From 3151df6463e77aba7f0234a1604b2839450bbc3f Mon Sep 17 00:00:00 2001 From: GuangrongFu Date: Wed, 1 Jul 2020 08:49:18 +0800 Subject: [PATCH] Changed the Base Image to onap/integration-java11:7.0.0 Change-Id: I0e71d0250c4d1f37d907bf2d1931b3ec8edce44f Issue-ID: HOLMES-326 Signed-off-by: GuangrongFu --- rulemgt-standalone/src/main/assembly/Dockerfile | 74 ++++++++-------------- rulemgt-standalone/src/main/assembly/bin/run.sh | 16 ++--- .../src/main/assembly/nginx-http.conf | 4 +- .../src/main/assembly/nginx-https.conf | 8 +-- 4 files changed, 40 insertions(+), 62 deletions(-) diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile index 51a0ec5..03630eb 100644 --- a/rulemgt-standalone/src/main/assembly/Dockerfile +++ b/rulemgt-standalone/src/main/assembly/Dockerfile @@ -1,61 +1,39 @@ -FROM openresty/openresty:alpine +FROM onap/integration-java11:7.0.0 MAINTAINER "Guangrong Fu" +USER root + # 9101 - service port # 9104 - GUI port # 9201 - debugging port EXPOSE 9101 9104 9201 ENV HOSTNAME=holmes-rule-mgmt \ - LANG=C.UTF-8 \ - JAVA_HOME=/usr/lib/jvm/java-11-openjdk \ - PATH=$PATH:/usr/lib/jvm/java-11-openjdk/jre/bin:/usr/lib/jvm/java-11-openjdk/bin \ - JAVA_ALPINE_VERSION=11.0.5_p10-r0 \ - PG_VERSION=12.2-r0 - -#add the backend package to the docker image -WORKDIR /home/holmes -ADD holmes-rulemgt-standalone-*-linux64.tar.gz /home/holmes/ - -#RUN mkdir /etc/ssl/private -ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html/ -ADD nginx-https.conf /usr/local/openresty/nginx/conf -ADD nginx-http.conf /usr/local/openresty/nginx/conf + LANG=C.UTF-8 + +RUN apt-get upgrade \ + && apt-get update \ + && apt-get install -y curl postgresql-client-11 nginx + + +ADD holmes-rulemgt-standalone-*-linux64.tar.gz /opt/onap/ +ADD holmes-rulemgt-frontend-*.tar.gz /usr/share/nginx/html/ +ADD nginx-https.conf /etc/nginx/conf.d/ +ADD nginx-http.conf /etc/nginx/conf.d/ ADD holmes-frontend.key /etc/ssl/private/ -ADD holmes-frontend-selfsigned.crt /etc/ssl/public/ -ADD dhparam.pem /etc/ssl/public/ - -#install java-11-openjdk - -# add a simple script that can auto-detect the appropriate JAVA_HOME value -# based on whether the JDK or only the JRE is installed -RUN { \ - echo '#!/bin/sh'; \ - echo 'set -e'; \ - echo; \ - echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \ - } > /usr/local/bin/docker-java-home \ - && chmod +x /usr/local/bin/docker-java-home \ - && set -x \ - && apk upgrade \ - && apk update \ - && apk add --no-cache openjdk11="$JAVA_ALPINE_VERSION" \ - && [ "$JAVA_HOME" = "$(docker-java-home)" ] \ - #install neccessary tools - && apk add --no-cache curl \ - && apk add --no-cache postgresql-client="$PG_VERSION" \ - && apk add --no-cache nss \ - #add the frontend pacakge to the docker images - && rm /etc/nginx/conf.d/default.conf \ - && chmod -R 777 /usr/local/openresty/nginx/ \ - && chmod -R 755 /etc/ssl/public \ - #switch the user to holmes - && addgroup -S holmes && adduser -S -G holmes holmes \ - && chmod -R a+rw /home/holmes/ \ +ADD holmes-frontend-selfsigned.crt /etc/ssl/certs/ +ADD dhparam.pem /etc/ssl/certs/ + +RUN mkdir -p /usr/share/nginx/logs \ + && chmod -R 777 /usr/share/nginx/ \ + && chmod -R 777 /var/lib/nginx/ \ + && chmod -R 755 /etc/ssl/private/ \ + && chmod -R 777 /etc/nginx/conf.d/ \ + && chmod -R a+rw /opt/onap/ \ && chmod -R a+rw /var/log/ \ - && chmod 755 /home/holmes/bin/*.sh + && chmod 755 /opt/onap/bin/*.sh -USER holmes -CMD ["sh", "/home/holmes/bin/run.sh"] +USER onap +ENTRYPOINT ["sh", "/opt/onap/bin/run.sh"] diff --git a/rulemgt-standalone/src/main/assembly/bin/run.sh b/rulemgt-standalone/src/main/assembly/bin/run.sh index c9c1e65..fbc7e21 100644 --- a/rulemgt-standalone/src/main/assembly/bin/run.sh +++ b/rulemgt-standalone/src/main/assembly/bin/run.sh @@ -27,7 +27,7 @@ main_path=$RUNHOME/.. cd $main_path JAVA_OPTS="-Xms50m -Xmx128m" port=9201 -#JAVA_OPTS="$JAVA_OPTS -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,address=$port,server=y,suspend=n" +#JAVA_OPTS="$JAVA_OPTS -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,address=*:$port,server=y,suspend=n" echo @JAVA_OPTS@ $JAVA_OPTS class_path="$main_path/lib/*" @@ -56,7 +56,7 @@ sed -i "s|msbServerAddr:.*|msbServerAddr: http://$MSB_ADDR|" "$main_path/conf/ru export SERVICE_IP=`hostname -i` echo SERVICE_IP=${SERVICE_IP} -if [ ! -z ${TESTING} ] && [ ${TESTING} == 1 ]; then +if [ ! -z ${TESTING} -a ${TESTING} = 1 ]; then if [ ! -z ${HOST_IP} ]; then export HOSTNAME=${HOST_IP}:9101 else @@ -65,7 +65,7 @@ if [ ! -z ${TESTING} ] && [ ${TESTING} == 1 ]; then fi export DB_PORT=5432 -if [ ! -z ${URL_JDBC} ] && [ `expr index $URL_JDBC :` != 0 ]; then +if [ ! -z ${URL_JDBC} -a `expr index $URL_JDBC :` != 0 ]; then export DB_PORT="${URL_JDBC##*:}" fi echo DB_PORT=$DB_PORT @@ -73,7 +73,7 @@ echo DB_PORT=$DB_PORT if [ -z ${ENABLE_ENCRYPT} ]; then export ENABLE_ENCRYPT=true fi -echo ENABLE_ENCRYPT=$ENABLE_ENCRYPT +echo ENABLE_ENCRYPT=${ENABLE_ENCRYPT} KEY_PATH="$main_path/conf/holmes.keystore" KEY_PASSWORD="holmes" @@ -81,7 +81,7 @@ KEY_PASSWORD="holmes" sed -i "s|keyStorePath:.*|keyStorePath: $KEY_PATH|" "$main_path/conf/rulemgt.yml" sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf/rulemgt.yml" -if [ ${ENABLE_ENCRYPT} == true ]; then +if [ ${ENABLE_ENCRYPT} = true ]; then sed -i "s|type:\s*https\?$|type: https|" "$main_path/conf/rulemgt.yml" sed -i "s|#\?keyStorePath|keyStorePath|" "$main_path/conf/rulemgt.yml" sed -i "s|#\?keyStorePassword|keyStorePassword|" "$main_path/conf/rulemgt.yml" @@ -106,10 +106,10 @@ fi #echo Registered UI to MSB. -if [ ${ENABLE_ENCRYPT} == true ]; then - nginx -c /usr/local/openresty/nginx/conf/nginx-https.conf +if [ ${ENABLE_ENCRYPT} = true ]; then + nginx -c /etc/nginx/conf.d/nginx-https.conf else - nginx -c /usr/local/openresty/nginx/conf/nginx-http.conf + nginx -c /etc/nginx/conf.d/nginx-http.conf fi echo nginx started. diff --git a/rulemgt-standalone/src/main/assembly/nginx-http.conf b/rulemgt-standalone/src/main/assembly/nginx-http.conf index 717d5cf..856ad0d 100644 --- a/rulemgt-standalone/src/main/assembly/nginx-http.conf +++ b/rulemgt-standalone/src/main/assembly/nginx-http.conf @@ -14,7 +14,7 @@ events { http { - include mime.types; + include ../mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -32,7 +32,7 @@ http { server_name _; location / { - root /usr/local/openresty/nginx/html; + root /usr/share/nginx/html; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; diff --git a/rulemgt-standalone/src/main/assembly/nginx-https.conf b/rulemgt-standalone/src/main/assembly/nginx-https.conf index fda1ab1..02384bb 100644 --- a/rulemgt-standalone/src/main/assembly/nginx-https.conf +++ b/rulemgt-standalone/src/main/assembly/nginx-https.conf @@ -14,7 +14,7 @@ events { http { - include mime.types; + include ../mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' @@ -35,7 +35,7 @@ http { server_name _; location / { - root /usr/local/openresty/nginx/html; + root /usr/share/nginx/html; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -57,8 +57,8 @@ http { root html; } - ssl_certificate /etc/ssl/public/holmes-frontend-selfsigned.crt; + ssl_certificate /etc/ssl/certs/holmes-frontend-selfsigned.crt; ssl_certificate_key /etc/ssl/private/holmes-frontend.key; - ssl_dhparam /etc/ssl/public/dhparam.pem; + ssl_dhparam /etc/ssl/certs/dhparam.pem; } } -- 2.16.6