Run the app with a non-root user

author tangpeng <tang.peng5@zte.com.cn>

Tue, 26 Feb 2019 08:20:28 +0000 (08:20 +0000)

committer tangpeng <tang.peng5@zte.com.cn>

Tue, 26 Feb 2019 08:20:28 +0000 (08:20 +0000)
author tangpeng <tang.peng5@zte.com.cn>
Tue, 26 Feb 2019 08:20:28 +0000 (08:20 +0000)
committer tangpeng <tang.peng5@zte.com.cn>
Tue, 26 Feb 2019 08:20:28 +0000 (08:20 +0000)
diff --git a/engine-d-standalone/src/main/assembly/Dockerfile b/engine-d-standalone/src/main/assembly/Dockerfile

index d8943b6..119321a 100644 (file)
--- a/engine-d-standalone/src/main/assembly/Dockerfile
+++ b/engine-d-standalone/src/main/assembly/Dockerfile
@@ -2,7 +2,7 @@ FROM openresty/openresty:alpine
  
  MAINTAINER "Guangrong Fu" <fu.guangrong@zte.com.cn>
  
-EXPOSE 9102 9202 8312
+EXPOSE 9102 9202
  
  ENV HOSTNAME holmes-engine-mgmt
  
@@ -13,21 +13,21 @@ ENV LANG C.UTF-8
  # add a simple script that can auto-detect the appropriate JAVA_HOME value
  # based on whether the JDK or only the JRE is installed
  RUN { \
-               echo '#!/bin/sh'; \
-               echo 'set -e'; \
-               echo; \
-               echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
-       } > /usr/local/bin/docker-java-home \
-       && chmod +x /usr/local/bin/docker-java-home
+                echo '#!/bin/sh'; \
+                echo 'set -e'; \
+                echo; \
+                echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
+        } > /usr/local/bin/docker-java-home \
+        && chmod +x /usr/local/bin/docker-java-home
  ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
  ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin
  
  ENV JAVA_ALPINE_VERSION 8.191.12-r0
  
  RUN set -x \
-       && apk add --no-cache \
-               openjdk8="$JAVA_ALPINE_VERSION" \
-       && [ "$JAVA_HOME" = "$(docker-java-home)" ]
+        && apk add --no-cache \
+                openjdk8="$JAVA_ALPINE_VERSION" \
+        && [ "$JAVA_HOME" = "$(docker-java-home)" ]
  
  #install neccessary tools
  RUN apk upgrade \
@@ -36,22 +36,17 @@ RUN apk upgrade \
      && apk add --no-cache wget \
      && apk add --no-cache postgresql-client=10.5-r0
  
-#install ActiveMQ
-RUN mkdir /home/downloads
-RUN mkdir /home/activemq
-RUN cd /home/downloads
-RUN wget http://archive.apache.org/dist/activemq/apache-activemq/5.9.0/apache-activemq-5.9.0-bin.tar.gz
-RUN tar -xzvf apache-activemq-5.9.0-bin.tar.gz -C /home/activemq/
-RUN rm -rf /home/downloads
+#switch the user to holmes
+RUN addgroup -S holmes && adduser -S -G holmes holmes
  
  #add the backend package to the docker image
-RUN mkdir /home/holmes
  WORKDIR /home/holmes
  ADD holmes-engine-d-standalone-*-linux64.tar.gz /home/holmes/
+RUN chmod -R a+rw /home/holmes/
+RUN chmod -R a+rw /var/log/
  RUN chmod 755 /home/holmes/bin/*.sh
  
-CMD ["sh", "/home/holmes/bin/run.sh"]
-
-
+USER holmes
  
+CMD ["sh", "/home/holmes/bin/run.sh"]
  
diff --git a/engine-d-standalone/src/main/assembly/bin/run.sh b/engine-d-standalone/src/main/assembly/bin/run.sh

index ba11029..0da0cf8 100644 (file)
--- a/engine-d-standalone/src/main/assembly/bin/run.sh
+++ b/engine-d-standalone/src/main/assembly/bin/run.sh
@@ -33,10 +33,6 @@ echo @JAVA_OPTS@ $JAVA_OPTS
  class_path="$main_path/:$main_path/holmes-engine-d.jar"
  echo @class_path@ $class_path
  
-sed -i "s/activemq.username=.*/activemq.username=activemq/" /home/activemq/apache-activemq-5.9.0/conf/credentials.properties
-sed -i "s/activemq.password=.*/activemq.password=v1/" /home/activemq/apache-activemq-5.9.0/conf/credentials.properties
-/home/activemq/apache-activemq-5.9.0/bin/activemq start
-
  if [ -z ${JDBC_USERNAME} ]; then
      export JDBC_USERNAME=holmes
      echo "No user name is specified for the database. Use the default value \"$JDBC_USERNAME\"."
@@ -73,9 +69,6 @@ if [ ! -z ${URL_JDBC} ] && [ `expr index $URL_JDBC :` != 0 ]; then
  fi
  echo DB_PORT=$DB_PORT
  
-#ActiveMQ IP Configurations
-sed -i "s|brokerIp:.*|brokerIp: $SERVICE_IP|" "$main_path/conf/engine-d.yml"
-
  KEY_PATH="$main_path/conf/holmes.keystore"
  KEY_PASSWORD="holmes"
  
diff --git a/engine-d-standalone/src/main/assembly/conf/engine-d.yml b/engine-d-standalone/src/main/assembly/conf/engine-d.yml

index e2f1f64..4709864 100644 (file)
--- a/engine-d-standalone/src/main/assembly/conf/engine-d.yml
+++ b/engine-d-standalone/src/main/assembly/conf/engine-d.yml
@@ -73,8 +73,3 @@ database:
    evictionInterval: 10s\r
    minIdleTime: 1s\r
  \r
-mqConfig:\r
-  brokerIp: 10.74.156.206\r
-  brokerPort: 61616\r
-  brokerUsername: activemq\r
-  brokerPassword: v1\r
diff --git a/engine-d/src/main/java/org/onap/holmes/engine/EngineDAppConfig.java b/engine-d/src/main/java/org/onap/holmes/engine/EngineDAppConfig.java

index 71a58f9..836912f 100644 (file)
--- a/engine-d/src/main/java/org/onap/holmes/engine/EngineDAppConfig.java
+++ b/engine-d/src/main/java/org/onap/holmes/engine/EngineDAppConfig.java
@@ -21,29 +21,16 @@ import io.dropwizard.db.DataSourceFactory;
  import javax.validation.Valid;
  import javax.validation.constraints.NotNull;
  import org.jvnet.hk2.annotations.Service;
-import org.onap.holmes.common.config.MQConfig;
  
  @Service
  public class EngineDAppConfig extends Configuration {
  
      private String apidescription = "Holmes rule management rest API";
  
-    @JsonProperty
-    @NotNull
-    @Valid
-    private MQConfig mqConfig;
      @Valid
      @NotNull
      private DataSourceFactory database = new DataSourceFactory();
  
-    public MQConfig getMqConfig() {
-        return mqConfig;
-    }
-
-    public void setMqConfig(MQConfig mqConfig) {
-        this.mqConfig = mqConfig;
-    }
-
      @JsonProperty("database")
      public DataSourceFactory getDataSourceFactory() {
          return database;
diff --git a/engine-d/src/test/java/org/onap/holmes/engine/EnginedAppConfigTest.java b/engine-d/src/test/java/org/onap/holmes/engine/EnginedAppConfigTest.java

index 9642474..c550b37 100644 (file)
--- a/engine-d/src/test/java/org/onap/holmes/engine/EnginedAppConfigTest.java
+++ b/engine-d/src/test/java/org/onap/holmes/engine/EnginedAppConfigTest.java
@@ -22,7 +22,6 @@ import org.hamcrest.core.IsNull;
  import org.junit.Assert;\r
  import org.junit.Before;\r
  import org.junit.Test;\r
-import org.onap.holmes.common.config.MQConfig;\r
  import org.powermock.api.easymock.PowerMock;\r
  \r
  public class EnginedAppConfigTest {\r
@@ -34,20 +33,6 @@ public class EnginedAppConfigTest {
          engineAppConfig = new EngineDAppConfig();\r
      }\r
  \r
-    @Test\r
-    public void getMqConfig() {\r
-        MQConfig mqConfig = PowerMock.createMock(MQConfig.class);\r
-        engineAppConfig.setMqConfig(mqConfig);\r
-        Assert.assertThat(engineAppConfig.getMqConfig(), IsNull.notNullValue());\r
-    }\r
-\r
-    @Test\r
-    public void setMqConfig() {\r
-        MQConfig mqConfig = PowerMock.createMock(MQConfig.class);\r
-        engineAppConfig.setMqConfig(mqConfig);\r
-        Assert.assertThat(engineAppConfig.getMqConfig(), IsEqual.equalTo(mqConfig));\r
-    }\r
-\r
      @Test\r
      public void getDataSourceFactory() {\r
          Assert.assertThat(engineAppConfig.getDataSourceFactory(), IsNull.<DataSourceFactory>notNullValue());\r
author	tangpeng <tang.peng5@zte.com.cn>
	Tue, 26 Feb 2019 08:20:28 +0000 (08:20 +0000)
committer	tangpeng <tang.peng5@zte.com.cn>
	Tue, 26 Feb 2019 08:20:28 +0000 (08:20 +0000)
engine-d-standalone/src/main/assembly/Dockerfile		patch \| blob \| history
engine-d-standalone/src/main/assembly/bin/run.sh		patch \| blob \| history
engine-d-standalone/src/main/assembly/conf/engine-d.yml		patch \| blob \| history
engine-d/src/main/java/org/onap/holmes/engine/EngineDAppConfig.java		patch \| blob \| history
engine-d/src/test/java/org/onap/holmes/engine/EnginedAppConfigTest.java		patch \| blob \| history