diff --git a/Dockerfile b/Dockerfile index 06b00f696ef19f9f1f63d9a67d34e20100c02b22..ed45ca82e3bed31e0f37a4651293a4940cbe2e17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,6 +18,9 @@ RUN mkdir -p $WORKING_DIR # copy over the script to make permissions compatible with OpenShift COPY scripts/fix-permissions.sh /usr/local/bin +# copy create user script +COPY scripts/createuser.sh /docker-entrypoint-initdb.d/ + # ensure the script is executable RUN chmod a+x /usr/local/bin/fix-permissions.sh @@ -26,12 +29,15 @@ RUN fix-permissions.sh ${DATA_DIR} -P && \ fix-permissions.sh ${CONFIG_DIR} -P && \ fix-permissions.sh ${WORKING_DIR} -P -RUN ls -ltrh ${DATA_DIR} -RUN ls -ltrh ${CONFIG_DIR} -RUN ls -ltrh ${WORKING_DIR} - # set home directory to persistent volume directory ENV HOME=/var/lib/mongodb/data +# ensure folder is writable +RUN chown -R mongodb:mongodb /usr/local/bin + # switch back to mongodb (for non-containerized environments) USER mongodb:mongodb + +HEALTHCHECK --interval=15s --timeout=3s CMD echo 'db.runCommand("ping").ok' | mongo localhost:27017/test + + diff --git a/README.md b/README.md index 5dc6fa6db4361c22da2f35edf0544d83ba6001e2..a909b8af330aa8146b16e2f71bfc8f87fca6ee9a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# +# aap-mongo -Project template for all Iron Bank container repositories. \ No newline at end of file +Mongo Image that is set up to work on AAP enviornment on Openshift diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 28bbecdb4a2ea41d2a8b12215ed5b06da4998854..e5bf0291ef7c5451b2805e32833b4af43df31765 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -7,7 +7,7 @@ name: "diat/aap-mongo" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "14.1" +- "15.1" - "latest" # Build args passed to Dockerfile ARGs @@ -29,7 +29,7 @@ labels: # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "aap-mongo" # Authoritative version of the software - org.opencontainers.image.version: "14.1" + org.opencontainers.image.version: "15.1" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "aap,mongo,aap-mongo,aapmongo,mongodb,aap-mongodb,atlas,diat" # This value can be "opensource" or "commercial" diff --git a/scripts/createuser.sh b/scripts/createuser.sh new file mode 100644 index 0000000000000000000000000000000000000000..fd8aee2d9ab775787445b9d0c2b63b80b85caec5 --- /dev/null +++ b/scripts/createuser.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +echo "Initializing database $MONGO_INITDB_DATABASE and creating database user $MONGODB_USER" + +mongo=( mongo --host 127.0.0.1 --port 27017 --quiet ) + +"${mongo[@]}" "$MONGO_INITDB_DATABASE" <<-EOJS + db.createUser({ + user: $(_js_escape "$MONGODB_USER"), + pwd: $(_js_escape "$MONGODB_PASSWORD"), + roles: [ { role: 'readWrite', db: $(_js_escape "$MONGO_INITDB_DATABASE") } ] + }) + +EOJS +