[DMAAP BC] Remove the onap cert from container

[dmaap/buscontroller.git] / dmaap-bc / src / main / resources / Dockerfile

diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile
index 014fb5e..0f9e6a6 100644 (file)
--- a/dmaap-bc/src/main/resources/Dockerfile
+++ b/dmaap-bc/src/main/resources/Dockerfile
@@ -18,7 +18,7 @@
 #  limitations under the License.
 #  ============LICENSE_END====================================================
 #
-FROM openjdk:8-jre-alpine
+FROM library/maven:3.6-jdk-11
 
 MAINTAINER DMAAP Team
 
@@ -26,26 +26,20 @@ COPY /opt /opt
 
 WORKDIR /opt/app/dmaapbc
 
-# Install AAF CA certificate
-RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
-RUN mkdir -p /usr/local/share/ca-certificates && \
-    mv misc/aaf-ca.crt /usr/local/share/ca-certificates/aaf-ca.crt
-RUN update-ca-certificates
-
-# Install curl
-RUN apk add --no-cache curl
-
-# Install bash
-RUN apk update  && apk add bash
+RUN apt-get update && \
+    apt-get install -y \
+       curl \
+       jq \
+       openssl \
+       net-tools \
+       wget \
+       procps \
+       bash
 
 #prepare certificate location for cadi
-RUN mkdir -p /opt/app/osaaf && \
-    ln -s /opt/app/dmaapbc/etc /opt/app/osaaf/local
+RUN mkdir -p /opt/app/osaaf 
 
-RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \
-    chmod 600 etc/keystore && \
-    chmod 600 etc/org.onap.dmaap-bc.trust.jks && \
-    chmod +x bin/* && \
+RUN chmod +x bin/* && \
     mkdir logs && \
     mkdir www && \
     mkdir doc && \
@@ -53,4 +47,10 @@ RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \
 
 VOLUME /opt/app/dmaapbc/log
 
+RUN addgroup --system -gid 1001 onap \
+    && adduser --ingroup onap --system --disabled-password --no-create-home --uid 1000 dbc \
+    && chown -R dbc:onap /opt/
+
+USER dbc
+
 ENTRYPOINT ["sh", "./bin/dmaapbc", "deploy"]