Merge pull request #15 from Megala21/master_new

Reduce the docker images size and change the way permission being handled

README.md

@@ -41,8 +41,8 @@ on the nodes). Alternatively, if a private Docker registry is used, transfer the
 
 ##### 5. Deploy Kubernetes Resources:
 Change directory to `KUBERNETES_HOME/pattern-X` and perform the deployment guide under each pattern.
-eg: For pattern-1 change directory to `KUBERNETES_HOME/pattern-1` and perform the deployment guide in 
-[`KUBERNETES_HOME/dockerfiles/README.md`](pattern-1)
+eg: For pattern-1 change directory to `KUBERNETES_HOME/pattern-1` and perform the deployment as guided in
+[`KUBERNETES_HOME/pattern-1/README.md`](pattern-1)
 
 >To undeploy, follow the undeployment guide of the same.
 

dockerfiles/README.md

@@ -1,19 +1,29 @@
 # Building docker images
 
-##### 1. Build the docker image for IS:
+#### Prerequisites
+* [Docker](https://www.docker.com/get-docker) v17.09.0 or above
 
-###### Download files required
+>The local copy of the `dockerfiles/is` directory will be referred to as `IS_DOCKERFILE_HOME` from this point onwards.
 
-- wso2is-5.5.0.zip
-- jdk-8u*-linux-x64.tar.gz (Any JDK 8u* version)
-- dnsjava-2.1.8.jar (http://www.dnsjava.org/)
-- [`kubernetes-membership-scheme-1.0.1.jar`](https://github.com/wso2/kubernetes-common/releases/tag/v1.0.1)
-- mysql-connector-java-5*-bin.jar (Any mysql connector 5* version)
+#### Add JDK, WSO2 Identity Server distribution, MySQL connector, Kubernetes member scheme, DNS Java to `<IS_DOCKERFILE_HOME>/files`
 
-Tested against jdk-8u45-linux-x64.tar.gz and mysql-connector-java-5.1.46-bin.jar
+- Download [JDK 1.8](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html)
+and extract it to `<IS_DOCKERFILE_HOME>/files`.
+- Download the WSO2 Identity Server 5.5.0 distribution (https://wso2.com/identity-and-access-management)
+and extract it to `<IS_DOCKERFILE_HOME>/files`. <br>
+- Once both JDK and WSO2 Identity Server distributions are extracted it may look as follows:
 
-###### Add above files to is/files directory.
-###### Build the docker image from is/ directory.
+  ```bash
+  <IS_DOCKERFILE_HOME>/files/jdk<version>/
+  <IS_DOCKERFILE_HOME>/files/wso2is-5.5.0/
+  ```
+- Download [MySQL Connector/J](https://dev.mysql.com/downloads/connector/j/) v5.1.* and then copy that to 
+`<IS_DOCKERFILE_HOME>/files` folder
+- Download [`kubernetes-membership-scheme-1.0.1.jar`](https://github.com/wso2/kubernetes-common/releases/tag/v1.0.1) 
+and then copy that to `<IS_DOCKERFILE_HOME>/files`
+- Download [`dnsjava-2.1.8.jar`](http://www.dnsjava.org/) and copy that to  `<IS_DOCKERFILE_HOME>/files`
+
+#### Build the docker image from is/ directory.
 ```
 docker build -t docker.cloud.wso2.com/wso2is-kubernetes:5.5.0 .
 ```

dockerfiles/is/Dockerfile

@@ -1,6 +1,6 @@
 # ------------------------------------------------------------------------
 #
-# Copyright 2017 WSO2, Inc. (http://wso2.com)
+# Copyright 2018 WSO2, Inc. (http://wso2.com)
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,87 +16,51 @@
 #
 # ------------------------------------------------------------------------
 
+# set to latest Ubuntu LTS
 FROM ubuntu:16.04
 MAINTAINER WSO2 Docker Maintainers "[email protected]"
-ENV DEBIAN_FRONTEND noninteractive
 
-# set user information
+# set user configurations
 ARG USER=wso2user
-ARG USER_GROUP=wso2
 ARG USER_ID=1000000000
+ARG USER_GROUP=wso2
+ARG USER_GROUP_ID=1000000000
 ARG USER_HOME=/home/${USER}
-
-# Set startup script
-ARG STARTUP_SCRIPT=init_carbon.sh
-
-# set local files directory
+# set dependant files directory
 ARG FILES=./files
-
-# set jdk information
-ARG JDK_ARCHIVE=jdk-8u*-linux-x64.tar.gz
+# set jdk configurations
+ARG JDK=jdk1.8.0*
 ARG JAVA_HOME=${USER_HOME}/java
-
-# set wso2 product information
+# set wso2 product configurations
 ARG WSO2_SERVER=wso2is
 ARG WSO2_SERVER_VERSION=5.5.0
-ARG WSO2_SERVER_PACK=${WSO2_SERVER}-${WSO2_SERVER_VERSION}.zip
+ARG WSO2_SERVER_PACK=${WSO2_SERVER}-${WSO2_SERVER_VERSION}
 ARG WSO2_SERVER_HOME=${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}
-
-# set jdbc driver information
-ARG JDBC_DRIVER=mysql-connector-java-5*-bin.jar
-
 # set kubernetes dependency bundle information
 ARG KUBERNETES_MEMBERSHIP_SCHEME_LIB=kubernetes-membership-scheme-1.0.*.jar
 ARG DNS_JAVA_LIB=dnsjava-2.1.*.jar
-
 # install required packages
-RUN apt-get update \
-	&& apt-get install -y --no-install-recommends --no-install-suggests \
-       	   zip \
-           unzip \
-           telnet \
-           iproute2 \
-	   sudo && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    curl && \
+    rm -rf /var/lib/apt/lists/*
 
-# create user group and user
-RUN useradd --system --uid ${USER_ID} --gid 0 --create-home --home-dir ${USER_HOME} \
-	--no-log-init ${USER}
+# create a user group and a user
+RUN groupadd --system -g ${USER_GROUP_ID} ${USER_GROUP} && \
+    useradd --system --create-home --home-dir ${USER_HOME} --no-log-init -g ${USER_GROUP_ID} -u ${USER_ID} ${USER}
 
-# copy jdk, wso2 product distribution, jdbc driver and kubernetes dependency libraries to user's home directory
-COPY ${FILES}/${JDK_ARCHIVE} ${STARTUP_SCRIPT} ${FILES}/${WSO2_SERVER_PACK} ${FILES}/${JDBC_DRIVER} \
-     ${FILES}/${DNS_JAVA_LIB} ${FILES}/${KUBERNETES_MEMBERSHIP_SCHEME_LIB}  sudoers change_ownership.sh ${USER_HOME}/
-
-# install jdk, wso2 server, remove distributions and set folder permissions
-RUN unzip -q ${USER_HOME}/${WSO2_SERVER_PACK} -d ${USER_HOME}/ \
-    && mkdir -p ${USER_HOME}/tmp \
-    && cp -r ${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}/repository/deployment/server ${USER_HOME}/tmp/ \
-    && mkdir -p ${JAVA_HOME} \
-    && mkdir -p ${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}-lib \
-    && mkdir -p ${USER_HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}-dropins \
-    && tar -xf ${USER_HOME}/${JDK_ARCHIVE} -C ${JAVA_HOME} --strip-components=1 \
-    && cp ${USER_HOME}/${JDBC_DRIVER} ${USER_HOME}/${DNS_JAVA_LIB} ${WSO2_SERVER_HOME}/repository/components/lib/ \
-    && cp ${USER_HOME}/${KUBERNETES_MEMBERSHIP_SCHEME_LIB} ${WSO2_SERVER_HOME}/repository/components/dropins/ \
-    && mkdir -p ${USER_HOME}/scripts/ \
-    && cat ${USER_HOME}/${STARTUP_SCRIPT} > ${USER_HOME}/scripts/${STARTUP_SCRIPT} \
-    && rm ${USER_HOME}/${STARTUP_SCRIPT} \
-    && rm ${USER_HOME}/${WSO2_SERVER_PACK} \
-    && rm ${USER_HOME}/${JDK_ARCHIVE} \
-    && rm ${USER_HOME}/${JDBC_DRIVER} \
-    && rm ${USER_HOME}/${DNS_JAVA_LIB} \
-    && rm ${USER_HOME}/${KUBERNETES_MEMBERSHIP_SCHEME_LIB} \
-    && chgrp -R 0 ${USER_HOME} \
-    && chmod -R g=u ${USER_HOME} \
-    && chown -R ${USER_ID} ${USER_HOME} \
-    && chmod -R 0774 ${USER_HOME} \
-	&& cat ${USER_HOME}/sudoers > /etc/sudoers \
-	&& rm ${USER_HOME}/sudoers \
-	&& cat ${USER_HOME}/change_ownership.sh > /bin/change_ownership.sh \
-	&& chmod 0755 /bin/change_ownership.sh \
-	&& rm ${USER_HOME}/change_ownership.sh \
-	&& chgrp -R 0 ${USER_HOME} \
-	&& chmod -R g=u ${USER_HOME} \
-	&& chown -R ${USER_ID} ${USER_HOME} \
-	&& chmod -R 0774 ${USER_HOME}
+# copy the jdk and wso2 product distributions to user's home directory and copy the mysql connector jar to server distribution
+WORKDIR ${USER_HOME}
+COPY --chown=wso2user:wso2 ${FILES}/${JDK} java
+COPY --chown=wso2user:wso2 ${FILES}/${WSO2_SERVER_PACK}/ ${WSO2_SERVER_PACK}/
+COPY --chown=wso2user:wso2 ${FILES}/mysql-connector-java-*-bin.jar ${FILES}/${DNS_JAVA_LIB} ${WSO2_SERVER_PACK}/repository/components/lib/
+COPY --chown=wso2user:wso2 ${FILES}/${KUBERNETES_MEMBERSHIP_SCHEME_LIB} ${WSO2_SERVER_PACK}/repository/components/dropins/
+COPY --chown=wso2user:wso2 ${FILES}/${WSO2_SERVER_PACK}/repository/deployment/server tmp/server
+RUN mkdir ${WSO2_SERVER_PACK}-lib && chown wso2user:wso2 ${WSO2_SERVER_PACK}-lib && \
+mkdir ${WSO2_SERVER_PACK}-dropins && chown wso2user:wso2 ${WSO2_SERVER_PACK}-dropins && \
+mkdir ${WSO2_SERVER_PACK}-security && chown wso2user:wso2 ${WSO2_SERVER_PACK}-security && mkdir scripts && \
+chown wso2user:wso2 scripts
+COPY --chown=wso2user:wso2 init_carbon.sh scripts/
 
 # set the user and work directory
 USER ${USER_ID}
@@ -105,13 +69,10 @@ WORKDIR ${USER_HOME}
 # set environment variables
 ENV JAVA_HOME=${JAVA_HOME} \
     PATH=$JAVA_HOME/bin:$PATH \
-    USER_HOME=${USER_HOME} \
-    WSO2_SERVER=${WSO2_SERVER} \
-    WSO2_SERVER_VERSION=${WSO2_SERVER_VERSION} \
     WSO2_SERVER_HOME=${WSO2_SERVER_HOME} \
-    USER=${USER}
+    WORKING_DIRECTORY=${USER_HOME}
 
 # expose ports
-EXPOSE 9763 9443
+EXPOSE 4000 9763 9443
 
-ENTRYPOINT exec ${USER_HOME}/scripts/init_carbon.sh
+ENTRYPOINT ${WORKING_DIRECTORY}/scripts/init_carbon.sh

dockerfiles/is/init_carbon.sh

@@ -18,69 +18,67 @@
 
 set -e
 # The artifacts will be copied to the CARBON_HOME/repository/deployment/server location before the server is started.
-carbon_home=${HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}
-server_artifact_location=${carbon_home}/repository/deployment/server
-sudo /bin/change_ownership.sh
-if [[ -d ${HOME}/tmp/server/ ]]; then
-   if [[ ! "$(ls -A ${server_artifact_location}/)" ]]; then
+server_artifact_location=${WSO2_SERVER_HOME}/repository/deployment/server
+
+if [ -n "$(ls -A ${WORKING_DIRECTORY}/tmp/server 2>/dev/null)" ]; then
+   if [ ! "$(ls -A ${server_artifact_location}/)" ]; then
       # There are no artifacts under CARBON_HOME/repository/deployment/server/; copy them.
-      echo "copying artifacts from ${HOME}/tmp/server/ to ${server_artifact_location}/ .."
-      cp -rf ${HOME}/tmp/server/* ${server_artifact_location}/
+      echo "copying artifacts from ${WORKING_DIRECTORY}/tmp/server/ to ${server_artifact_location}/ .."
+      cp -rf ${WORKING_DIRECTORY}/tmp/server/* ${server_artifact_location}/
    fi
-   rm -rf ${HOME}/tmp/server/
-fi
-if [[ -d ${HOME}/tmp/carbon/ ]]; then
-   echo "copying custom configurations and artifacts from ${HOME}/tmp/carbon/ to ${carbon_home}/ .."
-   cp -rf ${HOME}/tmp/carbon/* ${carbon_home}/
-   rm -rf ${HOME}/tmp/carbon/
 fi
 
 # Copy ConfigMaps
-# Mount any ConfigMap to ${carbon_home}-conf location
-if [ -e ${carbon_home}-conf/bin/* ]
- then cp ${carbon_home}-conf/bin/* ${carbon_home}/bin/
+# Mount any ConfigMap to ${WSO2_SERVER_HOME}-conf location
+if [ -e ${WSO2_SERVER_HOME}-conf/bin ]
+ then cp ${WSO2_SERVER_HOME}-conf/bin/* ${WSO2_SERVER_HOME}/bin/
 fi
 
-if [ -e ${carbon_home}-conf/conf ]
- then cp ${carbon_home}-conf/conf/* ${carbon_home}/repository/conf/
+if [ -e ${WSO2_SERVER_HOME}-conf/conf ]
+ then cp ${WSO2_SERVER_HOME}-conf/conf/* ${WSO2_SERVER_HOME}/repository/conf/
 fi
 
-if [ -e ${carbon_home}-conf/conf-axis2 ]
- then cp ${carbon_home}-conf/conf-axis2/* ${carbon_home}/repository/conf/axis2/
+if [ -e ${WSO2_SERVER_HOME}-conf/conf-axis2 ]
+ then cp ${WSO2_SERVER_HOME}-conf/conf-axis2/* ${WSO2_SERVER_HOME}/repository/conf/axis2/
 fi
 
-if [ -e ${carbon_home}-conf/conf-datasources ]
- then cp ${carbon_home}-conf/conf-datasources/* ${carbon_home}/repository/conf/datasources/
+if [ -e ${WSO2_SERVER_HOME}-conf/conf-datasources ]
+ then cp ${WSO2_SERVER_HOME}-conf/conf-datasources/* ${WSO2_SERVER_HOME}/repository/conf/datasources/
 fi
 
-if [ -e ${carbon_home}-conf/conf-identity ]
- then cp ${carbon_home}-conf/conf-identity/* ${carbon_home}/repository/conf/identity/
+if [ -e ${WSO2_SERVER_HOME}-conf/conf-identity ]
+ then cp ${WSO2_SERVER_HOME}-conf/conf-identity/* ${WSO2_SERVER_HOME}/repository/conf/identity/
 fi
 
-if [ -e ${carbon_home}-conf/conf-tomcat ]
- then cp ${carbon_home}-conf/conf-tomcat/* ${carbon_home}/repository/conf/tomcat/
+if [ -e ${WSO2_SERVER_HOME}-conf/conf-tomcat ]
+ then cp ${WSO2_SERVER_HOME}-conf/conf-tomcat/* ${WSO2_SERVER_HOME}/repository/conf/tomcat/
 fi
 
-if [ -n "$(ls -A ${carbon_home}-lib 2>/dev/null)" ]
- then cp ${carbon_home}-lib/* ${carbon_home}/repository/components/lib/
+if [ -e ${WSO2_SERVER_HOME}-conf/conf-security ]
+ then cp ${WSO2_SERVER_HOME}-conf/conf-security/* ${WSO2_SERVER_HOME}/repository/conf/security/
 fi
 
-if [ -n "$(ls -A ${carbon_home}-dropins 2>/dev/null)" ]
- then cp ${carbon_home}-dropins/* ${carbon_home}/repository/components/dropins/
+if [ -n "$(ls -A ${WSO2_SERVER_HOME}-lib 2>/dev/null)" ]
+ then cp ${WSO2_SERVER_HOME}-lib/* ${WSO2_SERVER_HOME}/repository/components/lib/
 fi
 
-# overwrite localMemberHost element value in axis2.xml with container ip
-export local_docker_ip=$(ip route get 1 | awk '{print $NF;exit}')
+if [ -n "$(ls -A ${WSO2_SERVER_HOME}-dropins 2>/dev/null)" ]
+ then cp ${WSO2_SERVER_HOME}-dropins/* ${WSO2_SERVER_HOME}/repository/components/dropins/
+fi
 
-axi2_xml_location=${carbon_home}/repository/conf/axis2/axis2.xml
-if [[ ! -z ${local_docker_ip} ]]; then
-   sed -i "s#<parameter\ name=\"localMemberHost\".*#<parameter\ name=\"localMemberHost\">${local_docker_ip}<\/parameter>#" "${axi2_xml_location}"
-   if [[ $? == 0 ]]; then
-      echo "Successfully updated localMemberHost with ${local_docker_ip}"
-   else
-      echo "Error occurred while updating localMemberHost with ${local_docker_ip}"
-   fi
+if [ -n "$(ls -A ${WSO2_SERVER_HOME}-security 2>/dev/null)" ]
+ then cp ${WSO2_SERVER_HOME}-security/* ${WSO2_SERVER_HOME}/repository/resources/security/
 fi
 
+if [ -e ${WSO2_SERVER_HOME}-conf/home ]
+ then cp ${WSO2_SERVER_HOME}-conf/home/* ${WSO2_SERVER_HOME}/
+fi
+
+# capture the Docker container IP from the container's /etc/hosts file
+docker_container_ip=$(awk 'END{print $1}' /etc/hosts)
+
+# set the Docker container IP as the `localMemberHost` under axis2.xml clustering configurations (effective only when clustering is enabled)
+sed -i "s#<parameter\ name=\"localMemberHost\".*<\/parameter>#<parameter\ name=\"localMemberHost\">${docker_container_ip}<\/parameter>#" ${WSO2_SERVER_HOME}/repository/conf/axis2/axis2.xml
+
 # Start the carbon server.
-${HOME}/${WSO2_SERVER}-${WSO2_SERVER_VERSION}/bin/wso2server.sh
+${WSO2_SERVER_HOME}/bin/wso2server.sh