From 731dc6db54f4b77606f37512006af429e791d5e4 Mon Sep 17 00:00:00 2001
From: Ethan Lynn <ethanlynnl@vmware.com>
Date: Thu, 21 Feb 2019 16:04:03 +0800
Subject: Use non-root user in docker image

Create onap user for vio plugin

Change-Id: Idaf3edcf6cb411f462bb8b7d34b091125605abae
Issue-ID: MULTICLOUD-497
Signed-off-by: Ethan Lynn <ethanlynnl@vmware.com>
---
 vio/docker/Dockerfile      | 8 ++++++--
 vio/docker/instance-run.sh | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

(limited to 'vio')

diff --git a/vio/docker/Dockerfile b/vio/docker/Dockerfile
index b5289e6..6cd1361 100644
--- a/vio/docker/Dockerfile
+++ b/vio/docker/Dockerfile
@@ -18,13 +18,17 @@ RUN apt-get update && \
     apt-get install -y wget && \
     apt-get install -y redis-server
 
+RUN groupadd -r onap && useradd -r -g onap onap
 
 RUN  cd /opt/ && \
     wget -q -O multicloud-vio.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.openstack.vmware&a=multicloud-openstack-vmware&v=1.3.0-SNAPSHOT&e=zip' && \
     unzip multicloud-vio.zip && \
     rm -rf multicloud-vio.zip && \
-    pip install -r vio/requirements.txt
+    pip install -r vio/requirements.txt && \
+    chown onap:onap -R vio/
 
+USER onap
 
 WORKDIR /opt
-ENTRYPOINT vio/docker/docker-entrypoint.sh
+# ENTRYPOINT vio/docker/docker-entrypoint.sh
+CMD ["/bin/sh", "-c", "/opt/vio/run.sh"]
diff --git a/vio/docker/instance-run.sh b/vio/docker/instance-run.sh
index 6ae160b..ca3437a 100755
--- a/vio/docker/instance-run.sh
+++ b/vio/docker/instance-run.sh
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-service redis-server start
+# service redis-server start
 
 cd ./vio
 ./run.sh
-- 
cgit