Skip to content

Commit

Permalink
Run solace container with a non-root user for podman compatibility
Browse files Browse the repository at this point in the history
The user gets ownership of the /var/lib/solace directory
  • Loading branch information
ozangunalp committed Feb 13, 2024
1 parent c3dc2da commit f2cbe96
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import static io.quarkus.runtime.LaunchMode.DEVELOPMENT;

import java.io.IOException;
import java.time.Duration;
import java.util.List;
import java.util.Map;
Expand All @@ -14,7 +15,7 @@
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.utility.DockerImageName;

import com.github.dockerjava.api.model.Ulimit;
import com.github.dockerjava.api.command.InspectContainerResponse;

import io.quarkus.deployment.IsNormal;
import io.quarkus.deployment.annotations.BuildStep;
Expand Down Expand Up @@ -211,13 +212,9 @@ public QuarkusSolaceContainer(DockerImageName dockerImageName, String serviceNam
addExposedPort(2222); // SSH connection to CLI

withCreateContainerCmdModifier(cmd -> {
cmd.getHostConfig().withShmSize((long) Math.pow(1024, 3))
.withUlimits(new Ulimit[] {
new Ulimit("core", -1, -1),
new Ulimit("memlock", -1, -1),
new Ulimit("nofile", 2448L, 42192L),
})
.withCpusetCpus("0-1")
cmd.withUser("1000");
cmd.getHostConfig()
.withShmSize((long) Math.pow(1024, 3))
.withMemorySwap(-1L)
.withMemoryReservation(0L);
});
Expand Down Expand Up @@ -245,6 +242,11 @@ protected void configure() {
}
}

@Override
protected void containerIsStarted(InspectContainerResponse containerInfo) {
executeCommand("chown 1000:0 -R /var/lib/solace");
}

public int getPort() {
if (useSharedNetwork) {
return 55555;
Expand All @@ -257,6 +259,17 @@ public int getPort() {
public String getHost() {
return useSharedNetwork ? hostName : super.getHost();
}

private void executeCommand(String... command) {
try {
ExecResult execResult = execInContainer(command);
if (execResult.getExitCode() != 0) {
logger().error("Could not execute command {}: {}", command, execResult.getStderr());
}
} catch (IOException | InterruptedException e) {
logger().error("Could not execute command {}: {}", command, e.getMessage());
}
}
}

private static class SolaceDevServiceConfig {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
import org.testcontainers.utility.MountableFile;

import com.github.dockerjava.api.command.InspectContainerResponse;
import com.github.dockerjava.api.model.Ulimit;

public class SolaceContainer extends GenericContainer<SolaceContainer> {

Expand Down Expand Up @@ -55,7 +54,11 @@ public SolaceContainer(DockerImageName dockerImageName) {
super(dockerImageName);
dockerImageName.assertCompatibleWith(DEFAULT_IMAGE_NAME);
withCreateContainerCmdModifier(cmd -> {
cmd.getHostConfig().withShmSize(SHM_SIZE).withUlimits(new Ulimit[] { new Ulimit("nofile", 2448L, 6592L) });
cmd.withUser("1000");
cmd.getHostConfig()
.withShmSize(SHM_SIZE)
.withMemorySwap(-1L)
.withMemoryReservation(0L);
});
this.waitStrategy = Wait.forLogMessage(SOLACE_READY_MESSAGE, 1).withStartupTimeout(Duration.ofSeconds(60));
withExposedPorts(8080);
Expand All @@ -70,6 +73,7 @@ protected void configure() {

@Override
protected void containerIsStarted(InspectContainerResponse containerInfo) {
executeCommand("chown 1000:0 -R /var/lib/solace");
if (withClientCert) {
executeCommand("cp", "/tmp/solace.pem", "/usr/sw/jail/certs/solace.pem");
executeCommand("cp", "/tmp/rootCA.crt", "/usr/sw/jail/certs/rootCA.crt");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
import org.testcontainers.utility.MountableFile;

import com.github.dockerjava.api.command.InspectContainerResponse;
import com.github.dockerjava.api.model.Ulimit;

public class SolaceContainer extends GenericContainer<SolaceContainer> {

Expand Down Expand Up @@ -65,7 +64,11 @@ public SolaceContainer(DockerImageName dockerImageName) {
super(dockerImageName);
dockerImageName.assertCompatibleWith(DEFAULT_IMAGE_NAME);
withCreateContainerCmdModifier(cmd -> {
cmd.getHostConfig().withShmSize(SHM_SIZE).withUlimits(new Ulimit[] { new Ulimit("nofile", 2448L, 6592L) });
cmd.withUser("1000");
cmd.getHostConfig()
.withShmSize(SHM_SIZE)
.withMemorySwap(-1L)
.withMemoryReservation(0L);
});
this.waitStrategy = Wait.forLogMessage(SOLACE_READY_MESSAGE, 1).withStartupTimeout(Duration.ofSeconds(60));
withExposedPorts(8080);
Expand All @@ -82,6 +85,7 @@ protected void configure() {

@Override
protected void containerIsStarted(InspectContainerResponse containerInfo) {
executeCommand("chown 1000:0 -R /var/lib/solace");
if (withClientCert) {
executeCommand("cp", "/tmp/solace.pem", "/usr/sw/jail/certs/solace.pem");
executeCommand("cp", "/tmp/rootCA.crt", "/usr/sw/jail/certs/rootCA.crt");
Expand Down

0 comments on commit f2cbe96

Please sign in to comment.