From 9e4332e346db651ff2fc9e12783e59dd46282354 Mon Sep 17 00:00:00 2001 From: Bin Yang Date: Wed, 20 Feb 2019 08:19:52 +0000 Subject: Run multicloud-windriver service as non root user Disable vesagent and remove the dependency on rabbitmq-server The vesagent should be maintained as a standalone microservice Change-Id: I4877c0c25c973d0dd8f8511f457fed07ca61647b Issue-ID: MULTICLOUD-493 Signed-off-by: Bin Yang --- windriver/docker/Dockerfile | 8 ++++++-- windriver/run.sh | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/windriver/docker/Dockerfile b/windriver/docker/Dockerfile index 7ec9bb73..376fa951 100644 --- a/windriver/docker/Dockerfile +++ b/windriver/docker/Dockerfile @@ -16,17 +16,21 @@ ENV AAI_PASSWORD "AAI" EXPOSE 9005 +RUN groupadd -r onap && useradd -r -g onap onap # COPY ./ /opt/windriver/ + RUN apt-get update && \ apt-get install -y memcached && \ - apt-get install -y rabbitmq-server && \ apt-get install -y unzip && \ cd /opt/ && \ wget -O multicloud-openstack-windriver.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.openstack&a=multicloud-openstack-windriver&e=zip&v=1.3.0-SNAPSHOT" && \ unzip -q -o -B multicloud-openstack-windriver.zip && \ chmod +x /opt/windriver/*.sh && \ rm -f multicloud-openstack-windriver.zip && \ - pip install -r /opt/windriver/requirements.txt + pip install -r /opt/windriver/requirements.txt && \ + chown onap:onap /opt/windriver -R + +USER onap WORKDIR /opt/windriver CMD /bin/sh -c /opt/windriver/run.sh diff --git a/windriver/run.sh b/windriver/run.sh index 5f185bdf..2d5d6e53 100644 --- a/windriver/run.sh +++ b/windriver/run.sh @@ -16,9 +16,9 @@ memcached -d -m 2048 -u root -c 1024 -p 11211 -P /tmp/memcached1.pid export PYTHONPATH=lib/share -service rabbitmq-server restart +#service rabbitmq-server restart # make sure only 1 worker due to missing the synchronization between workers now -nohup celery -A titanium_cloud worker --concurrency=1 --loglevel=info & +# nohup celery -A titanium_cloud worker --concurrency=1 --loglevel=info & #nohup python manage.py runserver 0.0.0.0:9005 2>&1 & nohup uwsgi --http :9005 --module titanium_cloud.wsgi --master --processes 4 & -- cgit 1.2.3-korg