Change ems pod startup to non root

Change-Id: I361a99461d215ce17721647719de7d56ce89f891
Issue-ID: VFC-1637
Signed-off-by: yangyan <yangyanyj@chinamobile.com>

2 files changed, 43 insertions, 17 deletions

diff --git a/ems/microservice-standalone/src/main/assembly/docker/Dockerfile b/ems/microservice-standalone/src/main/assembly/docker/Dockerfile
index 9669dd3..f13840a 100755
--- a/ems/microservice-standalone/src/main/assembly/docker/Dockerfile
+++ b/ems/microservice-standalone/src/main/assembly/docker/Dockerfile
@@ -1,25 +1,10 @@
 FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
 ENV JAVA_HOME /usr/lib/jvm/jre
-
 ADD . /service
 WORKDIR /service
-RUN mkdir emsdriver
-
-# get binary zip from nexus
-RUN wget -q -O emsdiver-standalone.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.ems.ems&a=emsdriver-standalone&v=LATEST&e=zip' && \
-    unzip emsdiver-standalone.zip -d emsdriver && \
-    rm -rf emsdiver-standalone.zip
+RUN bash docker-env-config.sh
 
 EXPOSE 8206
-
+USER onap
 WORKDIR /service
-RUN chmod +x emsdriver/*.sh
-RUN chmod +x emsdriver/docker/*.sh
 ENTRYPOINT emsdriver/docker/docker-entrypoint.sh
diff --git a/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
new file mode 100644
index 0000000..84ab986
--- /dev/null
+++ b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+install_sf(){
+
+        sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+        sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+        yum -y update
+        yum -y install wget unzip socat java-1.8.0-openjdk-headless
+        sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+        mkdir emsdriver
+
+        # get binary zip from nexus
+        wget -q -O emsdiver-standalone.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.ems.ems&a=emsdriv
+er-standalone&v=LATEST&e=zip' && \
+            unzip emsdiver-standalone.zip -d emsdriver && \
+            rm -rf emsdiver-standalone.zip
+
+        chmod +x /service/emsdriver/*.sh
+        chmod +x /service/emsdriver/docker/*.sh
+}
+
+add_user(){
+
+        useradd onap
+        yum -y install sudo
+        chmod u+x /etc/sudoers
+        sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
+        chmod u-x /etc/sudoers
+        chown onap:onap -R /service
+}
+
+clean_sf_cache(){
+
+        yum clean all
+}
+
+install_sf
+wait
+add_user
+clean_sf_cache