feat: update edgeport and router-one services to pre-install sngrep

fonoster · Mar 11, 2024 · d3ce633 · d3ce633
1 parent 7c1dada
commit d3ce633
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -62,19 +62,21 @@ COPY .scripts/init-postgres.sh .
 COPY mods/pgdata/schema.prisma .
 COPY mods/pgdata/migrations migrations
 
-RUN apk add --no-cache nodejs npm tini openssl postgresql postgresql-client su-exec sed \
+RUN apk add --no-cache nodejs npm tini openssl postgresql postgresql-client su-exec sed sngrep libcap \
   && mkdir -p ${PATH_TO_CERTS} /var/lib/postgresql/data /run/postgresql /root/.npm \
   && addgroup -g ${GID} ${USER} \
   && adduser --disabled-password --gecos "" --ingroup ${USER} --home ${HOME} --uid ${UID} ${USER} \
   && chown -R ${USER}:${USER} /service /etc/routr \
   && chown -R postgres:postgres /var/lib/postgresql/data /run/postgresql /root/.npm \
   && chmod +x edgeport.sh convert-to-p12.sh init-postgres.sh \
   && chmod 2777 /run/postgresql \
+  && setcap 'CAP_NET_RAW+eip' /usr/bin/sngrep \
   && export DATABASE_URL=${DATABASE_URL} && su -m postgres -c "/service/init-postgres.sh" \
   && rm -rf /var/cache/apk/* /tmp/* /services/migrations /services/schema.prisma /services/init-postgres.sh \
   && rm -rf /root/.npm /root/.config /root/.cache /root/.local \
-  && apk del npm postgresql-client
+  && apk del npm postgresql-client libcap
 
+# Re-mapping the signal from 143 to 0
 ENTRYPOINT ["tini", "-v", "-e", "143", "--"]
 
 CMD sh -c "su-exec postgres pg_ctl start -D /var/lib/postgresql/data --options='-h 0.0.0.0' && \

diff --git a/compose.dev.yaml b/compose.dev.yaml
@@ -2,7 +2,6 @@
 services:
   edgeport01:
     container_name: edgeport01
-    user: root
     build:
       context: .
       dockerfile: ./mods/edgeport/Dockerfile
@@ -19,7 +18,6 @@ services:
 
   edgeport02:
     container_name: edgeport02
-    user: root
     build:
       context: .
       dockerfile: ./mods/edgeport/Dockerfile

diff --git a/mods/edgeport/Dockerfile b/mods/edgeport/Dockerfile
@@ -42,16 +42,15 @@ COPY mods/edgeport/etc/log4j2.yaml /etc/routr/log4j2.yaml
 COPY .scripts/convert-to-p12.sh .
 COPY .scripts/generate-certs.sh .
 
-# TODO: We need to find a way to avoid hardcoding the user and group ids
-# and still be able to run the container as a non-root user
-RUN apk add --no-cache tini openssl curl sed \
+RUN apk add --no-cache tini openssl curl sed sngrep libcap \
   && curl -L -o heplify https://github.com/sipcapture/heplify/releases/download/v1.65.10/heplify \
   && chmod +x heplify \
   && chmod +x edgeport.sh convert-to-p12.sh generate-certs.sh \
   && mkdir -p ${PATH_TO_CERTS} ${PATH_TO_LOGS} \
+  && setcap 'CAP_NET_RAW+eip' /usr/bin/sngrep \
   && chown -R 1000:3000 ${PATH_TO_CERTS} ${PATH_TO_LOGS} \
   && chmod 700 ${PATH_TO_CERTS} ${PATH_TO_LOGS} \
-  && apk del curl
+  && apk del curl libcap
 
 USER 1000:3000