Avoid running as root.
Issue-ID: DCAEGEN2-2171
Signed-off-by: Kate Hsuan <kate.hsuan@qct.io>
Change-Id: If4594ee7079532ae87ed4741db3cb6a53da23f34
diff --git a/components/datalake-handler/admin/Dockerfile b/components/datalake-handler/admin/Dockerfile
index 38c50a6..2e6442a 100644
--- a/components/datalake-handler/admin/Dockerfile
+++ b/components/datalake-handler/admin/Dockerfile
@@ -12,20 +12,29 @@
FROM nginx:1.17.9
-RUN apt-get update && \
- apt-get install -y dnsmasq
-RUN echo "\n\n# Docker extra config \nuser=root\naddn-hosts=/etc/hosts\n" >> /etc/dnsmasq.conf
+RUN groupadd -r datalake && useradd -r -g datalake datalake
COPY --from=builder /app/dist/* /usr/share/nginx/html/
COPY --from=builder /app/dl-admin-nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=builder /app/nginx.conf /etc/nginx/nginx.conf
-CMD echo "domain-needed" >> /etc/dnsmasq.conf && \
- echo "resolv-file=/etc/resolv.conf" >> /etc/dnsmasq.conf && \
- echo "expand-hosts" >> /etc/dnsmasq.conf && \
- echo "listen-address=127.0.0.1" >> /etc/dnsmasq.conf && \
- service dnsmasq restart && \
- echo set \$upstreamName http://dl-feeder.`grep search /etc/resolv.conf | awk {'print $2'}`:1680/datalake/v1\$1\$is_args\$args\; > /etc/nginx/upstream.conf && \
- nginx -g "daemon off;"
+RUN chown -R datalake:datalake /etc/nginx
+RUN chown -R datalake:datalake /var/cache/nginx
+
+
+USER datalake
+
+#CMD echo "domain-needed" >> /etc/dnsmasq.conf && \
+# echo "resolv-file=/etc/resolv.conf" >> /etc/dnsmasq.conf && \
+# echo "expand-hosts" >> /etc/dnsmasq.conf && \
+# echo "listen-address=127.0.0.1" >> /etc/dnsmasq.conf && \
+# service dnsmasq restart && \
+# echo set \$upstreamName http://dl-feeder.`grep search /etc/resolv.conf | awk {'print $2'}`:1680/datalake/v1\$1\$is_args\$args\; > /etc/nginx/upstream.conf && \
+# nginx -g "daemon off;"
+
+CMD echo resolver `grep nameserver /etc/resolv.conf |awk {'print $2'}` valid=10s\; > /etc/nginx/resolver.conf && \
+ echo set \$upstreamName http://dl-feeder.`grep search /etc/resolv.conf | awk {'print $2'}`:1680/datalake/v1\$1\$is_args\$args\; > /etc/nginx/upstream.conf && \
+ nginx -g "daemon off;"
#CMD ["sh", "-c", "tail -f /dev/null"]
diff --git a/components/datalake-handler/admin/nginx/dl-admin-nginx.conf b/components/datalake-handler/admin/nginx/dl-admin-nginx.conf
index b6caa60..4ffbdfd 100644
--- a/components/datalake-handler/admin/nginx/dl-admin-nginx.conf
+++ b/components/datalake-handler/admin/nginx/dl-admin-nginx.conf
@@ -1,8 +1,8 @@
server {
- listen 80;
+ listen 8088;
root /usr/share/nginx/html;
- resolver 127.0.0.1 valid=10s;
+ include /etc/nginx/resolver.conf;
location ~/datalake/v1(.*)$ {
#set $upstreamName http://dl_feeder:1680/datalake/v1$1;
include /etc/nginx/upstream.conf;
diff --git a/components/datalake-handler/admin/nginx/nginx.conf b/components/datalake-handler/admin/nginx/nginx.conf
new file mode 100644
index 0000000..8613dff
--- /dev/null
+++ b/components/datalake-handler/admin/nginx/nginx.conf
@@ -0,0 +1,36 @@
+user nginx;
+worker_processes 1;
+
+error_log /tmp/error.log warn;
+pid /tmp/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /tmp/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+ client_body_temp_path /tmp/client_temp;
+ proxy_temp_path /tmp/proxy_temp_path;
+ fastcgi_temp_path /tmp/fastcgi_temp;
+ uwsgi_temp_path /tmp/uwsgi_temp;
+ scgi_temp_path /tmp/scgi_temp;
+
+ include /etc/nginx/conf.d/*.conf;
+}
diff --git a/components/datalake-handler/admin/pom.xml b/components/datalake-handler/admin/pom.xml
index 5325ba9..ff2044d 100644
--- a/components/datalake-handler/admin/pom.xml
+++ b/components/datalake-handler/admin/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>org.onap.dcaegen2.services.components</groupId>
<artifactId>datalake-handler</artifactId>
- <version>1.0.1-SNAPSHOT</version>
+ <version>1.0.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.dcaegen2.services.components.datalake-handler</groupId>
diff --git a/components/datalake-handler/collector/pom.xml b/components/datalake-handler/collector/pom.xml
index a90b9df..a9dad99 100644
--- a/components/datalake-handler/collector/pom.xml
+++ b/components/datalake-handler/collector/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>org.onap.dcaegen2.services.components</groupId>
<artifactId>datalake-handler</artifactId>
- <version>1.0.1-SNAPSHOT</version>
+ <version>1.0.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.dcaegen2.services.components.datalake-handler</groupId>
diff --git a/components/datalake-handler/feeder/Dockerfile b/components/datalake-handler/feeder/Dockerfile
index e260635..b34834b 100644
--- a/components/datalake-handler/feeder/Dockerfile
+++ b/components/datalake-handler/feeder/Dockerfile
@@ -27,5 +27,7 @@
apt install -y mariadb-client && \
apt install -y curl
+USER datalake
+
CMD ["sh", "run.sh"]
diff --git a/components/datalake-handler/feeder/pom.xml b/components/datalake-handler/feeder/pom.xml
index 3297c7e..5954b37 100644
--- a/components/datalake-handler/feeder/pom.xml
+++ b/components/datalake-handler/feeder/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>org.onap.dcaegen2.services.components</groupId>
<artifactId>datalake-handler</artifactId>
- <version>1.0.1-SNAPSHOT</version>
+ <version>1.0.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.dcaegen2.services.components.datalake-handler</groupId>
@@ -218,7 +218,8 @@
<password>docker</password> -->
<!-- repository>repo.treescale.com/moguobiao/datalake-feeder-maven</repository -->
<!-- repository>moguobiao/datalake-feeder-maven-spotify</repository -->
- <repository>${onap.nexus.dockerregistry.daily}/${docker.image.path}</repository>
+ <repository>${onap.nexus.dockerregistry.daily}/${docker.image.path}</repository>
+ <!-- <repository>mizunoami123/dl-feeder</repository> -->
<tag>${project.version}</tag>
<dockerfile>Dockerfile</dockerfile>
<!-- useMavenSettingsForAuth>true</useMavenSettingsForAuth -->
diff --git a/components/datalake-handler/pom.xml b/components/datalake-handler/pom.xml
index 9b00a41..fc4922c 100644
--- a/components/datalake-handler/pom.xml
+++ b/components/datalake-handler/pom.xml
@@ -12,7 +12,7 @@
<groupId>org.onap.dcaegen2.services.components</groupId>
<artifactId>datalake-handler</artifactId>
- <version>1.0.1-SNAPSHOT</version>
+ <version>1.0.2-SNAPSHOT</version>
<packaging>pom</packaging>
<name>dcaegen2-service-datalake-handler</name>
diff --git a/components/datalake-handler/version.properties b/components/datalake-handler/version.properties
index 0f1f46a..c13587b 100644
--- a/components/datalake-handler/version.properties
+++ b/components/datalake-handler/version.properties
@@ -1,6 +1,6 @@
major=1
minor=0
-patch=1
+patch=2
base_version=${major}.${minor}.${patch}
release_version=${base_version}
snapshot_version=${base_version}-SNAPSHOT