REPO-5271 Backport new structure to relaese/6.2.1 (#20)

- Simplify dependencies and standardise order - README updated - Green builds - Changes to make Jars in enterprise war match - Changes to make files in enterprise image match - Added travis_wait 40 to the initial build as it can take 20 minutes to download artifacts - Removed NodesTest.siteConsumerWillGet403OnFileWithDisabledInherittedPermissions introduced in 7.0.0 and fails in earlier versions. - GetSiteMember[s]Tests changed in 7.0.0. Setting test back to previous values.
2025-07-31 17:39:05 +00:00 · 2020-09-27 10:53:41 +01:00
parent 508b5dfb3d
commit 8f50904785
106 changed files with 4848 additions and 8640 deletions
--- a/packaging/docker-alfresco/Dockerfile
+++ b/packaging/docker-alfresco/Dockerfile
@@ -1,6 +1,9 @@
-# Fetch image based on Tomcat 8.5.43 and Java 11
+# Fetch image based on Tomcat 8.5 and Java 11
 # More infos about this image: https://github.com/Alfresco/alfresco-docker-base-tomcat
-FROM alfresco/alfresco-base-tomcat:8.5.43-java-11-openjdk-centos-7
+FROM alfresco/alfresco-base-tomcat:8.5.51-java-11-openjdk-centos-7
+
+# Set default docker_context.
+ARG resource_path=target

 # Set default user information
 ARG GROUPNAME=Alfresco
@@ -13,46 +16,45 @@ ARG TOMCAT_DIR=/usr/local/tomcat


 # Create prerequisite to store tools and properties
-RUN mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension && \
-    mkdir ${TOMCAT_DIR}/alfresco-mmt
-RUN touch ${TOMCAT_DIR}/shared/classes/alfresco-global.properties
+RUN mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/mimetypes && \
+    mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/renditions && \
+    mkdir -p ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/pipelines && \
+    mkdir ${TOMCAT_DIR}/alfresco-mmt && \
+    touch ${TOMCAT_DIR}/shared/classes/alfresco-global.properties

 # You need to run `mvn clean install` in the root of this project to update the following dependencies
 # Copy the WAR files to the appropriate location for your application server
 # Copy the JDBC drivers for the database you are using to the lib/ directory.
 # Copy the alfresco-mmt.jar
-COPY target/war ${TOMCAT_DIR}/webapps
-COPY target/connector/* ${TOMCAT_DIR}/lib/
-COPY target/alfresco-mmt/* ${TOMCAT_DIR}/alfresco-mmt/
+COPY ${resource_path}/war ${TOMCAT_DIR}/webapps
+COPY ${resource_path}/connector/* ${TOMCAT_DIR}/lib/
+COPY ${resource_path}/alfresco-mmt/* ${TOMCAT_DIR}/alfresco-mmt/

 # Copy Licenses to the root of the Docker image
 RUN mkdir /licenses
-COPY target/licenses/ /licenses/
+COPY ${resource_path}/licenses/ /licenses/

 # Change the value of the shared.loader= property to the following:
 # shared.loader=${catalina.base}/shared/classes
 RUN sed -i "s/shared.loader=/shared.loader=\${catalina.base}\/shared\/classes/" ${TOMCAT_DIR}/conf/catalina.properties

-RUN mkdir -p ${TOMCAT_DIR}/amps \
-             ${TOMCAT_DIR}/shared/classes/alfresco/extension/mimetypes \
-             ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/renditions \
-             ${TOMCAT_DIR}/shared/classes/alfresco/extension/transform/pipelines
+RUN mkdir -p ${TOMCAT_DIR}/amps

 #RUN echo -e '\n\
 #log4j.logger.org.alfresco.repo.content.transform.TransformerDebug=debug\n\
 #' >> ${TOMCAT_DIR}/shared/classes/alfresco/extension/custom-log4j.propertiesRUN mkdir -p ${TOMCAT_DIR}/amps

 # Copy the amps from build context to the appropriate location for your application server
-COPY target/amps ${TOMCAT_DIR}/amps
+COPY ${resource_path}/amps ${TOMCAT_DIR}/amps

 # Install amps on alfresco.war
 RUN java -jar ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt*.jar install \
              ${TOMCAT_DIR}/amps ${TOMCAT_DIR}/webapps/alfresco -directory -nobackup -force

-# Docker CMD from parent image starts the server
+# Move the log file
+RUN sed -i -e "s_log4j.appender.File.File\=alfresco.log_log4j.appender.File.File\=${TOMCAT_DIR}/logs\/alfresco.log_" \
+        ${TOMCAT_DIR}/webapps/alfresco/WEB-INF/classes/log4j.properties && \

-# Make webapps folder read-only.
-RUN chmod -R =r ${TOMCAT_DIR}/webapps && \
 # Add catalina.policy to ROOT.war and alfresco.war
 # Grant all security permissions to alfresco webapp because of numerous permissions required in order to work properly.
 # Grant only deployXmlPermission to ROOT webapp.
@@ -68,6 +70,14 @@ RUN yum install -y fontconfig-2.13.0-4.3.el7 \
                   dejavu-sans-fonts-2.33-6.el7 && \
    yum clean all

+# Generate default keystore. Please generate new one for production systems
+ARG CERT_DNAME="CN=Alfresco Repository, OU=Unknown, O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB"
+ARG CERT_VALIDITY=36525
+ARG KEYSTORE_PASSWORD=mp6yc0UD9e
+RUN mkdir ${TOMCAT_DIR}/shared/classes/alfresco/keystore && \
+    keytool -genseckey -dname "$CERT_DNAME" -validity ${CERT_VALIDITY} -alias metadata -keyalg AES -keysize 256 -keystore ${TOMCAT_DIR}/shared/classes/alfresco/keystore/keystore -storetype pkcs12 -storepass ${KEYSTORE_PASSWORD}
+
+
 # The standard configuration is to have all Tomcat files owned by root with group GROUPNAME and whilst owner has read/write privileges, 
 # group only has restricted permissions and world has no permissions.
 RUN mkdir -p ${TOMCAT_DIR}/conf/Catalina/localhost && \
@@ -75,7 +85,6 @@ RUN mkdir -p ${TOMCAT_DIR}/conf/Catalina/localhost && \
    groupadd -g ${GROUPID} ${GROUPNAME} && \
    useradd -u ${USERID} -G ${GROUPNAME} ${IMAGEUSERNAME} && \
    chgrp -R ${GROUPNAME} ${TOMCAT_DIR} && \
-    chmod g+w ${TOMCAT_DIR}/logs && \
    chmod g+rx ${TOMCAT_DIR}/conf && \
    chmod -R g+r ${TOMCAT_DIR}/conf && \
    find ${TOMCAT_DIR}/webapps -type d -exec chmod 0750 {} \; && \
@@ -84,14 +93,17 @@ RUN mkdir -p ${TOMCAT_DIR}/conf/Catalina/localhost && \
    chmod g+r ${TOMCAT_DIR}/conf/Catalina && \
    chmod g+rwx ${TOMCAT_DIR}/alf_data && \
    chmod g+rwx ${TOMCAT_DIR}/logs && \
+    chmod o-w ${TOMCAT_DIR}/logs && \
    chmod g+rwx ${TOMCAT_DIR}/temp && \
    chmod g+rwx ${TOMCAT_DIR}/work && \
+    chmod o-w ${TOMCAT_DIR}/work && \
+    chmod 664 ${TOMCAT_DIR}/alfresco-mmt/alfresco-mmt-*.jar && \
+    find /licenses -type d -exec chmod 0775 {} \; && \
+    find /licenses -type f -exec chmod 0664 {} \;

-    sed -i -e "s_log4j.appender.File.File\=alfresco.log_log4j.appender.File.File\=${TOMCAT_DIR}/logs\/alfresco.log_" \ 
-        ${TOMCAT_DIR}/webapps/alfresco/WEB-INF/classes/log4j.properties
+EXPOSE 10001

-# To remote debug into this image add: EXPOSE 8000
-# Changes are also required to the docker-compose/docker-compose.yml file.
-# EXPOSE 8000
+# For remote debug
+EXPOSE 8000

 USER ${IMAGEUSERNAME}