From 589c772e14412c7a81a4a3c47c4b84cb7fbb2dd3 Mon Sep 17 00:00:00 2001 From: yangyan Date: Thu, 5 Mar 2020 11:05:38 +0800 Subject: Remove sudo capability for onap user for VF-C svnfm of huawei docker Change-Id: I5837780f7ef6603f38763349f2a5d70c1247f02f Issue-ID: VFC-1640 Signed-off-by: yangyan --- .../VnfmadapterService/docker/docker-entrypoint.sh | 2 +- .../VnfmadapterService/docker/docker-env-config.sh | 43 ++++++++++++++-------- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/huawei/vnfmadapter/VnfmadapterService/docker/docker-entrypoint.sh b/huawei/vnfmadapter/VnfmadapterService/docker/docker-entrypoint.sh index c613b348..e61bbd19 100755 --- a/huawei/vnfmadapter/VnfmadapterService/docker/docker-entrypoint.sh +++ b/huawei/vnfmadapter/VnfmadapterService/docker/docker-entrypoint.sh @@ -47,7 +47,7 @@ echo ./instance-config.sh # Start mysql -su mysql -c /usr/bin/mysqld_safe & +/usr/bin/mysqld_safe & # Perform one-time config if [ ! -e init.log ]; then diff --git a/huawei/vnfmadapter/VnfmadapterService/docker/docker-env-config.sh b/huawei/vnfmadapter/VnfmadapterService/docker/docker-env-config.sh index 97b17415..94d71f2a 100644 --- a/huawei/vnfmadapter/VnfmadapterService/docker/docker-env-config.sh +++ b/huawei/vnfmadapter/VnfmadapterService/docker/docker-env-config.sh @@ -1,6 +1,10 @@ #!/bin/bash +add_user(){ + + useradd onap +} -install_sf(){ +set_up_mysql_jdk(){ sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo @@ -15,7 +19,19 @@ install_sf(){ rm -f mysql-community-release-el7-5.noarch.rpm yum -y update yum -y install mysql-server - mysql_install_db --user=mysql --datadir=/var/lib/mysql + mysql_install_db --user=onap --datadir=/var/lib/mysql + chown onap:onap -R /var/run/mysqld + chmod g+s /var/run/mysqld + setfacl -d --set u:onap:rwx /var/run/mysqld + chown onap:onap /var/log/mysqld.log + chmod g+s /var/log/mysqld.log + chown onap:onap -R /var/lib/mysql-files + chmod g+s /var/lib/mysql-files + setfacl -d --set u:onap:rwx /var/lib/mysql-files + chown onap:onap /etc/my.cnf +} + +set_up_tomcat(){ # Set up tomcat wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \ @@ -23,34 +39,31 @@ install_sf(){ rm -f apache-tomcat-8.5.30.tar.gz && \ rm -rf webapps && \ mkdir -p webapps/ROOT - echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh + echo 'export CATALINA_OPTS="$CATALINA_OPTS -Xms64m -Xmx256m -XX:MaxPermSize=64m"' > /service/bin/setenv.sh # Set up microservice - wget -q -O nfvo-driver-vnfm-huawei.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.vnfm.svnfm.huawei.vnfmadapter&a=hw-vnfmadapter-deployment&v=${PKG_VERSION}-SNAPSHOT&e=zip" && \ + wget -q -O nfvo-driver-vnfm-huawei.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.vnfm.svnfm.huawei.vnfmadapter&a=hw-vnfmadapter-deployment&v=${PKG_VERSION}-SNAPSHOT&e=zip" && \ unzip -q -o -B nfvo-driver-vnfm-huawei.zip && \ rm -f nfvo-driver-vnfm-huawei.zip # Set permissions find . -type d -exec chmod o-w {} \; find . -name "*.sh" -exec chmod +x {} \; -} - -add_user(){ - - useradd onap - yum -y install sudo - chmod u+x /etc/sudoers - sed -i '/Same thing without a password/a\onap ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers - chmod u-x /etc/sudoers + chown onap:onap -R /service + chmod g+s /service + setfacl -d --set u:onap:rwx /service } + clean_sf_cache(){ yum clean all } -install_sf -wait add_user +set_up_mysql_jdk +wait +set_up_tomcat +wait clean_sf_cache -- cgit 1.2.3-korg