cass_data/*.dat /opt/app/aaf/cass_init/dats/ +RUN mkdir -p /opt/app/aaf/status && chmod 777 /opt/app/aaf/status +#RUN addgroup ${USER} && adduser --no-create-home --ingroup ${USER} --disabled-password --gecos "" --shell /bin/bash ${USER} +#RUN chown -R ${USER}:${USER} /opt/app/aaf/cass_init + + ENTRYPOINT ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh"] CMD ["start"] # Default is to start up with CQL setup only diff --git a/auth/auth-cass/docker/dbash.sh b/auth/auth-cass/docker/dbash.sh deleted file mode 100644 index 1e13d27d..00000000 --- a/auth/auth-cass/docker/dbash.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -######### -# ============LICENSE_START==================================================== -# org.onap.aaf -# =========================================================================== -# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. -# =========================================================================== -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END==================================================== -# -# Pull in AAF Env Variables from AAF install -if [ -e ../../docker/d.props ]; then - . ../../docker/d.props -fi -DOCKER=${DOCKER:-docker} - -$DOCKER exec -it aaf_cass bash - diff --git a/auth/auth-cass/docker/dbuild.sh b/auth/auth-cass/docker/dbuild.sh index 100b8cb9..c708dad5 100644 --- a/auth/auth-cass/docker/dbuild.sh +++ b/auth/auth-cass/docker/dbuild.sh @@ -30,7 +30,9 @@ echo "Building aaf_cass Container for aaf_cass:$VERSION" DIR=$(pwd) cd .. -sed -e 's/${AAF_VERSION}/'${VERSION}'/g' $DIR/Dockerfile.cass > Dockerfile +sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${USER}/'${USER}'/g' \ + $DIR/Dockerfile.cass > Dockerfile cd .. cp -Rf sample/cass_data auth-cass/cass_data cp sample/data/sample.identities.dat auth-cass diff --git a/auth/auth-cass/docker/drun.sh b/auth/auth-cass/docker/drun.sh index 778947eb..cd8ab78c 100644 --- a/auth/auth-cass/docker/drun.sh +++ b/auth/auth-cass/docker/drun.sh @@ -38,6 +38,7 @@ fi if [ "`$DOCKER ps -a | grep aaf-cass`" == "" ]; then echo "starting Cass from 'run'" # NOTE: These HEAP Sizes are minimal. Not set for full organizations. + # --user ${USER} \ $DOCKER run \ --name aaf-cass \ -e HEAP_NEWSIZE=512M \ diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base index 1d74362d..879c3191 100644 --- a/auth/docker/Dockerfile.base +++ b/auth/docker/Dockerfile.base @@ -23,5 +23,5 @@ MAINTAINER AAF Team, AT&T 2018 LABEL description="aaf_base" RUN apk add --no-cache bash RUN apk add --no-cache openssl -RUN addgroup aaf && adduser aaf -G aaf -D -s /bin/bash +RUN addgroup ${USER} && adduser ${USER} -G ${USER} -D -s /bin/bash diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client index f662aace..d0c20578 100644 --- a/auth/docker/Dockerfile.client +++ b/auth/docker/Dockerfile.client @@ -31,6 +31,6 @@ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/ COPY cert/*trust*.b64 /opt/app/aaf_config/cert/ -RUN chown -R aaf:aaf /opt/app/aaf_config +RUN chown -R ${USER}:${USER} /opt/app/aaf_config CMD ["/bin/bash","-c","/opt/app/aaf_config/bin/agent.sh"] diff --git a/auth/docker/Dockerfile.config b/auth/docker/Dockerfile.config index ca3df765..a6d6d4f1 100644 --- a/auth/docker/Dockerfile.config +++ b/auth/docker/Dockerfile.config @@ -37,7 +37,8 @@ COPY bin/pod_wait.sh /opt/app/aaf_config/bin/ COPY bin/aaf-auth-cmd-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ COPY bin/aaf-auth-batch-${AAF_VERSION}-full.jar /opt/app/aaf_config/bin/ -RUN chown -R aaf:aaf /opt/app/aaf_config && mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf +RUN chown -R ${USER}:${USER} /opt/app/aaf_config +RUN mkdir -p /opt/app/osaaf && chown ${USER}:${USER} /opt/app/osaaf CMD ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] CMD [] diff --git a/auth/docker/Dockerfile.core b/auth/docker/Dockerfile.core index 7237a00d..3e87ca56 100644 --- a/auth/docker/Dockerfile.core +++ b/auth/docker/Dockerfile.core @@ -30,5 +30,5 @@ COPY lib /opt/app/aaf/lib COPY bin /opt/app/aaf/bin COPY theme /opt/app/aaf/theme -RUN chown -R aaf:aaf /opt/app/aaf +RUN chown -R ${USER}:${USER} /opt/app/aaf diff --git a/auth/docker/Dockerfile.ms b/auth/docker/Dockerfile.ms index 222816c6..d5614316 100644 --- a/auth/docker/Dockerfile.ms +++ b/auth/docker/Dockerfile.ms @@ -25,7 +25,9 @@ LABEL description="aaf_${AAF_COMPONENT}" LABEL version=${AAF_VERSION} COPY bin/pod_wait.sh /opt/app/aaf/bin/ -RUN mkdir /opt/app/osaaf && chown aaf:aaf /opt/app/osaaf && chown -R aaf:aaf /opt/app/aaf/bin +RUN mkdir -p /opt/app/osaaf && chown ${USER}:${USER} /opt/app/osaaf +RUN mkdir -p /opt/app/aaf/status && chown ${USER}:${USER} /opt/app/aaf/status +RUN chown -R ${USER}:${USER} /opt/app/aaf #CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"] CMD [] diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh index a039be8a..ac888390 100644 --- a/auth/docker/aaf.sh +++ b/auth/docker/aaf.sh @@ -32,9 +32,10 @@ function run_it() { -v "aaf_status:/opt/app/aaf/status" \ $LINKS \ --env aaf_locator_container=docker \ + --env aaf_locator_container_ns=${NAMESPACE} \ --env aaf_locator_fqdn=${HOSTNAME} \ --env aaf_locate_url=https://aaf-locate:8095 \ - --env aaf_locator_public_hostname=$HOSTNAME \ + --env aaf_locator_public_hostname=${HOSTNAME} \ --env AAF_ENV=${AAF_ENV} \ --env LATITUDE=${LATITUDE} \ --env LONGITUDE=${LONGITUDE} \ diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index fd59ed49..f9ff9b3b 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -38,6 +38,7 @@ cd - # AAF Base version - set the core image, etc sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ + -e 's/${USER}/'${USER}'/g' \ Dockerfile.base > Dockerfile $DOCKER build -t ${ORG}/${PROJECT}/aaf_base:${VERSION} . $DOCKER tag ${ORG}/${PROJECT}/aaf_base:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_base:${VERSION} @@ -55,6 +56,7 @@ cp -Rf ../conf/CA sample sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${USER}/'${USER}'/g' \ docker/Dockerfile.config > sample/Dockerfile $DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION} @@ -65,6 +67,7 @@ cp ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar s sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${USER}/'${USER}'/g' \ docker/Dockerfile.client > sample/Dockerfile $DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:${VERSION} @@ -82,6 +85,7 @@ echo Building aaf_$AAF_COMPONENT... sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${USER}/'${USER}'/g' \ Dockerfile.core >../aaf_${VERSION}/Dockerfile cd .. $DOCKER build -t ${ORG}/${PROJECT}/aaf_core:${VERSION} aaf_${VERSION} @@ -105,6 +109,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do sed -e 's/${AAF_VERSION}/'${VERSION}'/g' \ -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' \ -e 's/${DOCKER_REPOSITORY}/'${DOCKER_REPOSITORY}'/g' \ + -e 's/${USER}/'${USER}'/g' \ Dockerfile.ms >../aaf_${VERSION}/Dockerfile cd .. $DOCKER build -t ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} aaf_${VERSION} diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index 6fc3a9a6..d7d43d65 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -91,6 +91,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do #ADD_HOST="$ADD_HOST --add-host=$CASS_HOST" #fi #--hostname="${AAF_COMPONENT}.${NAMESPACE}" \ + # --env aaf_locate_url=https://aaf-locate:8095 \ # $ADD_HOST \ $DOCKER run \ -d \ @@ -99,7 +100,9 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do ${LINKS} \ --env AAF_ENV=${AAF_ENV} \ --env aaf_locator_container=docker \ - --env aaf_locator_fqdn=$HOSTNAME \ + --env aaf_locator_container_ns=${NAMESPACE} \ + --env aaf_locator_fqdn=${HOSTNAME} \ + --env aaf_locator_public_hostname=${HOSTNAME} \ --env LATITUDE=${LATITUDE} \ --env LONGITUDE=${LONGITUDE} \ --env CASSANDRA_CLUSTER=${CASSANDRA_CLUSTER} \ diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index df8a744a..2b964b1c 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -136,9 +136,6 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then for P in `env`; do if [[ "$P" == aaf_locator* ]]; then echo "$P" >> ${TMP} - if [[ "$P" == aaf_locator_container=* ]]; then - echo aaf_locator_container.hostname=${HOSTNAME} >> ${TMP} - fi fi done diff --git a/conf/CA/bootstrap.sh b/conf/CA/bootstrap.sh index bf946782..c6064fbe 100644 --- a/conf/CA/bootstrap.sh +++ b/conf/CA/bootstrap.sh @@ -32,7 +32,8 @@ if [ ! -e ./serial ]; then fi NAME=aaf.bootstrap -FQDN="${HOSTNAME:=$(hostname -f)}" +HOSTNAME="${HOSTNAME:=$(hostname -)}" +FQDN="${aaf_locator_fqdn:=$HOSTNAME}" FQI=aaf@aaf.osaaf.org SUBJECT="/CN=$FQDN/OU=$FQI`cat subject.aaf`" SIGNER_P12=$1 -- 2.16.6