aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvrvarma <vikas.varma@att.com>2020-03-05 11:13:48 -0500
committervrvarma <vikas.varma@att.com>2020-03-05 11:13:58 -0500
commitbcc32d6305104ecfd054f8223fc4d667319590a5 (patch)
tree1e377964e3e5711115fb680bb9b0dd3df9d03a3f
parentbb21f15fa12db8ebb39c3aadd8a0a34aa7fa1b01 (diff)
making cmso pods run as non-root user
Change-Id: I0cd576964077038790b302d38e48c52da2867546 Signed-off-by: vrvarma <vikas.varma@att.com> Issue-ID: OPTFRA-711
-rw-r--r--cmso-database/src/main/docker/Dockerfile8
-rw-r--r--cmso-optimizer/src/main/docker/Dockerfile7
-rw-r--r--cmso-service/src/main/docker/Dockerfile8
-rw-r--r--cmso-ticketmgt/src/main/docker/Dockerfile8
-rw-r--r--cmso-topology/src/main/docker/Dockerfile8
5 files changed, 34 insertions, 5 deletions
diff --git a/cmso-database/src/main/docker/Dockerfile b/cmso-database/src/main/docker/Dockerfile
index 35fb4cc..8c4074c 100644
--- a/cmso-database/src/main/docker/Dockerfile
+++ b/cmso-database/src/main/docker/Dockerfile
@@ -17,15 +17,21 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
apt-get install -y openjdk-11-jre-headless && \
apt-get install -y curl
+RUN groupadd onap \
+ && useradd -m -g onap onap
+
COPY onap-cmso/docker-liquibase.jar ${APP_HOME}/app.jar
COPY onap-cmso/startService.sh ${APP_HOME}/startService.sh
RUN chmod 700 ${APP_HOME}/startService.sh && \
ln -s /share/etc ${APP_HOME}/etc && \
- ln -s /share/logs ${APP_HOME}/logs
+ ln -s /share/logs ${APP_HOME}/logs && \
+ chown -R onap:onap ${APP_HOME}
VOLUME /share/etc
VOLUME /share/logs
+USER onap
+
WORKDIR ${APP_HOME}
ENTRYPOINT ./startService.sh
diff --git a/cmso-optimizer/src/main/docker/Dockerfile b/cmso-optimizer/src/main/docker/Dockerfile
index 76e18c8..b5a5477 100644
--- a/cmso-optimizer/src/main/docker/Dockerfile
+++ b/cmso-optimizer/src/main/docker/Dockerfile
@@ -30,6 +30,8 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
rm mz.tgz && \
echo PATH=/mz-dist:$PATH >> ~/.bashrc
+RUN groupadd onap \
+ && useradd -m -g onap onap
COPY onap-cmso-optimizer/cmso-optimizer.jar ${APP_HOME}/app.jar
@@ -44,7 +46,10 @@ COPY onap-cmso-optimizer/scripts ${APP_HOME}/scripts
RUN chmod 700 ${APP_HOME}/startService.sh && \
ln -s /share/etc ${APP_HOME}/etc && \
ln -s /share/logs ${APP_HOME}/logs && \
- ln -s /share/debug-logs ${APP_HOME}/debug-logs
+ ln -s /share/debug-logs ${APP_HOME}/debug-logs && \
+ chown -R onap:onap ${APP_HOME}
+
+USER onap
WORKDIR ${APP_HOME}
ENTRYPOINT ./startService.sh
diff --git a/cmso-service/src/main/docker/Dockerfile b/cmso-service/src/main/docker/Dockerfile
index 3ed56ef..e46cdeb 100644
--- a/cmso-service/src/main/docker/Dockerfile
+++ b/cmso-service/src/main/docker/Dockerfile
@@ -16,6 +16,9 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
apt-get install -y openjdk-11-jre-headless && \
apt-get install -y curl
+RUN groupadd onap \
+ && useradd -m -g onap onap
+
COPY onap-cmso/cmso-service.jar ${APP_HOME}/app.jar
VOLUME /share/etc
@@ -28,7 +31,10 @@ COPY onap-cmso/data ${APP_HOME}/data
RUN chmod 700 ${APP_HOME}/startService.sh && \
ln -s /share/etc ${APP_HOME}/etc && \
ln -s /share/logs ${APP_HOME}/logs && \
- ln -s /share/debug-logs ${APP_HOME}/debug-logs
+ ln -s /share/debug-logs ${APP_HOME}/debug-logs && \
+ chown -R onap:onap ${APP_HOME}
+
+USER onap
WORKDIR ${APP_HOME}
ENTRYPOINT ./startService.sh
diff --git a/cmso-ticketmgt/src/main/docker/Dockerfile b/cmso-ticketmgt/src/main/docker/Dockerfile
index 86f04dd..b846a9c 100644
--- a/cmso-ticketmgt/src/main/docker/Dockerfile
+++ b/cmso-ticketmgt/src/main/docker/Dockerfile
@@ -17,6 +17,9 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
apt-get install -y openjdk-11-jre-headless && \
apt-get install -y curl
+RUN groupadd onap \
+ && useradd -m -g onap onap
+
COPY onap-cmso-tm/cmso-ticketmgt.jar ${APP_HOME}/app.jar
VOLUME /share/etc
@@ -29,7 +32,10 @@ COPY onap-cmso-tm/data ${APP_HOME}/data
RUN chmod 700 ${APP_HOME}/startService.sh && \
ln -s /share/etc ${APP_HOME}/etc && \
ln -s /share/logs ${APP_HOME}/logs && \
- ln -s /share/debug-logs ${APP_HOME}/debug-logs
+ ln -s /share/debug-logs ${APP_HOME}/debug-logs && \
+ chown -R onap:onap ${APP_HOME}
+
+USER onap
WORKDIR ${APP_HOME}
ENTRYPOINT ./startService.sh
diff --git a/cmso-topology/src/main/docker/Dockerfile b/cmso-topology/src/main/docker/Dockerfile
index a3ac680..015a794 100644
--- a/cmso-topology/src/main/docker/Dockerfile
+++ b/cmso-topology/src/main/docker/Dockerfile
@@ -17,6 +17,9 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et
apt-get install -y openjdk-11-jre-headless && \
apt-get install -y curl
+RUN groupadd onap \
+ && useradd -m -g onap onap
+
COPY onap-cmso-topology/cmso-topology.jar ${APP_HOME}/app.jar
VOLUME /share/etc
@@ -29,7 +32,10 @@ COPY onap-cmso-topology/data ${APP_HOME}/data
RUN chmod 700 ${APP_HOME}/startService.sh && \
ln -s /share/etc ${APP_HOME}/etc && \
ln -s /share/logs ${APP_HOME}/logs && \
- ln -s /share/debug-logs ${APP_HOME}/debug-logs
+ ln -s /share/debug-logs ${APP_HOME}/debug-logs && \
+ chown -R onap:onap ${APP_HOME}
+
+USER onap
WORKDIR ${APP_HOME}
ENTRYPOINT ./startService.sh