From 38e175fa6762c27b85df450002e6458d9b0a41d6 Mon Sep 17 00:00:00 2001
From: "Timoney, Dan (dt5972)" <dtimoney@att.com>
Date: Thu, 21 Feb 2019 14:57:34 -0500
Subject: Run CCSDK dockers as non-root

Update CCSDK docker images to run as non-root user by default

Change-Id: Ia07c433a0e6f041d6684f24b765f4c1733b51162
Issue-ID: CCSDK-1099
Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
---
 ansible-server/src/main/Dockerfile | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'ansible-server/src')

diff --git a/ansible-server/src/main/Dockerfile b/ansible-server/src/main/Dockerfile
index 4a9c4147..7ad66d30 100644
--- a/ansible-server/src/main/Dockerfile
+++ b/ansible-server/src/main/Dockerfile
@@ -19,12 +19,19 @@ RUN apk add --no-cache curl \
     pip install --no-cache-dir -r ansible-server/requirements.txt &&\
     apk del .build-deps
 
-COPY ansible-server ansible-server
-COPY configuration/ansible.cfg /etc/ansible/ansible.cfg
+RUN addgroup -S ansible && adduser -S ansible -G ansible
+COPY --chown=ansible:ansible ansible-server ansible-server
+COPY --chown=ansible:ansible configuration/ansible.cfg /etc/ansible/ansible.cfg
+
 
 WORKDIR /opt/ansible-server
 
 RUN mkdir /opt/onap ; ln -s /opt/ansible-server /opt/onap/ccsdk
+RUN echo > /var/log/ansible-server.log
+RUN chown ansible:ansible /var/log/ansible-server.log
+
+USER ansible:ansible
+
 
 EXPOSE 8000
 
-- 
cgit 1.2.3-korg