Commit d46446dc by Amir Aharon

72 changes and code inspection

parent 3948d6b1
{
"cmake.configureOnOpen": false
}
\ No newline at end of file
Security:
- Docker:
- docker-bench-Security
- Code:
dependency-check (owasp tool):
./dependency-check.sh --project "activities" --scan "/home/amir/git/ipgallery/common/java/microservice/build/app"
results in html file: dependency-check-report.html
Inspect:
Sonarqube:
- Docker: docker run -d --name sonarqube -p 9010:9000 sonarqube
- Intellij: https://github.com/sonar-intellij-plugin/sonar-intellij-plugin
- run from command line
./gradlew sonarqube -x test -Dsonar.projectKey=microservices -Dsonar.host.url=http://localhost:9010 -Dsonar.login=61d37da4d14128f0912d456c7efaacc06cd43ca3
- from gradle:
plugins {
id "org.sonarqube" version "2.7"
}
sonarqube {
properties {
property "sonar.projectKey", "microservices"
property "sonar.host.url", "http://localhost:9010"
property "sonar.login", "61d37da4d14128f0912d456c7efaacc06cd43ca3"
property "sonar.java.binaries", "build/app"
}
}
\ No newline at end of file
version: "2"
services:
jobmanager:
# image: flink:1.7
image: municipalitybank.com:5050/mcx/devops/flink-pulsar:1.9
expose:
- "6123"
ports:
- "8081:8081"
command: jobmanager
environment:
- JOB_MANAGER_RPC_ADDRESS=jobmanager
# extra_hosts:
# - "alerts:172.16.1.244"
# - "scp:172.16.1.72"
# volumes:
# - "/opt/flink/conf/flink-conf.yaml:/home/amir/git/devops/docker/composers/flink-conf.yaml"
networks:
- backend
taskmanager:
# image: flink:1.7
image: municipalitybank.com:5050/mcx/devops/flink-pulsar:1.9
expose:
- "6121"
- "6122"
depends_on:
- jobmanager
command: taskmanager
links:
- "jobmanager:jobmanager"
environment:
- JOB_MANAGER_RPC_ADDRESS=jobmanager
# extra_hosts:
# - "alerts:172.16.1.244"
# - "scp:172.16.1.72"
# volumes:
# - "/opt/flink/conf/flink-conf.yaml:/home/amir/git/devops/docker/composers/flink-conf.yaml"
networks:
- backend
pulsar:
image: apachepulsar/pulsar:2.4.2
# image: apachepulsar/pulsar-standalone:2.4.2
ports:
- 8090:8080
- 6650:6650
command: bin/pulsar standalone
# volumes:
# - "/ext/pulsar/data:/pulsar/data"
networks:
- backend
networks:
backend:
driver: bridge
...@@ -72,7 +72,8 @@ services: ...@@ -72,7 +72,8 @@ services:
- backend - backend
## CONTROL-CENTER-NEW ## CONTROL-CENTER-NEW
control-center: control-center:
image: municipalitybank.com:5050/ipgallery.web/control-center:52-3a16cae image: municipalitybank.com:5050/ipgallery.web/control-center:53-fac5047
# image: municipalitybank.com:5050/ipgallery.web/control-center:52-3a16cae
# image: municipalitybank.com:5050/ipgallery.web/control-center:51-b52ae5d # image: municipalitybank.com:5050/ipgallery.web/control-center:51-b52ae5d
# image: municipalitybank.com:5050/ipgallery.web/control-center:50-d2832a9 # image: municipalitybank.com:5050/ipgallery.web/control-center:50-d2832a9
# image: municipalitybank.com:5050/ipgallery.web/control-center:49-3699a0e # image: municipalitybank.com:5050/ipgallery.web/control-center:49-3699a0e
...@@ -111,7 +112,7 @@ services: ...@@ -111,7 +112,7 @@ services:
PUBLIC_SAFETY_IC_PORT_50004_TCP_ADDR: "public-safety-ic" PUBLIC_SAFETY_IC_PORT_50004_TCP_ADDR: "public-safety-ic"
SRG_PORT_7681_TCP_ADDR: "srg" SRG_PORT_7681_TCP_ADDR: "srg"
SRG_PORT_7681_TCP_PORT: "7681" SRG_PORT_7681_TCP_PORT: "7681"
PROFILE_FILE_NAME: "38DT6ptK3WL0NYi" PROFILE_FILE_NAME: "xj1qoOOvAPE0iR8"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
......
...@@ -4,11 +4,20 @@ FROM openjdk:8-jdk-slim ...@@ -4,11 +4,20 @@ FROM openjdk:8-jdk-slim
RUN mkdir -p /logs/conf RUN mkdir -p /logs/conf
# COPY src/log4j.xml /logs/conf/
# COPY src/run.sh /usr/
# RUN chmod +x /usr/run.sh
RUN useradd -ms /bin/bash ipgallery
#RUN echo "ipgallery ALL=(ALL:ALL) ALL" >> /etc/sudoers
COPY src/log4j.xml /logs/conf/ COPY src/log4j.xml /logs/conf/
COPY src/run.sh /usr/ COPY src/run.sh /home/ipgallery/
RUN chmod +x /usr/run.sh RUN chmod +x /home/ipgallery/run.sh
RUN apt-get update && apt-get install -y curl
USER ipgallery
WORKDIR /usr WORKDIR /home/ipgallery
#EXPOSE 8000 #EXPOSE 8000
......
FROM drissamri/java:jre8
#FROM registry.ng.bluemix.net/ibmliberty
RUN mkdir -p /logs/conf
COPY src/log4j.xml /logs/conf/
COPY src/run.sh /usr/
RUN chmod +x /usr/run.sh
WORKDIR /usr
#EXPOSE 8000
#ENTRYPOINT ["/usr/run.sh","/usr/GroupService.jar"]
# for debugging add -e USE_DEBUG and add -p 8000:8000 to run params
...@@ -70,3 +70,11 @@ Remove unused data ...@@ -70,3 +70,11 @@ Remove unused data
And some more And some more
# docker system prune -af # docker system prune -af
# docker inspections:
- See all status
docker ps --quiet --all | xargs docker inspect --format '{{ .Id }}: Ports={{ .State.Status }}'
- See all exposed Ports
docker ps --quiet | xargs docker inspect --format '{{ .Id }}: Ports={{ .NetworkSettings.Ports }}'
- See all ip addresses
docker ps --quiet | xargs docker inspect --format '{{ .Id }}: Ports={{ .NetworkSettings.Networks.docker_backend.IPAddress }}'
Running:
docker run -it --net host --pid host --userns host --cap-add audit_control \
-e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
-v /etc:/etc:ro \
-v /usr/bin/docker-containerd:/usr/bin/docker-containerd:ro \
-v /usr/bin/docker-runc:/usr/bin/docker-runc:ro \
-v /usr/lib/systemd:/usr/lib/systemd:ro \
-v /var/lib:/var/lib:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--label docker_bench_security \
docker/docker-bench-security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment