From ce10d21a45c83a1f41280cbacc30abc64e365e6d Mon Sep 17 00:00:00 2001 From: mayerro Date: Wed, 20 Nov 2024 14:32:03 +0100 Subject: [PATCH 01/11] Reapply "dbeaver/dbeaver-devops#1553 Added user dbeaver in dockerfile cloudbeaver (#3067)" This reverts commit a36a5550e091297a22adc20bf7cf32c03f85d80d. --- deploy/docker/cloudbeaver-ce/Dockerfile | 9 +++++++-- deploy/scripts/launch-product.sh | 23 +++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 deploy/scripts/launch-product.sh diff --git a/deploy/docker/cloudbeaver-ce/Dockerfile b/deploy/docker/cloudbeaver-ce/Dockerfile index 95bdcc6812..ed385f0164 100644 --- a/deploy/docker/cloudbeaver-ce/Dockerfile +++ b/deploy/docker/cloudbeaver-ce/Dockerfile @@ -2,12 +2,17 @@ FROM dbeaver/base-java MAINTAINER DBeaver Corp, devops@dbeaver.com -RUN apt-get update; \ +RUN useradd -m -s /bin/bash dbeaver && \ + apt-get update; \ apt-get upgrade -y; COPY cloudbeaver /opt/cloudbeaver +COPY scripts/launch-product.sh /opt/cloudbeaver/launch-product.sh +RUN chmod +x /opt/cloudbeaver/launch-product.sh +RUN chown -R dbeaver:dbeaver /opt/cloudbeaver EXPOSE 8978 RUN find /opt/cloudbeaver -type d -exec chmod 775 {} \; WORKDIR /opt/cloudbeaver/ -ENTRYPOINT ["./run-server.sh"] + +ENTRYPOINT ["./launch-product.sh"] diff --git a/deploy/scripts/launch-product.sh b/deploy/scripts/launch-product.sh new file mode 100644 index 0000000000..2be1bf59e4 --- /dev/null +++ b/deploy/scripts/launch-product.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# This script is needed to change ownership and run the application as user dbeaver during the upgrade from version 24.2.0 + +# Define the path to the workspace volume and user/group for ownership changes +VOLUME_PATH="/opt/cloudbeaver/workspace" +NEW_USER="dbeaver" +NEW_GROUP="dbeaver" + +# Change ownership of the VOLUME_PATH to the dbeaver user and group +chown -R $NEW_USER:$NEW_GROUP $VOLUME_PATH + +# This allows the dbeaver user and group to have read, write, and execute permissions, while others have only read and execute +find $VOLUME_PATH -type d -exec chmod 775 {} + + +# This allows the dbeaver user and group to read and write files, while others can only read +find $VOLUME_PATH -type f -exec chmod 664 {} + + +# This ensures that the root workspace directory itself has the correct permissions +chmod 775 $VOLUME_PATH + +# Execute run-server.sh as the dbeaver user with the JAVA_HOME and PATH environment variables +exec su $NEW_USER -c "JAVA_HOME=$JAVA_HOME PATH=$PATH ./run-server.sh" \ No newline at end of file From 7b6d29a7769ba3dfe69b698ca728030d38808f32 Mon Sep 17 00:00:00 2001 From: mayerro Date: Wed, 20 Nov 2024 14:44:44 +0100 Subject: [PATCH 02/11] dbeaver/dbeaver-devops#1553 updated base-java image with user --- deploy/docker/base-java/Dockerfile | 6 ++++++ deploy/docker/cloudbeaver-ce/Dockerfile | 7 +++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/deploy/docker/base-java/Dockerfile b/deploy/docker/base-java/Dockerfile index b59a3fc0b9..9a20a376f2 100644 --- a/deploy/docker/base-java/Dockerfile +++ b/deploy/docker/base-java/Dockerfile @@ -4,6 +4,12 @@ MAINTAINER DBeaver Corp, devops@dbeaver.com ENV DEBIAN_FRONTEND=noninteractive +ENV DBEAVER_GID=21001 +ENV DBEAVER_UID=21001 + +RUN groupadd -g $DBEAVER_GID dbeaver +RUN useradd -G dbeaver -m -u $DBEAVER_UID -s /bin/bash dbeaver + RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ diff --git a/deploy/docker/cloudbeaver-ce/Dockerfile b/deploy/docker/cloudbeaver-ce/Dockerfile index ed385f0164..a73c4ace04 100644 --- a/deploy/docker/cloudbeaver-ce/Dockerfile +++ b/deploy/docker/cloudbeaver-ce/Dockerfile @@ -2,10 +2,9 @@ FROM dbeaver/base-java MAINTAINER DBeaver Corp, devops@dbeaver.com -RUN useradd -m -s /bin/bash dbeaver && \ - apt-get update; \ - apt-get upgrade -y; - +RUN apt-get update && \ + apt-get upgrade -y + COPY cloudbeaver /opt/cloudbeaver COPY scripts/launch-product.sh /opt/cloudbeaver/launch-product.sh RUN chmod +x /opt/cloudbeaver/launch-product.sh From ab0925c1a9533f52165b71118af7411dcdd2c516 Mon Sep 17 00:00:00 2001 From: mayerro Date: Wed, 20 Nov 2024 15:29:33 +0100 Subject: [PATCH 03/11] dbeaver/dbeaver-devops#1553 fixed user usage and ownership applying --- deploy/docker/base-java/Dockerfile | 3 +-- deploy/docker/cloudbeaver-ce/Dockerfile | 9 ++++++--- deploy/scripts/launch-product.sh | 19 ++++--------------- 3 files changed, 11 insertions(+), 20 deletions(-) diff --git a/deploy/docker/base-java/Dockerfile b/deploy/docker/base-java/Dockerfile index 9a20a376f2..c3f12ca6c1 100644 --- a/deploy/docker/base-java/Dockerfile +++ b/deploy/docker/base-java/Dockerfile @@ -29,8 +29,7 @@ RUN set -eux; \ tzdata \ # locales ensures proper character encoding and locale-specific behaviors using en_US.UTF-8 locales \ - nano \ - ; \ + nano && \ echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen; \ locale-gen en_US.UTF-8; \ rm -rf /var/lib/apt/lists/* diff --git a/deploy/docker/cloudbeaver-ce/Dockerfile b/deploy/docker/cloudbeaver-ce/Dockerfile index a73c4ace04..ca8cd87b57 100644 --- a/deploy/docker/cloudbeaver-ce/Dockerfile +++ b/deploy/docker/cloudbeaver-ce/Dockerfile @@ -3,15 +3,18 @@ FROM dbeaver/base-java MAINTAINER DBeaver Corp, devops@dbeaver.com RUN apt-get update && \ - apt-get upgrade -y + apt-get upgrade -y COPY cloudbeaver /opt/cloudbeaver COPY scripts/launch-product.sh /opt/cloudbeaver/launch-product.sh -RUN chmod +x /opt/cloudbeaver/launch-product.sh -RUN chown -R dbeaver:dbeaver /opt/cloudbeaver + +# Variables DBEAVER_ are inherited from the dbeaver/base-java image +RUN chown -R $DBEAVER_UID:$DBEAVER_GID /opt/cloudbeaver EXPOSE 8978 RUN find /opt/cloudbeaver -type d -exec chmod 775 {} \; WORKDIR /opt/cloudbeaver/ +RUN chmod +x "run-server.sh" "/opt/cloudbeaver/launch-product.sh" + ENTRYPOINT ["./launch-product.sh"] diff --git a/deploy/scripts/launch-product.sh b/deploy/scripts/launch-product.sh index 2be1bf59e4..044cefdafd 100644 --- a/deploy/scripts/launch-product.sh +++ b/deploy/scripts/launch-product.sh @@ -3,21 +3,10 @@ # This script is needed to change ownership and run the application as user dbeaver during the upgrade from version 24.2.0 # Define the path to the workspace volume and user/group for ownership changes -VOLUME_PATH="/opt/cloudbeaver/workspace" -NEW_USER="dbeaver" -NEW_GROUP="dbeaver" - # Change ownership of the VOLUME_PATH to the dbeaver user and group -chown -R $NEW_USER:$NEW_GROUP $VOLUME_PATH - -# This allows the dbeaver user and group to have read, write, and execute permissions, while others have only read and execute -find $VOLUME_PATH -type d -exec chmod 775 {} + - -# This allows the dbeaver user and group to read and write files, while others can only read -find $VOLUME_PATH -type f -exec chmod 664 {} + - -# This ensures that the root workspace directory itself has the correct permissions -chmod 775 $VOLUME_PATH +# Variables DBEAVER_ are inherited from the dbeaver/base-java image +# PWD equals WORKDIR value from product Dockerfile +chown -R $DBEAVER_UID:$DBEAVER_GID $PWD # Execute run-server.sh as the dbeaver user with the JAVA_HOME and PATH environment variables -exec su $NEW_USER -c "JAVA_HOME=$JAVA_HOME PATH=$PATH ./run-server.sh" \ No newline at end of file +exec su $DBEAVER_UID -c "JAVA_HOME=$JAVA_HOME PATH=$PATH ./run-server.sh" \ No newline at end of file From 307fc031fd2fbdf9ebd24e20464d0d3290fd6ec8 Mon Sep 17 00:00:00 2001 From: mayerro Date: Wed, 20 Nov 2024 15:38:12 +0100 Subject: [PATCH 04/11] dbeaver/dbeaver-devops#1553 changed GID UID --- deploy/docker/base-java/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/docker/base-java/Dockerfile b/deploy/docker/base-java/Dockerfile index c3f12ca6c1..e363a3282c 100644 --- a/deploy/docker/base-java/Dockerfile +++ b/deploy/docker/base-java/Dockerfile @@ -4,8 +4,8 @@ MAINTAINER DBeaver Corp, devops@dbeaver.com ENV DEBIAN_FRONTEND=noninteractive -ENV DBEAVER_GID=21001 -ENV DBEAVER_UID=21001 +ENV DBEAVER_GID=8978 +ENV DBEAVER_UID=8978 RUN groupadd -g $DBEAVER_GID dbeaver RUN useradd -G dbeaver -m -u $DBEAVER_UID -s /bin/bash dbeaver From aace0e2ef92506c5d733743cdb68838cce6c666d Mon Sep 17 00:00:00 2001 From: mayerro Date: Wed, 20 Nov 2024 15:41:12 +0100 Subject: [PATCH 05/11] dbeaver/dbeaver-devops#1553 desc of chowner fixed --- deploy/scripts/launch-product.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deploy/scripts/launch-product.sh b/deploy/scripts/launch-product.sh index 044cefdafd..a7aba895d4 100644 --- a/deploy/scripts/launch-product.sh +++ b/deploy/scripts/launch-product.sh @@ -2,8 +2,7 @@ # This script is needed to change ownership and run the application as user dbeaver during the upgrade from version 24.2.0 -# Define the path to the workspace volume and user/group for ownership changes -# Change ownership of the VOLUME_PATH to the dbeaver user and group +# Change ownership of the WORKDIR to the dbeaver user and group # Variables DBEAVER_ are inherited from the dbeaver/base-java image # PWD equals WORKDIR value from product Dockerfile chown -R $DBEAVER_UID:$DBEAVER_GID $PWD From 3487fda4baf9860771b7bf8f77dd24a8e7dbb003 Mon Sep 17 00:00:00 2001 From: mayerro Date: Wed, 20 Nov 2024 17:27:24 +0100 Subject: [PATCH 06/11] dbeaver/dbeaver-devops#1553 fixed user creation --- deploy/docker/base-java/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/docker/base-java/Dockerfile b/deploy/docker/base-java/Dockerfile index e363a3282c..e4558438b8 100644 --- a/deploy/docker/base-java/Dockerfile +++ b/deploy/docker/base-java/Dockerfile @@ -8,7 +8,7 @@ ENV DBEAVER_GID=8978 ENV DBEAVER_UID=8978 RUN groupadd -g $DBEAVER_GID dbeaver -RUN useradd -G dbeaver -m -u $DBEAVER_UID -s /bin/bash dbeaver +RUN useradd -g $DBEAVER_GID -M -u $DBEAVER_UID -s /bin/bash dbeaver RUN set -eux; \ apt-get update; \ From 3e9a8cca14b03a45884b829b90a9d1cda91eafbd Mon Sep 17 00:00:00 2001 From: Greg Miller Date: Thu, 21 Nov 2024 11:47:52 +0100 Subject: [PATCH 07/11] dbeaver/dbeaver-devops#1553 Added creating dbeaver user in ce dockerfile --- deploy/docker/base-java/Dockerfile | 6 ------ deploy/docker/cloudbeaver-ce/Dockerfile | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/docker/base-java/Dockerfile b/deploy/docker/base-java/Dockerfile index e4558438b8..c0827d7811 100644 --- a/deploy/docker/base-java/Dockerfile +++ b/deploy/docker/base-java/Dockerfile @@ -4,12 +4,6 @@ MAINTAINER DBeaver Corp, devops@dbeaver.com ENV DEBIAN_FRONTEND=noninteractive -ENV DBEAVER_GID=8978 -ENV DBEAVER_UID=8978 - -RUN groupadd -g $DBEAVER_GID dbeaver -RUN useradd -g $DBEAVER_GID -M -u $DBEAVER_UID -s /bin/bash dbeaver - RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ diff --git a/deploy/docker/cloudbeaver-ce/Dockerfile b/deploy/docker/cloudbeaver-ce/Dockerfile index ca8cd87b57..7e7e8a9690 100644 --- a/deploy/docker/cloudbeaver-ce/Dockerfile +++ b/deploy/docker/cloudbeaver-ce/Dockerfile @@ -2,9 +2,15 @@ FROM dbeaver/base-java MAINTAINER DBeaver Corp, devops@dbeaver.com +ENV DBEAVER_GID=8978 +ENV DBEAVER_UID=8978 + RUN apt-get update && \ apt-get upgrade -y +RUN groupadd -g $DBEAVER_GID dbeaver && \ + useradd -g $DBEAVER_GID -M -u $DBEAVER_UID -s /bin/bash dbeaver + COPY cloudbeaver /opt/cloudbeaver COPY scripts/launch-product.sh /opt/cloudbeaver/launch-product.sh From af5c6addaa6592b05434383f470ff3451acbbad7 Mon Sep 17 00:00:00 2001 From: Greg Miller Date: Thu, 21 Nov 2024 11:51:03 +0100 Subject: [PATCH 08/11] dbeaver/dbeaver-devops#1553 Removed comment --- deploy/docker/cloudbeaver-ce/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/docker/cloudbeaver-ce/Dockerfile b/deploy/docker/cloudbeaver-ce/Dockerfile index 7e7e8a9690..18a1d20051 100644 --- a/deploy/docker/cloudbeaver-ce/Dockerfile +++ b/deploy/docker/cloudbeaver-ce/Dockerfile @@ -14,7 +14,6 @@ RUN groupadd -g $DBEAVER_GID dbeaver && \ COPY cloudbeaver /opt/cloudbeaver COPY scripts/launch-product.sh /opt/cloudbeaver/launch-product.sh -# Variables DBEAVER_ are inherited from the dbeaver/base-java image RUN chown -R $DBEAVER_UID:$DBEAVER_GID /opt/cloudbeaver EXPOSE 8978 From 5e69c9e6a18b9c2e967ae0ce730b2f65e1c886f1 Mon Sep 17 00:00:00 2001 From: Greg Miller Date: Thu, 21 Nov 2024 11:53:43 +0100 Subject: [PATCH 09/11] dbeaver/dbeaver-devops#1553 Removed comment --- deploy/scripts/launch-product.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/scripts/launch-product.sh b/deploy/scripts/launch-product.sh index a7aba895d4..53ea84348c 100644 --- a/deploy/scripts/launch-product.sh +++ b/deploy/scripts/launch-product.sh @@ -3,7 +3,6 @@ # This script is needed to change ownership and run the application as user dbeaver during the upgrade from version 24.2.0 # Change ownership of the WORKDIR to the dbeaver user and group -# Variables DBEAVER_ are inherited from the dbeaver/base-java image # PWD equals WORKDIR value from product Dockerfile chown -R $DBEAVER_UID:$DBEAVER_GID $PWD From 62c7715136f409fd56105e43830eea5e5c31f391 Mon Sep 17 00:00:00 2001 From: Greg Miller Date: Thu, 21 Nov 2024 11:57:47 +0100 Subject: [PATCH 10/11] dbeaver/dbeaver-devops#1553 Rewrited comment --- deploy/scripts/launch-product.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/scripts/launch-product.sh b/deploy/scripts/launch-product.sh index 53ea84348c..b53c3cb4fd 100644 --- a/deploy/scripts/launch-product.sh +++ b/deploy/scripts/launch-product.sh @@ -3,6 +3,7 @@ # This script is needed to change ownership and run the application as user dbeaver during the upgrade from version 24.2.0 # Change ownership of the WORKDIR to the dbeaver user and group +# Variables DBEAVER_ are defined in the Dockerfile and exported to the runtime environment # PWD equals WORKDIR value from product Dockerfile chown -R $DBEAVER_UID:$DBEAVER_GID $PWD From c736cd42ea7ceaa9630c4ade8aa34d5947b33548 Mon Sep 17 00:00:00 2001 From: Greg Miller Date: Thu, 21 Nov 2024 13:02:00 +0100 Subject: [PATCH 11/11] dbeaver/dbeaver-devops#1553 Replaced UID on user name --- deploy/scripts/launch-product.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/scripts/launch-product.sh b/deploy/scripts/launch-product.sh index b53c3cb4fd..605a4d7a7a 100644 --- a/deploy/scripts/launch-product.sh +++ b/deploy/scripts/launch-product.sh @@ -8,4 +8,4 @@ chown -R $DBEAVER_UID:$DBEAVER_GID $PWD # Execute run-server.sh as the dbeaver user with the JAVA_HOME and PATH environment variables -exec su $DBEAVER_UID -c "JAVA_HOME=$JAVA_HOME PATH=$PATH ./run-server.sh" \ No newline at end of file +exec su dbeaver -c "JAVA_HOME=$JAVA_HOME PATH=$PATH ./run-server.sh" \ No newline at end of file