Code Review / sdnc / oam.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Chore: Add gerrit maven verify GHA workflow
[sdnc/oam.git] / installation / sdnc / src / main / docker / Dockerfile
diff --git a/installation/sdnc/src/main/docker/Dockerfile b/installation/sdnc/src/main/docker/Dockerfile
index 91612d3..e281d16 100755 (executable)
--- a/installation/sdnc/src/main/docker/Dockerfile
+++ b/installation/sdnc/src/main/docker/Dockerfile
@@ -8,7 +8,7 @@ ENV PATH $PATH:/opt/java/openjdk/bin
 
 ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
 ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores
-ENV JAVA_SECURITY_DIR /etc/ssl/certs/java
+ENV JAVA_SECURITY_DIR /opt/java/openjdk/lib/security
 
 ENV SDNC_KEYSTORE ${sdnc.keystore}
 ENV SDNC_KEYPASS ${sdnc.keypass}
@@ -25,22 +25,10 @@ RUN mkdir $ODL_HOME/current/certs
 COPY system /tmp/system
 RUN rsync -a /tmp/system $ODL_HOME
 
-# Add SDNC NORTHBOUND FEATURES repository
-ENV SDNC_NORTHBOUND_REPO mvn:org.onap.sdnc.northbound/sdnc-northbound-all/${sdnc.northbound.version}/xml/features
-
-# Add CCSDK SDNR FEATURES repositories
-ENV SDNR_FEATURES_REPO mvn:org.onap.ccsdk.oran/a1-adapter-northbound/${ccsdk.oran.a1adapter.version}/xml/features,\
-mvn:org.onap.ccsdk.features/ccsdk-features-all/${ccsdk.features.version}/xml/features,\
-mvn:org.onap.ccsdk.features.sdnr.northbound/sdnr-northbound-all/${ccsdk.features.version}/xml/features,\
-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator/${ccsdk.features.version}/xml/features,\
-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-oauth/${ccsdk.features.version}/xml/features,\
-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager/${ccsdk.features.version}/xml/features,\
-mvn:org.onap.ccsdk.features.sdnr.wt/sdnr-wt-feature-aggregator-devicemanager-base/${ccsdk.features.version}/xml/features
-
-# Backing up existing karaf cfg and updating features boot and features repository
+# Backing up existing karaf cfg and updating features boot and features repositories defined in pom.xml
 RUN cp $ODL_HOME/etc/org.apache.karaf.features.cfg $ODL_HOME/etc/org.apache.karaf.features.cfg.sdnc.orig
-RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-northbound-all|" $ODL_HOME/etc/org.apache.karaf.features.cfg
-RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO},${SDNR_FEATURES_REPO}|" $ODL_HOME/etc/org.apache.karaf.features.cfg
+RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,${sdnc.features.boot}|" $ODL_HOME/etc/org.apache.karaf.features.cfg
+RUN sed -i -e "\|featuresRepositories|s|$|,${sdnr.features.repo},${sdnc.features.repo}|" $ODL_HOME/etc/org.apache.karaf.features.cfg
 
 # Add odl-netconf-topology to boot repositories
 RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-topology/g"  $ODL_HOME/etc/org.apache.karaf.features.cfg
@@ -59,18 +47,29 @@ RUN if [ -f $JAVA_SECURITY_DIR}/cacerts ] ; then keytool -importkeystore -srckey
 RUN keytool -importkeystore -srckeystore $SDNC_STORE_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore /opt/java/openjdk/lib/security/cacerts  -deststorepass changeit -noprompt
 
 # Secure with TLS
-RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties
+#RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties
 RUN echo org.osgi.service.http.secure.port=$SDNC_SECUREPORT >> $ODL_HOME/etc/custom.properties
 RUN echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
-RUN echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
-RUN echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.password=\"$SDNC_KEYPASS\" >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.keypassword=\"$SDNC_KEYPASS\" >> $ODL_HOME/etc/custom.properties
 
 # Overwrite svclogic compiler properties
 RUN cp /opt/onap/sdnc/data/properties/svclogic-compiler.properties /opt/onap/sdnc/svclogic/config/svclogic.properties
 
+# Short term fix starts: for javax.servlet-api bundle (Replacing 4.0.1 to 3.1.0 as it's unique for javax.servlet-api)
+RUN find /opt/opendaylight -name "*features*.xml" -exec sed -i -e 's|4.0.1|3.1.0|g' {} \;
+# Short term fix ends
+
+# Remediate log4shell vuln
+RUN apk add zip
+RUN find /opt/opendaylight/system/org/ops4j/pax/logging/pax-logging-log4j2 -name 'pax-logging-log4j2*.jar' -exec zip -q -d '{}' org/apache/logging/log4j/core/lookup/JndiLookup.class \;
+
+
 # Changing ownership and permission of /opt
 RUN chown -R odl:odl /opt && chmod -R 755 /opt
 
+
+
 ## END OF STAGE0 ##
 
 #################################################
@@ -80,18 +79,18 @@ FROM scratch
 LABEL maintainer="SDN-C Team (sdnc@lists.onap.org)"
 USER root
 
-ENV LC_ALL en_US.UTF-8
-ENV JAVA_HOME /opt/java/openjdk
-ENV PATH $PATH:/opt/java/openjdk/bin
-
-ENV ODL_HOME /opt/opendaylight/current
-ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
-ENV SDNC_KEYSTORE ${sdnc.keystore}
-ENV SDNC_KEYPASS ${sdnc.keypass}
+ENV LC_ALL=en_US.UTF-8 \
+    JAVA_HOME=/opt/java/openjdk \
+    PATH=$PATH:/opt/java/openjdk/bin \
+    ODL_HOME=/opt/opendaylight/current \
+    SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties \
+    SDNC_KEYSTORE=${sdnc.keystore} \
+    SDNC_KEYPASS=${sdnc.keypass}
 
 # Copy Everything from stage0
 COPY --from=stage0 / /
 
 USER odl
-ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh
 EXPOSE 8181
+WORKDIR ${ODL_HOME}
+ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh
SDNC OA&M tools