From bcc32d6305104ecfd054f8223fc4d667319590a5 Mon Sep 17 00:00:00 2001 From: vrvarma Date: Thu, 5 Mar 2020 11:13:48 -0500 Subject: making cmso pods run as non-root user Change-Id: I0cd576964077038790b302d38e48c52da2867546 Signed-off-by: vrvarma Issue-ID: OPTFRA-711 --- cmso-database/src/main/docker/Dockerfile | 8 +++++++- cmso-optimizer/src/main/docker/Dockerfile | 7 ++++++- cmso-service/src/main/docker/Dockerfile | 8 +++++++- cmso-ticketmgt/src/main/docker/Dockerfile | 8 +++++++- cmso-topology/src/main/docker/Dockerfile | 8 +++++++- 5 files changed, 34 insertions(+), 5 deletions(-) diff --git a/cmso-database/src/main/docker/Dockerfile b/cmso-database/src/main/docker/Dockerfile index 35fb4cc..8c4074c 100644 --- a/cmso-database/src/main/docker/Dockerfile +++ b/cmso-database/src/main/docker/Dockerfile @@ -17,15 +17,21 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et apt-get install -y openjdk-11-jre-headless && \ apt-get install -y curl +RUN groupadd onap \ + && useradd -m -g onap onap + COPY onap-cmso/docker-liquibase.jar ${APP_HOME}/app.jar COPY onap-cmso/startService.sh ${APP_HOME}/startService.sh RUN chmod 700 ${APP_HOME}/startService.sh && \ ln -s /share/etc ${APP_HOME}/etc && \ - ln -s /share/logs ${APP_HOME}/logs + ln -s /share/logs ${APP_HOME}/logs && \ + chown -R onap:onap ${APP_HOME} VOLUME /share/etc VOLUME /share/logs +USER onap + WORKDIR ${APP_HOME} ENTRYPOINT ./startService.sh diff --git a/cmso-optimizer/src/main/docker/Dockerfile b/cmso-optimizer/src/main/docker/Dockerfile index 76e18c8..b5a5477 100644 --- a/cmso-optimizer/src/main/docker/Dockerfile +++ b/cmso-optimizer/src/main/docker/Dockerfile @@ -30,6 +30,8 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et rm mz.tgz && \ echo PATH=/mz-dist:$PATH >> ~/.bashrc +RUN groupadd onap \ + && useradd -m -g onap onap COPY onap-cmso-optimizer/cmso-optimizer.jar ${APP_HOME}/app.jar @@ -44,7 +46,10 @@ COPY onap-cmso-optimizer/scripts ${APP_HOME}/scripts RUN chmod 700 ${APP_HOME}/startService.sh && \ ln -s /share/etc ${APP_HOME}/etc && \ ln -s /share/logs ${APP_HOME}/logs && \ - ln -s /share/debug-logs ${APP_HOME}/debug-logs + ln -s /share/debug-logs ${APP_HOME}/debug-logs && \ + chown -R onap:onap ${APP_HOME} + +USER onap WORKDIR ${APP_HOME} ENTRYPOINT ./startService.sh diff --git a/cmso-service/src/main/docker/Dockerfile b/cmso-service/src/main/docker/Dockerfile index 3ed56ef..e46cdeb 100644 --- a/cmso-service/src/main/docker/Dockerfile +++ b/cmso-service/src/main/docker/Dockerfile @@ -16,6 +16,9 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et apt-get install -y openjdk-11-jre-headless && \ apt-get install -y curl +RUN groupadd onap \ + && useradd -m -g onap onap + COPY onap-cmso/cmso-service.jar ${APP_HOME}/app.jar VOLUME /share/etc @@ -28,7 +31,10 @@ COPY onap-cmso/data ${APP_HOME}/data RUN chmod 700 ${APP_HOME}/startService.sh && \ ln -s /share/etc ${APP_HOME}/etc && \ ln -s /share/logs ${APP_HOME}/logs && \ - ln -s /share/debug-logs ${APP_HOME}/debug-logs + ln -s /share/debug-logs ${APP_HOME}/debug-logs && \ + chown -R onap:onap ${APP_HOME} + +USER onap WORKDIR ${APP_HOME} ENTRYPOINT ./startService.sh diff --git a/cmso-ticketmgt/src/main/docker/Dockerfile b/cmso-ticketmgt/src/main/docker/Dockerfile index 86f04dd..b846a9c 100644 --- a/cmso-ticketmgt/src/main/docker/Dockerfile +++ b/cmso-ticketmgt/src/main/docker/Dockerfile @@ -17,6 +17,9 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et apt-get install -y openjdk-11-jre-headless && \ apt-get install -y curl +RUN groupadd onap \ + && useradd -m -g onap onap + COPY onap-cmso-tm/cmso-ticketmgt.jar ${APP_HOME}/app.jar VOLUME /share/etc @@ -29,7 +32,10 @@ COPY onap-cmso-tm/data ${APP_HOME}/data RUN chmod 700 ${APP_HOME}/startService.sh && \ ln -s /share/etc ${APP_HOME}/etc && \ ln -s /share/logs ${APP_HOME}/logs && \ - ln -s /share/debug-logs ${APP_HOME}/debug-logs + ln -s /share/debug-logs ${APP_HOME}/debug-logs && \ + chown -R onap:onap ${APP_HOME} + +USER onap WORKDIR ${APP_HOME} ENTRYPOINT ./startService.sh diff --git a/cmso-topology/src/main/docker/Dockerfile b/cmso-topology/src/main/docker/Dockerfile index a3ac680..015a794 100644 --- a/cmso-topology/src/main/docker/Dockerfile +++ b/cmso-topology/src/main/docker/Dockerfile @@ -17,6 +17,9 @@ RUN test -n "$http_proxy" && echo "Acquire::Proxy \"http://$http_proxy\";" > /et apt-get install -y openjdk-11-jre-headless && \ apt-get install -y curl +RUN groupadd onap \ + && useradd -m -g onap onap + COPY onap-cmso-topology/cmso-topology.jar ${APP_HOME}/app.jar VOLUME /share/etc @@ -29,7 +32,10 @@ COPY onap-cmso-topology/data ${APP_HOME}/data RUN chmod 700 ${APP_HOME}/startService.sh && \ ln -s /share/etc ${APP_HOME}/etc && \ ln -s /share/logs ${APP_HOME}/logs && \ - ln -s /share/debug-logs ${APP_HOME}/debug-logs + ln -s /share/debug-logs ${APP_HOME}/debug-logs && \ + chown -R onap:onap ${APP_HOME} + +USER onap WORKDIR ${APP_HOME} ENTRYPOINT ./startService.sh -- cgit 1.2.3-korg