From 70325cecbc0830d5f42c64d277273134263164fb Mon Sep 17 00:00:00 2001
From: MichaelMorris <michael.morris@est.tech>
Date: Sun, 15 Mar 2020 16:59:42 +0000
Subject: Run pods as non-root user

Change-Id: Ia95d58b0dbf498c4d6295e42c1c430de6493c11b
Issue-ID: SDC-2798
Signed-off-by: MichaelMorris <michael.morris@est.tech>
---
 docker/docker_be/Dockerfile    | 14 ++++++++------
 docker/docker_be/startup.sh    |  2 +-
 docker/docker_tools/Dockerfile | 14 ++++++++------
 docker/docker_tools/startup.sh |  4 ++--
 docker/scripts/docker_run.sh   |  8 ++++----
 5 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/docker/docker_be/Dockerfile b/docker/docker_be/Dockerfile
index c9eccf6..6821956 100644
--- a/docker/docker_be/Dockerfile
+++ b/docker/docker_be/Dockerfile
@@ -1,8 +1,8 @@
-FROM onap/base_sdc-jetty:1.4.1
+FROM onap/base_sdc-jetty:1.6.0
 
-COPY chef-solo /root/chef-solo/
+COPY --chown=jetty:jetty chef-solo ${JETTY_BASE}/chef-solo/
 
-COPY chef-repo/cookbooks /root/chef-solo/cookbooks/
+COPY --chown=jetty:jetty chef-repo/cookbooks ${JETTY_BASE}/chef-solo/cookbooks/
 
 ADD --chown=jetty:jetty target/dcae.war ${JETTY_BASE}/webapps/
 
@@ -10,8 +10,10 @@ USER root
 
 RUN apk add --no-cache python
 
-COPY startup.sh /root/
+USER jetty 
 
-RUN chmod 770 /root/startup.sh
+COPY --chown=jetty:jetty startup.sh ${JETTY_BASE}/
 
-ENTRYPOINT [ "/root/startup.sh" ]
+RUN chmod 770 ${JETTY_BASE}/startup.sh
+
+ENTRYPOINT  ${JETTY_BASE}/startup.sh
diff --git a/docker/docker_be/startup.sh b/docker/docker_be/startup.sh
index 3a2814f..fc56b2c 100644
--- a/docker/docker_be/startup.sh
+++ b/docker/docker_be/startup.sh
@@ -7,7 +7,7 @@ JAVA_OPTIONS=" ${JAVA_OPTIONS} -Dconfig.home=${JETTY_BASE}/config \
                -Djavax.net.ssl.trustStorePassword=].][xgtze]hBhz*wy]}m#lf* \
                -Djetty.console-capture.dir=${JETTY_BASE}/logs"
 
-cd /root/chef-solo
+cd /var/lib/jetty/chef-solo
 chef-solo -c solo.rb -E ${ENVNAME}
 
 status=$?
diff --git a/docker/docker_tools/Dockerfile b/docker/docker_tools/Dockerfile
index d80d62b..f63a9ca 100644
--- a/docker/docker_tools/Dockerfile
+++ b/docker/docker_tools/Dockerfile
@@ -1,8 +1,8 @@
-FROM onap/base_sdc-jetty:1.4.1
+FROM onap/base_sdc-jetty:1.6.0
 
-COPY chef-solo /root/chef-solo/
+COPY --chown=jetty:jetty chef-solo ${JETTY_BASE}/chef-solo/
 
-COPY chef-repo/cookbooks /root/chef-solo/cookbooks/
+COPY --chown=jetty:jetty chef-repo/cookbooks ${JETTY_BASE}/chef-solo/cookbooks/
 
 ADD --chown=jetty:jetty target/dcaedt_tools-*.jar ${JETTY_BASE}/webapps/dcaedt_tools.jar
 
@@ -10,8 +10,10 @@ USER root
 
 RUN apk add --no-cache python
 
-COPY startup.sh /root/
+USER jetty
 
-RUN chmod 770 /root/startup.sh
+COPY --chown=jetty:jetty startup.sh ${JETTY_BASE}/
 
-ENTRYPOINT [ "/root/startup.sh" ]
+RUN chmod 770 ${JETTY_BASE}/startup.sh
+
+ENTRYPOINT ${JETTY_BASE}/startup.sh
diff --git a/docker/docker_tools/startup.sh b/docker/docker_tools/startup.sh
index 24e4347..d3422e3 100644
--- a/docker/docker_tools/startup.sh
+++ b/docker/docker_tools/startup.sh
@@ -6,7 +6,7 @@ JAVA_OPTIONS=" ${JAVA_OPTIONS} -Dconfig.home=${JETTY_BASE}/config \
                -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \
                -Djavax.net.ssl.trustStorePassword=].][xgtze]hBhz*wy]}m#lf*"
 
-cd /root/chef-solo
+cd /var/lib/jetty/chef-solo
 chef-solo -c solo.rb -E ${ENVNAME}
 
 status=$?
@@ -18,4 +18,4 @@ fi
 cd ${JETTY_BASE}/webapps
 java ${JAVA_OPTIONS} -jar dcaedt_tools.jar ../conf/environment.json ../conf/config.json
 
-exec "$@";
\ No newline at end of file
+exec "$@";
diff --git a/docker/scripts/docker_run.sh b/docker/scripts/docker_run.sh
index ceba2e4..6ee36e3 100755
--- a/docker/scripts/docker_run.sh
+++ b/docker/scripts/docker_run.sh
@@ -267,7 +267,7 @@ function dcae-be {
     if [ ${LOCAL} == false ]; then
         docker pull "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
     fi
-    docker run ${DOCKER_RUN_MODE_FG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/DCAE-BE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/root/chef-solo/environments" --publish 8444:8444 --publish 8082:8082 "${PREFIX}/${DOCKER_NAME}:${RELEASE}" /bin/sh
+    docker run ${DOCKER_RUN_MODE_FG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/DCAE-BE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/var/lib/jetty/chef-solo/environments" --publish 8444:8444 --publish 8082:8082 "${PREFIX}/${DOCKER_NAME}:${RELEASE}" /bin/sh
     command_exit_status $? ${DOCKER_NAME}
     echo "please wait while ${DOCKER_NAME^^} is starting....."
     monitor_docker ${DOCKER_NAME}
@@ -282,7 +282,7 @@ function dcae-tools {
     if [ ${LOCAL} == false ]; then
         docker pull "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
     fi
-    docker run ${DOCKER_RUN_MODE_BG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/BE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/root/chef-solo/environments"  "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
+    docker run ${DOCKER_RUN_MODE_BG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/BE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/var/lib/jetty/chef-solo/environments"  "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
     command_exit_status $? ${DOCKER_NAME}
     echo "please wait while ${DOCKER_NAME^^} is starting....."
     monitor_docker ${DOCKER_NAME}
@@ -297,7 +297,7 @@ function dcae-fe {
     if [ ${LOCAL} == false ]; then
         docker pull "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
     fi
-    docker run ${DOCKER_RUN_MODE_FG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/DCAE-FE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/root/chef-solo/environments" --publish 9444:9444 --publish 8183:8183 "${PREFIX}/${DOCKER_NAME}:${RELEASE}" /bin/sh
+    docker run ${DOCKER_RUN_MODE_FG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/DCAE-FE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/var/lib/jetty/chef-solo/environments" --publish 9444:9444 --publish 8183:8183 "${PREFIX}/${DOCKER_NAME}:${RELEASE}" /bin/sh
     command_exit_status $? ${DOCKER_NAME}
     echo "please wait while ${DOCKER_NAME^^} is starting....."
     monitor_docker ${DOCKER_NAME}
@@ -311,7 +311,7 @@ function dcae-dt {
     if [ ${LOCAL} == false ]; then
         docker pull "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
     fi
-    docker run ${DOCKER_RUN_MODE_FG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/DCAE-DT/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/root/chef-solo/environments/" --publish 9446:9446 --publish 8186:8186 "${PREFIX}/${DOCKER_NAME}:${RELEASE}" /bin/sh
+    docker run ${DOCKER_RUN_MODE_FG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" --log-driver=json-file --log-opt max-size=100m --log-opt max-file=10 --ulimit memlock=-1:-1 --ulimit nofile=4096:100000 ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/DCAE-DT/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/var/lib/jetty/chef-solo/environments/" --publish 9446:9446 --publish 8186:8186 "${PREFIX}/${DOCKER_NAME}:${RELEASE}" /bin/sh
     command_exit_status $? ${DOCKER_NAME}
     echo "please wait while ${DOCKER_NAME^^} is starting....."
     monitor_docker ${DOCKER_NAME}
-- 
cgit 1.2.3-korg