DEVOPS-1776 altlinux tomcat

config/Dockerfile

@@ -1,5 +1,5 @@
 ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
-ARG BACKEND_IMAGE=tomcat:9.0.93-jre17
+ARG BACKEND_IMAGE=repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
 ARG FRONTEND_IMAGE=docker.angie.software/angie:latest
 
 FROM $BUILDER_IMAGE AS builder
@@ -24,21 +24,24 @@ RUN mkdir -p $HOME/.m2 \
  && mvn package -T4C ${MVN_FLAGS}
 
 
-FROM $BACKEND_IMAGE AS backend
 FROM $BACKEND_IMAGE AS backend
 ARG ADMIN_PASSWORD=Secr3t
 
-COPY config/tomcat /usr/local/tomcat
+USER root
 
-RUN rm -rf /usr/local/tomcat/webapps/ROOT \
- && cat /usr/local/tomcat/conf/webbpm.properties >> /usr/local/tomcat/conf/catalina.properties \
- && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /usr/local/tomcat/conf/tomcat-users.xml
+COPY config/tomcat /
 
-COPY --from=builder /app/backend/target/dashboard.war /usr/local/tomcat/webapps/dashboard.war
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
 
+USER tomcat
+
+COPY --from=builder /app/backend/target/dashboard.war /var/lib/tomcat/webapps/dashboard.war
 
 FROM backend AS combo
-COPY --from=builder /app/frontend/target/frontend*.war /usr/local/tomcat/webapps/ROOT.war
+COPY --from=builder /app/frontend/target/frontend*.war /var/lib/tomcat/webapps/ROOT.war
 
 FROM $FRONTEND_IMAGE AS frontend
 

config/Dockerfile.TC

@@ -1,13 +1,22 @@
 #Dockerfile for TeamCity build "run in docker"
 
-FROM tomcat:9.0.93-jre17
+FROM repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
 ARG ADMIN_PASSWORD=Secr3t
 
-COPY config/tomcat /usr/local/tomcat
+USER root
 
-RUN rm -rf /usr/local/tomcat/webapps/ROOT \
- && cat /usr/local/tomcat/conf/webbpm.properties >> /usr/local/tomcat/conf/catalina.properties \
- && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /usr/local/tomcat/conf/tomcat-users.xml
+COPY tomcat /
 
-COPY frontend.war /usr/local/tomcat/webapps/ROOT.war
-COPY dashboard.war /usr/local/tomcat/webapps/dashboard.war
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
+
+COPY frontend.war /var/lib/tomcat/webapps/ROOT.war
+COPY dashboard.war /var/lib/tomcat/webapps/dashboard.war
+
+USER tomcat
+
+EXPOSE 8080
+
+ENTRYPOINT ["/entrypoint.sh"]

config/Dockerfile.alt

@@ -0,0 +1,49 @@
+ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
+
+FROM $BUILDER_IMAGE AS builder
+
+ARG MVN_FLAGS="-Pprod"
+
+RUN apt-get update \
+ && apt-get -y install git glibc-locales java-17-openjdk-devel maven node \
+ && apt-get clean
+
+WORKDIR /app
+
+COPY . .
+
+ENV JAVA_HOME=/usr/lib/jvm/java
+ENV LANG ru_RU.UTF-8
+ENV LANGUAGE ru_RU.UTF-8
+ENV LC_ALL ru_RU.UTF-8
+
+RUN mvn clean \
+ && mvn package -T4C ${MVN_FLAGS}
+
+FROM $RUNTIME_IMAGE
+ARG ADMIN_PASSWORD=Secr3t
+
+COPY config/entrypoint.sh /entrypoint.sh
+
+RUN apt-get update \
+ && apt-get -y install glibc-locales java-17-openjdk-headless mc \
+                       tomcat tomcat-admin-webapps \
+ && apt-get clean \
+ && chmod +x /entrypoint.sh
+
+COPY config/tomcat /
+
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
+
+COPY --from=builder /app/frontend/target/frontend*.war /var/lib/tomcat/webapps/ROOT.war
+COPY --from=builder /app/backend/target/dashboard*.war /var/lib/tomcat/webapps/dashboard.war
+
+USER tomcat
+
+EXPOSE 8080
+
+ENTRYPOINT ["/entrypoint.sh"]

config/Dockerfile.backend

@@ -1,5 +1,5 @@
 ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1
-ARG RUNTIME_IMAGE=tomcat:9.0.93-jre17
+ARG RUNTIME_IMAGE=repo.micord.ru/alt/alt-tomcat:c10f1-9.0.59-20240903
 
 FROM $BUILDER_IMAGE AS builder
 
@@ -26,10 +26,15 @@ RUN mkdir -p $HOME/.m2 \
 FROM $RUNTIME_IMAGE
 ARG ADMIN_PASSWORD=Secr3t
 
-COPY config/tomcat /usr/local/tomcat
+USER root
 
-RUN rm -rf /usr/local/tomcat/webapps/ROOT \
- && cat /usr/local/tomcat/conf/webbpm.properties >> /usr/local/tomcat/conf/catalina.properties \
- && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /usr/local/tomcat/conf/tomcat-users.xml
+COPY config/tomcat /
 
-COPY --from=builder /app/backend/target/dashboard*.war /usr/local/tomcat/webapps/dashboard.war
+RUN cat /etc/tomcat/webbpm.properties >> /etc/tomcat/catalina.properties \
+ && sed -i -r "s/<must-be-changed>/$ADMIN_PASSWORD/g" /etc/tomcat/tomcat-users.xml \
+ && chown root:tomcat /var/lib/tomcat/webapps \
+ && chmod g+rw /var/lib/tomcat/webapps
+
+USER tomcat
+
+COPY --from=builder /app/backend/target/dashboard*.war /var/lib/tomcat/webapps/dashboard.war

config/entrypoint.sh

@@ -0,0 +1,6 @@
+#! /bin/bash
+
+. /etc/tomcat/tomcat.conf
+. /etc/sysconfig/tomcat
+
+/usr/libexec/tomcat/server start

config/tomcat/etc/tomcat/conf.d/db.conf

@@ -1,9 +1,8 @@
-#!/usr/bin/env bash
-
-export JAVA_OPTS="$JAVA_OPTS \
+JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS \
  -Ddb.app.host=${DB_APP_HOST:-db} \
  -Ddb.app.port=${DB_APP_PORT:-5432} \
  -Ddb.app.name=${DB_APP_NAME:-app} \
  -Ddb.app.username=${DB_APP_USERNAME:-app_user} \
  -Ddb.app.password=${DB_APP_PASSWORD:-apppassword} \
 "
+export JDK_JAVA_OPTIONS

config/tomcat/etc/tomcat/context.xml

@@ -29,7 +29,7 @@
     <Manager pathname="" />
     -->
 
-    <Resource name="java:/webbpm/AppDS" auth="Container"
+    <Resource name="webbpm/AppDS" auth="Container"
           type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
           url="jdbc:postgresql://${db.app.host}:${db.app.port}/${db.app.name}"
           username="${db.app.username}" password="${db.app.password}" maxTotal="20" maxIdle="10" maxWaitMillis="-1"/>

config/tomcat/etc/tomcat/tomcat.conf

@@ -0,0 +1,52 @@
+# System-wide configuration file for tomcat services
+# This will be loaded by systemd as an environment file,
+# so please keep the syntax. For shell expansion support
+# place your custom files as /etc/tomcat/conf.d/*.conf
+#
+# There are 2 "classes" of startup behavior in this package.
+# The old one, the default service named tomcat.service.
+# The new named instances are called tomcat@instance.service.
+#
+# Use this file to change default values for all services.
+# Change the service specific ones to affect only one service.
+# For tomcat.service it's /etc/sysconfig/tomcat, for
+# tomcat@instance it's /etc/sysconfig/tomcat@instance.
+
+# This variable is used to figure out if config is loaded or not.
+TOMCAT_CFG_LOADED="1"
+
+# In new-style instances, if CATALINA_BASE isn't specified, it will
+# be constructed by joining TOMCATS_BASE and NAME.
+TOMCATS_BASE="/var/lib/tomcats/"
+
+# Where your java installation lives
+JAVA_HOME="/usr/lib/jvm/jre"
+
+# Where your tomcat installation lives
+CATALINA_HOME="/usr/share/tomcat"
+
+# System-wide tmp
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+
+# Use JAVA_OPTS to set java.library.path for libtcnative.so
+#JAVA_OPTS="-Djava.library.path=/usr/lib"
+
+# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381
+#JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory"
+JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+# SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set
+# TimeoutStopSec in tomcat.service.
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)

config/tomcat/etc/tomcat/webbpm.properties

@@ -1,4 +1,7 @@
+
+#
 # WebBPM properties
+#
 
 authentication.method=form
 
@@ -6,6 +9,8 @@ bpmn.enable=false
 fias.enable=false
 gar.enable=false
 
+mail.jndi.resource.name=
+
 reset_password.mail.template.path=mail/reset_password.html
 security.password.regex=^(?=.*[a-zA-Z])(?=.*[0-9])[a-zA-Z0-9]+$