diff options
| author |   ChrisC <christophe.closset@intl.att.com> | 2020-03-17 14:23:42 +0100 |
|---|---|---|
| committer | ChrisC <christophe.closset@intl.att.com> | 2020-03-24 13:37:37 +0100 |
| commit | 48bcfb9d4b03ac3e2e6915f7bdf72599c8794d43 (patch) | |
| tree | f0d2d8d6946ea76d6f54533538dff131c8a70cef /auth/auth-cass/docker | |
| parent | 083a7eb21620467ae1f7d5ba9341e12f75f9cc41 (diff) | |
AAF non-root
update AAF service dockerfiles to run as user AAF, reusing existing script infra
Issue-ID: AAF-1102
Signed-off-by: ChrisC <christophe.closset@intl.att.com>, JulienBe <jb3179x@att.com>
Change-Id: I2d9feef65a98d4545e407825533cd1741f891b45
Diffstat (limited to 'auth/auth-cass/docker')
| -rw-r--r-- | auth/auth-cass/docker/Dockerfile.cass | 13 | ||||
| -rw-r--r-- | auth/auth-cass/docker/dbuild.sh | 4 | ||||
| -rw-r--r-- | auth/auth-cass/docker/dcqlsh.sh | 2 |
3 files changed, 12 insertions, 7 deletions
diff --git a/auth/auth-cass/docker/Dockerfile.cass b/auth/auth-cass/docker/Dockerfile.cass index 0f12d8c8..5d9c3db9 100644 --- a/auth/auth-cass/docker/Dockerfile.cass +++ b/auth/auth-cass/docker/Dockerfile.cass @@ -32,11 +32,16 @@ COPY aaf-auth-batch-*-full.jar /opt/app/aaf/cass_init/ COPY cass_data/*.dat /opt/app/aaf/cass_init/dats/ COPY sample.identities.dat /opt/app/aaf/cass_init/data/identites.dat -RUN mkdir -p /opt/app/aaf/status && chmod 777 /opt/app/aaf/status && \ - addgroup ${USER} && adduser --no-create-home --ingroup ${USER} --disabled-password --gecos "" --shell /bin/bash ${USER} && \ - chown -R ${USER}:${USER} /opt/app/aaf/cass_init - +RUN mkdir -p /opt/app/aaf/status &&\ + chmod 777 /opt/app/aaf/status && \ + addgroup ${DUSER} && adduser --ingroup cassandra --disabled-password --gecos "" --shell /bin/bash ${DUSER} && \ + chown -R ${DUSER}:cassandra /opt/app/aaf/cass_init &&\ + chown -R ${DUSER}:cassandra /etc/cassandra &&\ + mkdir -p /var/lib/cassandra/data && chown -R ${DUSER}:cassandra /var/lib/cassandra &&\ + chown -R ${DUSER}:cassandra /var/log/cassandra &&\ + ln -s /opt/app/aaf/cass_init/cmd.sh /aaf_cmd && chmod a+x /aaf_cmd +USER ${DUSER} ENTRYPOINT ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh"] CMD ["start"] # Default is to start up with CQL setup only diff --git a/auth/auth-cass/docker/dbuild.sh b/auth/auth-cass/docker/dbuild.sh index 7e2ac7c5..6a1ae1c1 100644 --- a/auth/auth-cass/docker/dbuild.sh +++ b/auth/auth-cass/docker/dbuild.sh @@ -25,7 +25,7 @@ if [ -e ../../docker/d.props ]; then . ../../docker/d.props fi DOCKER=${DOCKER:-docker} - + function SCP() { SANS=${1/-SNAPSHOT/} echo $1 = $SANS @@ -52,7 +52,7 @@ echo "$0: DOCKER_PULL_REGISTRY=${DOCKER_REGISTRY}" DIR=$(pwd) cd .. sed -e 's/${AAF_VERSION}/'${VERSION/-SNAPSHOT/}'/g' \ - -e 's/${USER}/'${USER}'/g' \ + -e 's/${DUSER}/'${DUSER}'/g' \ -e 's/${REGISTRY}/'${DOCKER_PULL_REGISTRY}'/g' \ $DIR/Dockerfile.cass > Dockerfile cd .. diff --git a/auth/auth-cass/docker/dcqlsh.sh b/auth/auth-cass/docker/dcqlsh.sh index 2518eb90..c8708d75 100644 --- a/auth/auth-cass/docker/dcqlsh.sh +++ b/auth/auth-cass/docker/dcqlsh.sh @@ -22,5 +22,5 @@ if [ -e ../../docker/d.props ]; then . ../../docker/d.props fi -${DOCKER:=docker} exec -it aaf-cass /usr/bin/cqlsh -k authz +${DOCKER:=docker} exec -it aaf-cass ${CQLSH:=/usr/bin/cqlsh} -k authz |