ATLAS-5219: Docker setup update to keep containers immutable

dev-support/atlas-docker/Dockerfile.atlas

@@ -34,6 +34,10 @@ RUN tar xfz /home/atlas/dist/apache-atlas-${ATLAS_VERSION}-server.tar.gz --direc
     rm -rf ${ATLAS_HOME}/logs && \
     ln -s /var/log/atlas ${ATLAS_HOME}/logs && \
     ln -s /home/atlas/data ${ATLAS_HOME}/data && \
+    mkdir -p ${ATLAS_HOME}/server/webapp/atlas && \
+    cd ${ATLAS_HOME}/server/webapp/atlas && \
+    jar -xf ../atlas.war && \
+    rm -f ../atlas.war && \
     chown -R atlas:atlas ${ATLAS_HOME}/ /var/run/atlas/ /var/log/atlas/
 
 COPY ./scripts/hbase-site.xml ${ATLAS_HOME}/hbase/conf/

dev-support/atlas-docker/README.md

@@ -31,36 +31,56 @@ Docker files in this folder create docker images and run them to build Apache At
 3. Update environment variables in .env file, if necessary
 
 4. Execute following command to download necessary archives to setup Atlas/HDFS/HBase/Kafka services:
-   ~~~
+
+   ```shell
    chmod +x download-archives.sh
    ./download-archives.sh
-   ~~~
+   ```
+
+5. Execute following commands to set environment variables to build Apache Atlas docker containers:
 
-5.  Execute following commands to set environment variables to build Apache Atlas docker containers:
-   ~~~
+   ```shell
    export DOCKER_BUILDKIT=1
    export COMPOSE_DOCKER_CLI_BUILD=1
-   ~~~
+   ```
 
 6. Build and deploy Apache Atlas in containers using docker compose
 
-   6.1. Build atlas-base image with the following command:
-        docker compose -f docker-compose.atlas-base.yml build
+   Atlas server configuration is mounted from `config/atlas/${ATLAS_BACKEND}/atlas-application.properties`.
+   The file authentication credentials are mounted from `config/atlas/users-credentials.properties`.
+
+   1. Build atlas-base image with the following command:
+
+      ```shell
+      docker compose -f docker-compose.atlas-base.yml build
+      ```
 
-   6.2. Ensure that the `${HOME}/.m2` directory exists and execute following command to build Apache Atlas:
-        mkdir -p ${HOME}/.m2
-        docker compose -f docker-compose.atlas-build.yml up
+   2. Ensure that the `${HOME}/.m2` directory exists and execute following command to build Apache Atlas:
+
+      ```shell
+      mkdir -p ${HOME}/.m2
+      docker compose -f docker-compose.atlas-build.yml up
+      ```
 
    Time taken to complete the build might vary (upto an hour), depending on status of ${HOME}/.m2 directory cache.
 
-   6.3. To install and start Atlas using Postgres as backend store, execute following commands:
-        export ATLAS_BACKEND=postgres
-        docker compose -f docker-compose.atlas.yml up -d --wait
+   3. To install and start Atlas using Postgres as backend store, execute following commands:
+
+      ```shell
+      export ATLAS_BACKEND=postgres
+      docker compose -f docker-compose.atlas.yml -f docker-compose.atlas-postgres.yml up -d --wait
+      ```
+
+      The Postgres overlay runs `config/init_postgres.sh` as a one-shot initialization service before Atlas starts.
+      This creates the required roles, databases, and Atlas RDBMS schema.
+
+   4. To install and start Atlas using HBase as backend store, execute following commands:
 
-   6.4. To install and start Atlas using HBase as backend store, execute following commands:
-        export ATLAS_BACKEND=hbase
-        docker compose -f docker-compose.atlas.yml -f docker-compose.atlas-hadoop.yml up -d --wait
+      ```shell
+      export ATLAS_BACKEND=hbase
+      docker compose -f docker-compose.atlas.yml -f docker-compose.atlas-hadoop.yml up -d --wait
+      ```
 
-   Apache Atlas will be installed at /opt/atlas/, and logs are at /var/logs/atlas directory.
+   Apache Atlas will be installed at /opt/atlas/, and logs are at /var/log/atlas directory.
 
 7. Atlas Admin can be accessed at http://localhost:21000 (admin/atlasR0cks!)

dev-support/atlas-docker/config/atlas/hbase/atlas-application.properties

@@ -0,0 +1,91 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#########  Graph Database Configs  #########
+
+atlas.graph.storage.backend=hbase2
+atlas.graph.storage.hbase.table=apache_atlas_janus
+atlas.graph.storage.hostname=atlas-zk.example.com:2181
+atlas.graph.storage.hbase.regions-per-server=1
+atlas.graph.storage.hbase.compression-algorithm=NONE
+atlas.graph.graph.replace-instance-if-exists=true
+
+atlas.EntityAuditRepository.impl=org.apache.atlas.repository.audit.HBaseBasedAuditRepository
+atlas.audit.hbase.tablename=apache_atlas_entity_audit
+atlas.audit.zookeeper.session.timeout.ms=1000
+atlas.audit.hbase.zookeeper.quorum=atlas-zk.example.com:2181
+
+#########  Graph Search Index  #########
+
+atlas.graph.index.search.backend=solr
+atlas.graph.index.search.solr.mode=http
+atlas.graph.index.search.solr.http-urls=http://atlas-solr.example.com:8983/solr
+atlas.graph.index.search.solr.zookeeper-connect-timeout=60000
+atlas.graph.index.search.solr.zookeeper-session-timeout=60000
+atlas.graph.index.search.solr.wait-searcher=false
+atlas.graph.index.search.max-result-set-size=150
+
+#########  Notification Configs  #########
+
+atlas.notification.embedded=false
+atlas.kafka.data=${sys:atlas.home}/data/kafka
+atlas.kafka.zookeeper.connect=atlas-zk.example.com:2181
+atlas.kafka.bootstrap.servers=atlas-kafka.example.com:9092
+atlas.kafka.zookeeper.session.timeout.ms=400
+atlas.kafka.zookeeper.connection.timeout.ms=200
+atlas.kafka.zookeeper.sync.time.ms=20
+atlas.kafka.auto.commit.interval.ms=1000
+atlas.kafka.hook.group.id=atlas
+atlas.kafka.enable.auto.commit=false
+atlas.kafka.auto.offset.reset=earliest
+atlas.kafka.session.timeout.ms=30000
+atlas.kafka.offsets.topic.replication.factor=1
+atlas.kafka.poll.timeout.ms=1000
+atlas.notification.create.topics=true
+atlas.notification.replicas=1
+atlas.notification.topics=ATLAS_HOOK,ATLAS_ENTITIES
+atlas.notification.log.failed.messages=true
+atlas.notification.consumer.retry.interval=500
+atlas.notification.hook.retry.interval=1000
+
+#########  Security Properties  #########
+
+atlas.enableTLS=false
+atlas.authentication.method.kerberos=false
+atlas.authentication.method.file=true
+atlas.authentication.method.ldap.type=none
+atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties
+
+#########  Server Properties  #########
+
+atlas.rest.address=http://localhost:21000
+atlas.server.ha.enabled=false
+
+######### Atlas Authorization #########
+
+atlas.authorizer.impl=simple
+atlas.authorizer.simple.authz.policy.file=atlas-simple-authz-policy.json
+
+#########  CSRF Configs  #########
+
+atlas.rest-csrf.enabled=true
+atlas.rest-csrf.browser-useragents-regex=^Mozilla.*,^Opera.*,^Chrome.*
+atlas.rest-csrf.methods-to-ignore=GET,OPTIONS,HEAD,TRACE
+atlas.rest-csrf.custom-header=X-XSRF-HEADER
+
+######### Atlas Metric/Stats configs #########
+
+atlas.metric.query.cache.ttlInSecs=900

dev-support/atlas-docker/config/atlas/postgres/atlas-application.properties

@@ -0,0 +1,101 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#########  Graph Database Configs  #########
+
+atlas.graph.storage.backend=rdbms
+atlas.graph.storage.hbase.table=apache_atlas_janus
+atlas.graph.storage.hbase.compression-algorithm=NONE
+atlas.graph.graph.replace-instance-if-exists=true
+
+atlas.graph.storage.rdbms.jpa.hikari.driverClassName=org.postgresql.Driver
+atlas.graph.storage.rdbms.jpa.hikari.jdbcUrl=jdbc:postgresql://atlas-db/atlas
+atlas.graph.storage.rdbms.jpa.hikari.username=atlas
+atlas.graph.storage.rdbms.jpa.hikari.password=atlasR0cks!
+atlas.graph.storage.rdbms.jpa.hikari.maximumPoolSize=40
+atlas.graph.storage.rdbms.jpa.hikari.minimumIdle=5
+atlas.graph.storage.rdbms.jpa.hikari.idleTimeout=300000
+atlas.graph.storage.rdbms.jpa.hikari.connectionTestQuery=select 1
+atlas.graph.storage.rdbms.jpa.hikari.maxLifetime=1800000
+atlas.graph.storage.rdbms.jpa.hikari.connectionTimeout=30000
+atlas.graph.storage.rdbms.jpa.javax.persistence.jdbc.dialect=org.eclipse.persistence.platform.database.PostgreSQLPlatform
+
+atlas.EntityAuditRepository.impl=org.apache.atlas.repository.audit.rdbms.RdbmsBasedAuditRepository
+atlas.audit.hbase.tablename=apache_atlas_entity_audit
+atlas.audit.zookeeper.session.timeout.ms=1000
+atlas.audit.hbase.zookeeper.quorum=atlas-zk.example.com:2181
+
+#########  Graph Search Index  #########
+
+atlas.graph.index.search.backend=solr
+atlas.graph.index.search.solr.mode=http
+atlas.graph.index.search.solr.http-urls=http://atlas-solr.example.com:8983/solr
+atlas.graph.index.search.solr.zookeeper-connect-timeout=60000
+atlas.graph.index.search.solr.zookeeper-session-timeout=60000
+atlas.graph.index.search.solr.wait-searcher=false
+atlas.graph.index.search.max-result-set-size=150
+
+#########  Notification Configs  #########
+
+atlas.notification.embedded=false
+atlas.kafka.data=${sys:atlas.home}/data/kafka
+atlas.kafka.zookeeper.connect=atlas-zk.example.com:2181
+atlas.kafka.bootstrap.servers=atlas-kafka.example.com:9092
+atlas.kafka.zookeeper.session.timeout.ms=400
+atlas.kafka.zookeeper.connection.timeout.ms=200
+atlas.kafka.zookeeper.sync.time.ms=20
+atlas.kafka.auto.commit.interval.ms=1000
+atlas.kafka.hook.group.id=atlas
+atlas.kafka.enable.auto.commit=false
+atlas.kafka.auto.offset.reset=earliest
+atlas.kafka.session.timeout.ms=30000
+atlas.kafka.offsets.topic.replication.factor=1
+atlas.kafka.poll.timeout.ms=1000
+atlas.notification.create.topics=true
+atlas.notification.replicas=1
+atlas.notification.topics=ATLAS_HOOK,ATLAS_ENTITIES
+atlas.notification.log.failed.messages=true
+atlas.notification.consumer.retry.interval=500
+atlas.notification.hook.retry.interval=1000
+
+#########  Security Properties  #########
+
+atlas.enableTLS=false
+atlas.authentication.method.kerberos=false
+atlas.authentication.method.file=true
+atlas.authentication.method.ldap.type=none
+atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties
+
+#########  Server Properties  #########
+
+atlas.rest.address=http://localhost:21000
+atlas.server.ha.enabled=false
+
+######### Atlas Authorization #########
+
+atlas.authorizer.impl=simple
+atlas.authorizer.simple.authz.policy.file=atlas-simple-authz-policy.json
+
+#########  CSRF Configs  #########
+
+atlas.rest-csrf.enabled=true
+atlas.rest-csrf.browser-useragents-regex=^Mozilla.*,^Opera.*,^Chrome.*
+atlas.rest-csrf.methods-to-ignore=GET,OPTIONS,HEAD,TRACE
+atlas.rest-csrf.custom-header=X-XSRF-HEADER
+
+######### Atlas Metric/Stats configs #########
+
+atlas.metric.query.cache.ttlInSecs=900

dev-support/atlas-docker/Dockerfile.atlas-db → dev-support/atlas-docker/config/atlas/users-credentials.properties

@@ -14,11 +14,5 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM postgres:13.21
-
-# Copy DB init script
-USER 0
-RUN  mkdir -p /docker-entrypoint-initdb.d
-COPY config/init_postgres.sh /docker-entrypoint-initdb.d/
-RUN chown -R postgres:postgres /docker-entrypoint-initdb.d/
-ENV POSTGRES_PASSWORD=atlasR0cks!
+# username=group::sha256-password
+admin=ADMIN::bad2e629a8d93dddfd6cf4c6e04f02035e0ec146f22a8ba1f6b8252a2634107a