From 4d9f35fc0c9c437b00335a75bd0201572ebfa544 Mon Sep 17 00:00:00 2001
From: econwar <conor.ward@est.tech>
Date: Tue, 16 Apr 2019 08:02:13 +0000
Subject: [PATCH] Allow dr-node containers to run as non-root

Update image version to 2.1.0 that has year long certs

Change-Id: If17c569c6db879b6fcee9221307560a54f9cb422
Issue-ID: DMAAP-1134
Signed-off-by: econwar <conor.ward@est.tech>
---
 .../components/dmaap-dr-node/resources/config/node.properties    | 6 +++---
 .../dmaap/components/dmaap-dr-node/templates/statefulset.yaml    | 9 +++++++++
 kubernetes/dmaap/components/dmaap-dr-node/values.yaml            | 4 +++-
 .../dmaap-dr-prov/resources/config/provserver.properties         | 8 ++++----
 kubernetes/dmaap/components/dmaap-dr-prov/values.yaml            | 2 +-
 5 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index f2896ccafa..08e3fd0018 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -83,11 +83,11 @@ KeyStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
 #
 #    The password for the https keystore
 #
-KeyStorePassword=]3V)($O&.Mv]W{f8^]6SxGNL
+KeyStorePassword=WGxd2P6MDo*Bi4+UdzWs{?$8
 #
 #    The password for the private key in the https keystore
 #
-KeyPassword=]3V)($O&.Mv]W{f8^]6SxGNL
+KeyPassword=WGxd2P6MDo*Bi4+UdzWs{?$8
 #
 #    The type of truststore for https
 #
@@ -99,7 +99,7 @@ TrustStoreFile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
 #
 #    The password for the https truststore
 #
-TrustStorePassword=(Rd,&{]%ePdp}4JZjqoJ2G+g
+TrustStorePassword=)OBvCd{e{aWq.^mJJdX:S:1&
 #
 #    The path to the file used to trigger an orderly shutdown
 #
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index ec31f3f750..de3324fe19 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -45,6 +45,15 @@ spec:
               fieldRef:
                 apiVersion: v1
                 fieldPath: metadata.namespace
+        - name: {{ include "common.name" . }}-permission-fixer
+          image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+          - mountPath: {{ .Values.persistence.spoolPath }}
+            name: {{ include "common.fullname" . }}-spool-data-pvc
+          - mountPath: {{ .Values.persistence.eventLogsPath }}
+            name: {{ include "common.fullname" . }}-event-logs-pvc
+          command: ["chown","-Rf","1000:1001", "/opt/app/datartr"]
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index c6087e8852..3b1532f999 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -21,13 +21,15 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   loggingDirectory: /opt/app/datartr/logs
+  busyBoxImage: busybox:1.30
+  busyBoxRepository: docker.io
 
 #################################################################
 # Application configuration defaults.
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/datarouter-node:2.0.2
+image: onap/dmaap/datarouter-node:2.1.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index 2b78b8eb2c..6a6f49cc24 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -25,14 +25,14 @@
 #Jetty Server properties
 org.onap.dmaap.datarouter.provserver.http.port           = {{.Values.config.dmaapDrProv.externalPort}}
 org.onap.dmaap.datarouter.provserver.https.port          = {{.Values.config.dmaapDrProv.externalPort2}}
-org.onap.dmaap.datarouter.provserver.https.relaxation	 = true
+org.onap.dmaap.datarouter.provserver.https.relaxation    = true
 
-org.onap.dmaap.datarouter.provserver.keymanager.password = AT{];bvaDiytVD&oWhMZj0N5
+org.onap.dmaap.datarouter.provserver.keymanager.password = FZNkU,B%NJzcT1v7;^v]M#ZX
 org.onap.dmaap.datarouter.provserver.keystore.type       = jks
 org.onap.dmaap.datarouter.provserver.keystore.path       = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
-org.onap.dmaap.datarouter.provserver.keystore.password   = AT{];bvaDiytVD&oWhMZj0N5
+org.onap.dmaap.datarouter.provserver.keystore.password   = FZNkU,B%NJzcT1v7;^v]M#ZX
 org.onap.dmaap.datarouter.provserver.truststore.path     = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
-org.onap.dmaap.datarouter.provserver.truststore.password = ljlS@Y}0]{UO(TnwvEWkgJ%]
+org.onap.dmaap.datarouter.provserver.truststore.password = +mzf@J.D^;3!![*Xr.z$c#?b
 org.onap.dmaap.datarouter.provserver.accesslog.dir       = /opt/app/datartr/logs
 org.onap.dmaap.datarouter.provserver.spooldir            = /opt/app/datartr/spool
 org.onap.dmaap.datarouter.provserver.dbscripts           = /opt/app/datartr/etc/misc
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 3d65e911cf..7dca42e746 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dmaap/datarouter-prov:2.0.2
+image: onap/dmaap/datarouter-prov:2.1.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
-- 
2.16.6