summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoryangyan <yangyanyj@chinamobile.com>2020-03-06 10:49:46 +0800
committeryangyan <yangyanyj@chinamobile.com>2020-03-06 10:50:04 +0800
commit45841231f18ab3ee1e2e12a516a6823bb3a6e0f6 (patch)
tree8bdadeafd5d118475909c5e14ad64654d8b3d5c7
parentf7fa0ad4ea341b198b038c8bac1a4ee19a367f99 (diff)
Remove sudo capability for onap user for VF-C svnfm-nokiav2 docker
Change-Id: Ic3229e4363ce8bcfaf3f6620b83bb6222d1fc70c Issue-ID: VFC-1640 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
-rwxr-xr-xnokiav2/deployment/Dockerfile2
-rwxr-xr-xnokiav2/deployment/Dockerfile.verify2
2 files changed, 4 insertions, 0 deletions
diff --git a/nokiav2/deployment/Dockerfile b/nokiav2/deployment/Dockerfile
index 107327d2..3a05f106 100755
--- a/nokiav2/deployment/Dockerfile
+++ b/nokiav2/deployment/Dockerfile
@@ -15,6 +15,8 @@ COPY pom.xml pom.xml
RUN VERSION=`echo -e "setns x=http://maven.apache.org/POM/4.0.0 \n xpath /x:project/x:version/text() "| xmllint --shell pom.xml | grep content | sed 's/.*content=//'| sed 's/-SNAPSHOT//'` ; echo "Version $VERSION mode=$MODE"; wget -q -O driver.war "https://nexus.onap.org/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.vfc.nfvo.driver.vnfm.svnfm.nokiav2&a=driverwar&v=${VERSION}${MODE}&e=war"
#Can be used for local builds instead of the previous line
#COPY driver.war .
+RUN useradd onap && chown onap:onap -R /service && chmod g+s /service && setfacl -d --set u:onap:rwx /service
+USER onap
ENV JAVA_HOME /usr/lib/jvm/jre
EXPOSE 8089
ENTRYPOINT /service/docker-entrypoint.sh
diff --git a/nokiav2/deployment/Dockerfile.verify b/nokiav2/deployment/Dockerfile.verify
index 107327d2..3a05f106 100755
--- a/nokiav2/deployment/Dockerfile.verify
+++ b/nokiav2/deployment/Dockerfile.verify
@@ -15,6 +15,8 @@ COPY pom.xml pom.xml
RUN VERSION=`echo -e "setns x=http://maven.apache.org/POM/4.0.0 \n xpath /x:project/x:version/text() "| xmllint --shell pom.xml | grep content | sed 's/.*content=//'| sed 's/-SNAPSHOT//'` ; echo "Version $VERSION mode=$MODE"; wget -q -O driver.war "https://nexus.onap.org/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.vfc.nfvo.driver.vnfm.svnfm.nokiav2&a=driverwar&v=${VERSION}${MODE}&e=war"
#Can be used for local builds instead of the previous line
#COPY driver.war .
+RUN useradd onap && chown onap:onap -R /service && chmod g+s /service && setfacl -d --set u:onap:rwx /service
+USER onap
ENV JAVA_HOME /usr/lib/jvm/jre
EXPOSE 8089
ENTRYPOINT /service/docker-entrypoint.sh