From 6eedde85e963dee1e12c1199c9e94300bb827318 Mon Sep 17 00:00:00 2001 From: Haibin Huang Date: Tue, 26 Feb 2019 09:05:13 +0800 Subject: Run Ocata plugin as non root user Change-Id: Ia4e201ee586cc62f1ea2f5f38d4001acc7ccc0b5 Issue-ID: MULTICLOUD-500 Signed-off-by: Haibin Huang --- ocata/docker/Dockerfile | 7 ++++++- ocata/run.sh | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ocata/docker/Dockerfile b/ocata/docker/Dockerfile index e6525335..bff5706a 100644 --- a/ocata/docker/Dockerfile +++ b/ocata/docker/Dockerfile @@ -31,13 +31,18 @@ ENV AAI_PASSWORD "AAI" EXPOSE 9006 +RUN groupadd -r onap && useradd -r -g onap onap + WORKDIR /opt/ocata -RUN apt-get update && apt-get install -y memcached unzip rabbitmq-server +RUN apt-get update && apt-get install -y memcached unzip RUN wget -O /opt/multicloud-openstack-ocata.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.openstack&a=multicloud-openstack-ocata&e=zip&v=1.3.0-SNAPSHOT" && \ unzip -q -o -B /opt/multicloud-openstack-ocata.zip -d /opt/ && \ rm -f /opt/multicloud-openstack-ocata.zip RUN mkdir -p /var/log/onap/multicloud/openstack/ocata/ #COPY ./ . RUN pip install -r requirements.txt +RUN chown onap:onap /opt/ocata -R + +USER onap CMD "/opt/ocata/run.sh" diff --git a/ocata/run.sh b/ocata/run.sh index ecca9860..a66a1e98 100755 --- a/ocata/run.sh +++ b/ocata/run.sh @@ -16,8 +16,8 @@ memcached -d -m 2048 -u root -c 1024 -p 11211 -P /tmp/memcached1.pid export PYTHONPATH=lib/share -service rabbitmq-server restart +#service rabbitmq-server restart # make sure only 1 worker due to missing the synchronization between workers now -nohup celery -A ocata worker --concurrency=1 --loglevel=info & +#nohup celery -A ocata worker --concurrency=1 --loglevel=info & uwsgi --http :9006 --module ocata.wsgi --master --processes 4 -- cgit 1.2.3-korg