FW: [ONAP] [Integration] Java11 ONAP docker

Amy Zwarico



From: DRAGOSH, PAM <pdragosh@...>
Sent: Tuesday, January 7, 2020 6:35 AM
To: LEFEVRE, CATHERINE <catherine.lefevre@...>; ATT ONAP_PTL <ATT_ONAP_PTL@...>
Subject: Re: [ONAP] [Integration] Java11 ONAP docker




Please note that openjdk:11-slim is based off of debian:buster-slim.


Does that matter for our projects? I’m not sure yet for policy.






From: "LEFEVRE, CATHERINE" <catherine.lefevre@...>
Date: Tuesday, January 7, 2020 at 5:33 AM
Subject: FW: [ONAP] [Integration] Java11 ONAP docker


Dear Team,


Please find the workaround that Morgan has created to provide Java 11 while LF IT is working on IT-18325





From: onap-discuss@... <onap-discuss@...> On Behalf Of Morgan Richomme via Lists.Onap.Org
Sent: Tuesday, January 7, 2020 11:13 AM
To: DRAGOSH, PAM <pdragosh@...>; ZWARICO, AMY <az9121@...>
Cc: jwagantall@...; onap-discuss@...; DESBUREAUX Sylvain TGI/OLN <sylvain.desbureaux@...>
Subject: [onap-discuss] [ONAP] [Integration] Java11 ONAP docker


Hi Amy and Pam


as discussed during the PTL meeting yesterday, I generated a dockerfile for java11.


For the moment I do everything in gitlab.com as I do not have the repositories in ONAP.

One of the advantages is that we automatically leverage all the built-in features of gitlab.com (it will take time to do the same from LF repos)

- registry: docker built automatically and available in registry.gitlab.com/onap-integration/docker/onap-java:latest

- CI including several addons such as container_scanning (with klar '2.4.0' and clair 'v2.1.2') or licence verification https://gitlab.com/onap-integration/docker/onap-java/pipelines/107470068

- security scan results: https://gitlab.com/onap-integration/docker/onap-java/security/dashboard/?project_id=15652149&scope=dismissed&page=1&days=90 - 46 vulnearbilities found linked to Debian vulnerabilities which is used by openjdk to build their image (1 high (CVE-2019-18224 in libidn2)  , 4 medium, 41 low).


the docker itself is very basic

I started from openjdk11 official slim images (1 layer, 215Mo (compressed))

I added a onap group and an onap user

I created two env variables:


- JAVA_OPTS="-Xms256m -Xmx1g"

so it is possible through env variables to overwrite these values.

I assume that the jar file is put in /opt/onap/app.jar

and I set the entry point as java $JAVA_SEC_OPTS $JAVA_OPTS -jar /opt/$user/app.jar


so if you create your docker from this docker, you in theory needs to copy your jar and it should be OK...to be tested


Any comments/modifications/suggestions on the Dockerfile welcome

The gitlab.com project is under Apache v2 licence and fully Open Source

If you wand to be added as member of the gitlab.com project, do not hesitate.



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Join onap-seccom@lists.onap.org to automatically receive all group messages.