Merge pull request #2759 from vzikratyi-tb/tb-no-root-access

Start tb-postgress and tb-cassandra without root access

msa/tb/README.md

@@ -8,6 +8,15 @@ This project provides the build for the ThingsBoard single docker images.
 
 ## Running
 
+Before starting Docker container run following command to create a directory for storing data and change its owner to docker container user.
+To be able to change user, **chown** command is used, which requires sudo permissions (command will request password for a sudo access):
+
+`
+$ mkdir -p ~/.mytb-data && sudo chown -R 799:799 ~/.mytb-data
+` 
+
+**NOTE**: replace directory `~/.mytb-data` with directory you're planning to use on container creation. 
+
 In this example `thingsboard/tb` image will be used. You can choose any other images with different databases (see above).
 Execute the following command to run this docker directly:
 

msa/tb/docker-cassandra/Dockerfile

@@ -22,15 +22,13 @@ RUN echo 'deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main' | tee
 RUN curl -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
 RUN echo 'deb http://www.apache.org/dist/cassandra/debian 311x main' | tee --append /etc/apt/sources.list.d/cassandra.list > /dev/null
 RUN curl -L https://www.apache.org/dist/cassandra/KEYS | apt-key add -
+ENV PG_MAJOR=11
 RUN apt-get update
 RUN apt-get install -y cassandra cassandra-tools postgresql-11
 RUN update-rc.d cassandra disable
 RUN update-rc.d postgresql disable
 RUN sed -i.old '/ulimit/d' /etc/init.d/cassandra
 
-RUN mkdir -p /var/log/postgres
-RUN chown -R postgres:postgres /var/log/postgres
-
 COPY logback.xml ${pkg.name}.conf start-db.sh stop-db.sh start-tb.sh upgrade-tb.sh install-tb.sh ${pkg.name}.deb /tmp/
 
 RUN chmod a+x /tmp/*.sh \
@@ -58,11 +56,38 @@ ENV CASSANDRA_DATA=/data/cassandra
 ENV SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect
 ENV SPRING_DRIVER_CLASS_NAME=org.postgresql.Driver
 ENV SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/thingsboard
-ENV SPRING_DATASOURCE_USERNAME=postgres
+ENV SPRING_DATASOURCE_USERNAME=${pkg.user}
 ENV SPRING_DATASOURCE_PASSWORD=postgres
 
 ENV CASSANDRA_HOST=localhost
 ENV CASSANDRA_PORT=9042
+ENV CASSANDRA_HOME=/opt/cassandra
+
+ENV PATH=$CASSANDRA_HOME/bin:$PATH
+ENV PATH=$PATH:/usr/lib/postgresql/$PG_MAJOR/bin
+
+ENV PGLOG=/var/log/postgres
+ENV CASSANDRA_LOG=/var/log/cassandra
+
+# postgres config
+RUN mkdir -p $PGLOG
+RUN chown -R ${pkg.user}:${pkg.user} $PGLOG
+RUN chown -R ${pkg.user}:${pkg.user} /var/log/postgresql
+RUN chown -R ${pkg.user}:${pkg.user} /var/run/postgresql
+
+# cassandra config
+RUN rm -rf /var/lib/cassandra
+RUN chmod a+w /var/lib
+RUN chown -R ${pkg.user}:${pkg.user} $CASSANDRA_LOG
+
+
+RUN mkdir -p $DATA_FOLDER
+RUN chown -R ${pkg.user}:${pkg.user} $DATA_FOLDER
+RUN chown -R ${pkg.user}:${pkg.user} /var/log/${pkg.name}
+
+RUN chmod 555 ${pkg.installFolder}/bin/${pkg.name}.jar
+
+USER ${pkg.user}
 
 EXPOSE 9090
 EXPOSE 1883

msa/tb/docker-cassandra/start-db.sh

@@ -17,35 +17,30 @@
 
 firstlaunch=${DATA_FOLDER}/.firstlaunch
 
-export PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
+PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
 
 if [ ! -d ${PGDATA} ]; then
     mkdir -p ${PGDATA}
-    chown -R postgres:postgres ${PGDATA}
-    su postgres -c '${PG_CTL} initdb -U postgres'
+    ${PG_CTL} initdb
 fi
 
-su postgres -c '${PG_CTL} -l /var/log/postgres/postgres.log -w start'
+exec setsid nohup postgres >> ${PGLOG}/postgres.log 2>&1 &
 
 if [ ! -f ${firstlaunch} ]; then
-    su postgres -c 'psql -U postgres -d postgres -c "CREATE DATABASE thingsboard"'
+    psql -U ${pkg.user} -d postgres -c "CREATE DATABASE thingsboard"
 fi
 
 cassandra_data_dir=${CASSANDRA_DATA}
 cassandra_data_link=/var/lib/cassandra
 
 if [ ! -L ${cassandra_data_link} ]; then
-    if [ -d ${cassandra_data_link} ]; then
-        rm -rf ${cassandra_data_link}
-    fi
     if [ ! -d ${cassandra_data_dir} ]; then
         mkdir -p ${cassandra_data_dir}
-        chown -R cassandra:cassandra ${cassandra_data_dir}
     fi
     ln -s ${cassandra_data_dir} ${cassandra_data_link}
 fi
 
-service cassandra start
+exec setsid nohup cassandra >> ${CASSANDRA_LOG}/cassandra.log 2>&1 &
 
 until nmap $CASSANDRA_HOST -p $CASSANDRA_PORT | grep "$CASSANDRA_PORT/tcp open"
 do

msa/tb/docker-cassandra/stop-db.sh

@@ -15,7 +15,18 @@
 # limitations under the License.
 #
 
-export PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
+CASSANDRA_PID=$(ps aux | grep '[c]assandra' | awk '{print $2}')
 
-service cassandra stop
-su postgres -c '${PG_CTL} stop'
+echo "Stopping cassandra (pid ${CASSANDRA_PID})."
+kill -SIGTERM ${CASSANDRA_PID}
+
+PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
+echo "Stopping postgres."
+${PG_CTL} stop
+
+while [ -e /proc/${CASSANDRA_PID} ]
+do
+    echo "Waiting for cassandra to stop."
+    sleep 2
+done
+echo "Cassandra was stopped."

msa/tb/docker-postgres/Dockerfile

@@ -20,13 +20,11 @@ RUN apt-get update
 RUN apt-get install -y curl
 RUN echo 'deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main' | tee --append /etc/apt/sources.list.d/pgdg.list > /dev/null
 RUN curl -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
+ENV PG_MAJOR 11
 RUN apt-get update
 RUN apt-get install -y postgresql-11
 RUN update-rc.d postgresql disable
 
-RUN mkdir -p /var/log/postgres
-RUN chown -R postgres:postgres /var/log/postgres
-
 COPY logback.xml ${pkg.name}.conf start-db.sh stop-db.sh start-tb.sh upgrade-tb.sh install-tb.sh ${pkg.name}.deb /tmp/
 
 RUN chmod a+x /tmp/*.sh \
@@ -49,13 +47,29 @@ ENV HTTP_BIND_PORT=9090
 ENV DATABASE_TS_TYPE=sql
 
 ENV PGDATA=/data/db
+ENV PATH=$PATH:/usr/lib/postgresql/$PG_MAJOR/bin
 
 ENV SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect
 ENV SPRING_DRIVER_CLASS_NAME=org.postgresql.Driver
 ENV SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/thingsboard
-ENV SPRING_DATASOURCE_USERNAME=postgres
+ENV SPRING_DATASOURCE_USERNAME=${pkg.user}
 ENV SPRING_DATASOURCE_PASSWORD=postgres
 
+
+ENV PGLOG=/var/log/postgres
+RUN mkdir -p $PGLOG
+RUN chown -R ${pkg.user}:${pkg.user} $PGLOG
+
+RUN chown -R ${pkg.user}:${pkg.user} /var/run/postgresql
+
+RUN mkdir -p /data
+RUN chown -R ${pkg.user}:${pkg.user} /data
+
+RUN chown -R ${pkg.user}:${pkg.user} /var/log/${pkg.name}
+RUN chmod 555 ${pkg.installFolder}/bin/${pkg.name}.jar
+
+USER ${pkg.user}
+
 EXPOSE 9090
 EXPOSE 1883
 EXPOSE 5683/udp

msa/tb/docker-postgres/start-db.sh

@@ -17,16 +17,15 @@
 
 firstlaunch=${DATA_FOLDER}/.firstlaunch
 
-export PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
+PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
 
 if [ ! -d ${PGDATA} ]; then
     mkdir -p ${PGDATA}
-    chown -R postgres:postgres ${PGDATA}
-    su postgres -c '${PG_CTL} initdb -U postgres'
+    ${PG_CTL} initdb
 fi
 
-su postgres -c '${PG_CTL} -l /var/log/postgres/postgres.log -w start'
+exec setsid nohup postgres >> ${PGLOG}/postgres.log 2>&1 &
 
 if [ ! -f ${firstlaunch} ]; then
-    su postgres -c 'psql -U postgres -d postgres -c "CREATE DATABASE thingsboard"'
+    psql -U ${pkg.user} -d postgres -c "CREATE DATABASE thingsboard"
 fi

msa/tb/docker-postgres/stop-db.sh

@@ -15,6 +15,6 @@
 # limitations under the License.
 #
 
-export PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
+PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl)
 
-su postgres -c '${PG_CTL} stop'
+${PG_CTL} stop

msa/tb/docker-tb/Dockerfile

@@ -43,6 +43,13 @@ ENV SPRING_DATASOURCE_URL=jdbc:hsqldb:file:/data/db/thingsboardDb;sql.enforce_si
 ENV SPRING_DATASOURCE_USERNAME=sa
 ENV SPRING_DATASOURCE_PASSWORD=
 
+RUN mkdir -p /data
+RUN chown -R ${pkg.user}:${pkg.user} /data
+
+RUN chmod 555 ${pkg.installFolder}/bin/${pkg.name}.jar
+
+USER ${pkg.user}
+
 EXPOSE 9090
 EXPOSE 1883
 EXPOSE 5683/udp