Commit 559183e9fbd695171d0e3dd0100e78d2ee55519e
Committed by
GitHub
GitHub
Merge pull request #2759 from vzikratyi-tb/tb-no-root-access
Start tb-postgress and tb-cassandra without root access
Showing
8 changed files
with
88 additions
and
28 deletions
| @@ -8,6 +8,15 @@ This project provides the build for the ThingsBoard single docker images. | @@ -8,6 +8,15 @@ This project provides the build for the ThingsBoard single docker images. | ||
| 8 | 8 | ||
| 9 | ## Running | 9 | ## Running |
| 10 | 10 | ||
| 11 | +Before starting Docker container run following command to create a directory for storing data and change its owner to docker container user. | ||
| 12 | +To be able to change user, **chown** command is used, which requires sudo permissions (command will request password for a sudo access): | ||
| 13 | + | ||
| 14 | +` | ||
| 15 | +$ mkdir -p ~/.mytb-data && sudo chown -R 799:799 ~/.mytb-data | ||
| 16 | +` | ||
| 17 | + | ||
| 18 | +**NOTE**: replace directory `~/.mytb-data` with directory you're planning to use on container creation. | ||
| 19 | + | ||
| 11 | In this example `thingsboard/tb` image will be used. You can choose any other images with different databases (see above). | 20 | In this example `thingsboard/tb` image will be used. You can choose any other images with different databases (see above). |
| 12 | Execute the following command to run this docker directly: | 21 | Execute the following command to run this docker directly: |
| 13 | 22 |
| @@ -22,15 +22,13 @@ RUN echo 'deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main' | tee | @@ -22,15 +22,13 @@ RUN echo 'deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main' | tee | ||
| 22 | RUN curl -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - | 22 | RUN curl -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - |
| 23 | RUN echo 'deb http://www.apache.org/dist/cassandra/debian 311x main' | tee --append /etc/apt/sources.list.d/cassandra.list > /dev/null | 23 | RUN echo 'deb http://www.apache.org/dist/cassandra/debian 311x main' | tee --append /etc/apt/sources.list.d/cassandra.list > /dev/null |
| 24 | RUN curl -L https://www.apache.org/dist/cassandra/KEYS | apt-key add - | 24 | RUN curl -L https://www.apache.org/dist/cassandra/KEYS | apt-key add - |
| 25 | +ENV PG_MAJOR=11 | ||
| 25 | RUN apt-get update | 26 | RUN apt-get update |
| 26 | RUN apt-get install -y cassandra cassandra-tools postgresql-11 | 27 | RUN apt-get install -y cassandra cassandra-tools postgresql-11 |
| 27 | RUN update-rc.d cassandra disable | 28 | RUN update-rc.d cassandra disable |
| 28 | RUN update-rc.d postgresql disable | 29 | RUN update-rc.d postgresql disable |
| 29 | RUN sed -i.old '/ulimit/d' /etc/init.d/cassandra | 30 | RUN sed -i.old '/ulimit/d' /etc/init.d/cassandra |
| 30 | 31 | ||
| 31 | -RUN mkdir -p /var/log/postgres | ||
| 32 | -RUN chown -R postgres:postgres /var/log/postgres | ||
| 33 | - | ||
| 34 | COPY logback.xml ${pkg.name}.conf start-db.sh stop-db.sh start-tb.sh upgrade-tb.sh install-tb.sh ${pkg.name}.deb /tmp/ | 32 | COPY logback.xml ${pkg.name}.conf start-db.sh stop-db.sh start-tb.sh upgrade-tb.sh install-tb.sh ${pkg.name}.deb /tmp/ |
| 35 | 33 | ||
| 36 | RUN chmod a+x /tmp/*.sh \ | 34 | RUN chmod a+x /tmp/*.sh \ |
| @@ -58,11 +56,38 @@ ENV CASSANDRA_DATA=/data/cassandra | @@ -58,11 +56,38 @@ ENV CASSANDRA_DATA=/data/cassandra | ||
| 58 | ENV SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect | 56 | ENV SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect |
| 59 | ENV SPRING_DRIVER_CLASS_NAME=org.postgresql.Driver | 57 | ENV SPRING_DRIVER_CLASS_NAME=org.postgresql.Driver |
| 60 | ENV SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/thingsboard | 58 | ENV SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/thingsboard |
| 61 | -ENV SPRING_DATASOURCE_USERNAME=postgres | 59 | +ENV SPRING_DATASOURCE_USERNAME=${pkg.user} |
| 62 | ENV SPRING_DATASOURCE_PASSWORD=postgres | 60 | ENV SPRING_DATASOURCE_PASSWORD=postgres |
| 63 | 61 | ||
| 64 | ENV CASSANDRA_HOST=localhost | 62 | ENV CASSANDRA_HOST=localhost |
| 65 | ENV CASSANDRA_PORT=9042 | 63 | ENV CASSANDRA_PORT=9042 |
| 64 | +ENV CASSANDRA_HOME=/opt/cassandra | ||
| 65 | + | ||
| 66 | +ENV PATH=$CASSANDRA_HOME/bin:$PATH | ||
| 67 | +ENV PATH=$PATH:/usr/lib/postgresql/$PG_MAJOR/bin | ||
| 68 | + | ||
| 69 | +ENV PGLOG=/var/log/postgres | ||
| 70 | +ENV CASSANDRA_LOG=/var/log/cassandra | ||
| 71 | + | ||
| 72 | +# postgres config | ||
| 73 | +RUN mkdir -p $PGLOG | ||
| 74 | +RUN chown -R ${pkg.user}:${pkg.user} $PGLOG | ||
| 75 | +RUN chown -R ${pkg.user}:${pkg.user} /var/log/postgresql | ||
| 76 | +RUN chown -R ${pkg.user}:${pkg.user} /var/run/postgresql | ||
| 77 | + | ||
| 78 | +# cassandra config | ||
| 79 | +RUN rm -rf /var/lib/cassandra | ||
| 80 | +RUN chmod a+w /var/lib | ||
| 81 | +RUN chown -R ${pkg.user}:${pkg.user} $CASSANDRA_LOG | ||
| 82 | + | ||
| 83 | + | ||
| 84 | +RUN mkdir -p $DATA_FOLDER | ||
| 85 | +RUN chown -R ${pkg.user}:${pkg.user} $DATA_FOLDER | ||
| 86 | +RUN chown -R ${pkg.user}:${pkg.user} /var/log/${pkg.name} | ||
| 87 | + | ||
| 88 | +RUN chmod 555 ${pkg.installFolder}/bin/${pkg.name}.jar | ||
| 89 | + | ||
| 90 | +USER ${pkg.user} | ||
| 66 | 91 | ||
| 67 | EXPOSE 9090 | 92 | EXPOSE 9090 |
| 68 | EXPOSE 1883 | 93 | EXPOSE 1883 |
| @@ -17,35 +17,30 @@ | @@ -17,35 +17,30 @@ | ||
| 17 | 17 | ||
| 18 | firstlaunch=${DATA_FOLDER}/.firstlaunch | 18 | firstlaunch=${DATA_FOLDER}/.firstlaunch |
| 19 | 19 | ||
| 20 | -export PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl) | 20 | +PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl) |
| 21 | 21 | ||
| 22 | if [ ! -d ${PGDATA} ]; then | 22 | if [ ! -d ${PGDATA} ]; then |
| 23 | mkdir -p ${PGDATA} | 23 | mkdir -p ${PGDATA} |
| 24 | - chown -R postgres:postgres ${PGDATA} | ||
| 25 | - su postgres -c '${PG_CTL} initdb -U postgres' | 24 | + ${PG_CTL} initdb |
| 26 | fi | 25 | fi |
| 27 | 26 | ||
| 28 | -su postgres -c '${PG_CTL} -l /var/log/postgres/postgres.log -w start' | 27 | +exec setsid nohup postgres >> ${PGLOG}/postgres.log 2>&1 & |
| 29 | 28 | ||
| 30 | if [ ! -f ${firstlaunch} ]; then | 29 | if [ ! -f ${firstlaunch} ]; then |
| 31 | - su postgres -c 'psql -U postgres -d postgres -c "CREATE DATABASE thingsboard"' | 30 | + psql -U ${pkg.user} -d postgres -c "CREATE DATABASE thingsboard" |
| 32 | fi | 31 | fi |
| 33 | 32 | ||
| 34 | cassandra_data_dir=${CASSANDRA_DATA} | 33 | cassandra_data_dir=${CASSANDRA_DATA} |
| 35 | cassandra_data_link=/var/lib/cassandra | 34 | cassandra_data_link=/var/lib/cassandra |
| 36 | 35 | ||
| 37 | if [ ! -L ${cassandra_data_link} ]; then | 36 | if [ ! -L ${cassandra_data_link} ]; then |
| 38 | - if [ -d ${cassandra_data_link} ]; then | ||
| 39 | - rm -rf ${cassandra_data_link} | ||
| 40 | - fi | ||
| 41 | if [ ! -d ${cassandra_data_dir} ]; then | 37 | if [ ! -d ${cassandra_data_dir} ]; then |
| 42 | mkdir -p ${cassandra_data_dir} | 38 | mkdir -p ${cassandra_data_dir} |
| 43 | - chown -R cassandra:cassandra ${cassandra_data_dir} | ||
| 44 | fi | 39 | fi |
| 45 | ln -s ${cassandra_data_dir} ${cassandra_data_link} | 40 | ln -s ${cassandra_data_dir} ${cassandra_data_link} |
| 46 | fi | 41 | fi |
| 47 | 42 | ||
| 48 | -service cassandra start | 43 | +exec setsid nohup cassandra >> ${CASSANDRA_LOG}/cassandra.log 2>&1 & |
| 49 | 44 | ||
| 50 | until nmap $CASSANDRA_HOST -p $CASSANDRA_PORT | grep "$CASSANDRA_PORT/tcp open" | 45 | until nmap $CASSANDRA_HOST -p $CASSANDRA_PORT | grep "$CASSANDRA_PORT/tcp open" |
| 51 | do | 46 | do |
| @@ -15,7 +15,18 @@ | @@ -15,7 +15,18 @@ | ||
| 15 | # limitations under the License. | 15 | # limitations under the License. |
| 16 | # | 16 | # |
| 17 | 17 | ||
| 18 | -export PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl) | 18 | +CASSANDRA_PID=$(ps aux | grep '[c]assandra' | awk '{print $2}') |
| 19 | 19 | ||
| 20 | -service cassandra stop | ||
| 21 | -su postgres -c '${PG_CTL} stop' | 20 | +echo "Stopping cassandra (pid ${CASSANDRA_PID})." |
| 21 | +kill -SIGTERM ${CASSANDRA_PID} | ||
| 22 | + | ||
| 23 | +PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl) | ||
| 24 | +echo "Stopping postgres." | ||
| 25 | +${PG_CTL} stop | ||
| 26 | + | ||
| 27 | +while [ -e /proc/${CASSANDRA_PID} ] | ||
| 28 | +do | ||
| 29 | + echo "Waiting for cassandra to stop." | ||
| 30 | + sleep 2 | ||
| 31 | +done | ||
| 32 | +echo "Cassandra was stopped." |
| @@ -20,13 +20,11 @@ RUN apt-get update | @@ -20,13 +20,11 @@ RUN apt-get update | ||
| 20 | RUN apt-get install -y curl | 20 | RUN apt-get install -y curl |
| 21 | RUN echo 'deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main' | tee --append /etc/apt/sources.list.d/pgdg.list > /dev/null | 21 | RUN echo 'deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main' | tee --append /etc/apt/sources.list.d/pgdg.list > /dev/null |
| 22 | RUN curl -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - | 22 | RUN curl -L https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - |
| 23 | +ENV PG_MAJOR 11 | ||
| 23 | RUN apt-get update | 24 | RUN apt-get update |
| 24 | RUN apt-get install -y postgresql-11 | 25 | RUN apt-get install -y postgresql-11 |
| 25 | RUN update-rc.d postgresql disable | 26 | RUN update-rc.d postgresql disable |
| 26 | 27 | ||
| 27 | -RUN mkdir -p /var/log/postgres | ||
| 28 | -RUN chown -R postgres:postgres /var/log/postgres | ||
| 29 | - | ||
| 30 | COPY logback.xml ${pkg.name}.conf start-db.sh stop-db.sh start-tb.sh upgrade-tb.sh install-tb.sh ${pkg.name}.deb /tmp/ | 28 | COPY logback.xml ${pkg.name}.conf start-db.sh stop-db.sh start-tb.sh upgrade-tb.sh install-tb.sh ${pkg.name}.deb /tmp/ |
| 31 | 29 | ||
| 32 | RUN chmod a+x /tmp/*.sh \ | 30 | RUN chmod a+x /tmp/*.sh \ |
| @@ -49,13 +47,29 @@ ENV HTTP_BIND_PORT=9090 | @@ -49,13 +47,29 @@ ENV HTTP_BIND_PORT=9090 | ||
| 49 | ENV DATABASE_TS_TYPE=sql | 47 | ENV DATABASE_TS_TYPE=sql |
| 50 | 48 | ||
| 51 | ENV PGDATA=/data/db | 49 | ENV PGDATA=/data/db |
| 50 | +ENV PATH=$PATH:/usr/lib/postgresql/$PG_MAJOR/bin | ||
| 52 | 51 | ||
| 53 | ENV SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect | 52 | ENV SPRING_JPA_DATABASE_PLATFORM=org.hibernate.dialect.PostgreSQLDialect |
| 54 | ENV SPRING_DRIVER_CLASS_NAME=org.postgresql.Driver | 53 | ENV SPRING_DRIVER_CLASS_NAME=org.postgresql.Driver |
| 55 | ENV SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/thingsboard | 54 | ENV SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/thingsboard |
| 56 | -ENV SPRING_DATASOURCE_USERNAME=postgres | 55 | +ENV SPRING_DATASOURCE_USERNAME=${pkg.user} |
| 57 | ENV SPRING_DATASOURCE_PASSWORD=postgres | 56 | ENV SPRING_DATASOURCE_PASSWORD=postgres |
| 58 | 57 | ||
| 58 | + | ||
| 59 | +ENV PGLOG=/var/log/postgres | ||
| 60 | +RUN mkdir -p $PGLOG | ||
| 61 | +RUN chown -R ${pkg.user}:${pkg.user} $PGLOG | ||
| 62 | + | ||
| 63 | +RUN chown -R ${pkg.user}:${pkg.user} /var/run/postgresql | ||
| 64 | + | ||
| 65 | +RUN mkdir -p /data | ||
| 66 | +RUN chown -R ${pkg.user}:${pkg.user} /data | ||
| 67 | + | ||
| 68 | +RUN chown -R ${pkg.user}:${pkg.user} /var/log/${pkg.name} | ||
| 69 | +RUN chmod 555 ${pkg.installFolder}/bin/${pkg.name}.jar | ||
| 70 | + | ||
| 71 | +USER ${pkg.user} | ||
| 72 | + | ||
| 59 | EXPOSE 9090 | 73 | EXPOSE 9090 |
| 60 | EXPOSE 1883 | 74 | EXPOSE 1883 |
| 61 | EXPOSE 5683/udp | 75 | EXPOSE 5683/udp |
| @@ -17,16 +17,15 @@ | @@ -17,16 +17,15 @@ | ||
| 17 | 17 | ||
| 18 | firstlaunch=${DATA_FOLDER}/.firstlaunch | 18 | firstlaunch=${DATA_FOLDER}/.firstlaunch |
| 19 | 19 | ||
| 20 | -export PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl) | 20 | +PG_CTL=$(find /usr/lib/postgresql/ -name pg_ctl) |
| 21 | 21 | ||
| 22 | if [ ! -d ${PGDATA} ]; then | 22 | if [ ! -d ${PGDATA} ]; then |
| 23 | mkdir -p ${PGDATA} | 23 | mkdir -p ${PGDATA} |
| 24 | - chown -R postgres:postgres ${PGDATA} | ||
| 25 | - su postgres -c '${PG_CTL} initdb -U postgres' | 24 | + ${PG_CTL} initdb |
| 26 | fi | 25 | fi |
| 27 | 26 | ||
| 28 | -su postgres -c '${PG_CTL} -l /var/log/postgres/postgres.log -w start' | 27 | +exec setsid nohup postgres >> ${PGLOG}/postgres.log 2>&1 & |
| 29 | 28 | ||
| 30 | if [ ! -f ${firstlaunch} ]; then | 29 | if [ ! -f ${firstlaunch} ]; then |
| 31 | - su postgres -c 'psql -U postgres -d postgres -c "CREATE DATABASE thingsboard"' | 30 | + psql -U ${pkg.user} -d postgres -c "CREATE DATABASE thingsboard" |
| 32 | fi | 31 | fi |
| @@ -43,6 +43,13 @@ ENV SPRING_DATASOURCE_URL=jdbc:hsqldb:file:/data/db/thingsboardDb;sql.enforce_si | @@ -43,6 +43,13 @@ ENV SPRING_DATASOURCE_URL=jdbc:hsqldb:file:/data/db/thingsboardDb;sql.enforce_si | ||
| 43 | ENV SPRING_DATASOURCE_USERNAME=sa | 43 | ENV SPRING_DATASOURCE_USERNAME=sa |
| 44 | ENV SPRING_DATASOURCE_PASSWORD= | 44 | ENV SPRING_DATASOURCE_PASSWORD= |
| 45 | 45 | ||
| 46 | +RUN mkdir -p /data | ||
| 47 | +RUN chown -R ${pkg.user}:${pkg.user} /data | ||
| 48 | + | ||
| 49 | +RUN chmod 555 ${pkg.installFolder}/bin/${pkg.name}.jar | ||
| 50 | + | ||
| 51 | +USER ${pkg.user} | ||
| 52 | + | ||
| 46 | EXPOSE 9090 | 53 | EXPOSE 9090 |
| 47 | EXPOSE 1883 | 54 | EXPOSE 1883 |
| 48 | EXPOSE 5683/udp | 55 | EXPOSE 5683/udp |