summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoryangyan <yangyanyj@chinamobile.com>2020-03-04 10:53:49 +0800
committeryangyan <yangyanyj@chinamobile.com>2020-03-04 10:54:05 +0800
commit49cf6c962e524260c3a11dd0456a6ff1c26721a9 (patch)
tree5839fba77aa3a735debe0ad2828974b8ff4b8dcc
parentbc470293e272cfe9381f42b162eea7cfc9f90f23 (diff)
Change wfengigne pod startup to non root
Change-Id: I15295be19b31d5ca8b757d171cc6afc4dca1e72e Issue-ID: VFC-1637 Signed-off-by: yangyan <yangyanyj@chinamobile.com>
Diffstat
-rw-r--r--activiti-extension/src/main/docker/Dockerfile17
-rw-r--r--wfenginemgrservice/src/main/docker/Dockerfile14
2 files changed, 20 insertions, 11 deletions
diff --git a/activiti-extension/src/main/docker/Dockerfile b/activiti-extension/src/main/docker/Dockerfile
index 6a5bed4..dd207cd 100644
--- a/activiti-extension/src/main/docker/Dockerfile
+++ b/activiti-extension/src/main/docker/Dockerfile
@@ -5,15 +5,18 @@ WORKDIR /home/onap/workflow/wfengineactiviti
EXPOSE 8080
RUN apk add --update curl && \
+ apk --no-cache add sudo && \
+ addgroup -g 1000 -S onap && \
+ adduser onap -D -G onap -u 1000 && \
+ chmod u+w /etc/sudoers && \
+ sed -i '/User privilege/a\\onap ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
+ chmod u-x /etc/sudoers && \
rm -rf /var/cache/apk/*
ADD apache-tomcat /home/onap/workflow/wfengineactiviti/
-RUN chmod 755 /home/onap/workflow/wfengineactiviti/bin/*.sh
+RUN chmod 755 /home/onap/workflow/wfengineactiviti/bin/*.sh && chown onap:onap -R /home/onap
-ENTRYPOINT ["./bin/entrypoint.sh"]
+USER onap
+WORKDIR /home/onap/workflow/wfengineactiviti
+ENTRYPOINT ["./bin/entrypoint.sh"]
CMD ["start"]
-
-
-
-
-
diff --git a/wfenginemgrservice/src/main/docker/Dockerfile b/wfenginemgrservice/src/main/docker/Dockerfile
index 5ca819b..7c5e8e9 100644
--- a/wfenginemgrservice/src/main/docker/Dockerfile
+++ b/wfenginemgrservice/src/main/docker/Dockerfile
@@ -5,11 +5,17 @@ WORKDIR /home/onap/workflow/wfenginemgrservice
EXPOSE 10550
RUN apk add --update curl && \
+ apk --no-cache add sudo && \
+ addgroup -g 1000 -S onap && \
+ adduser cmcc -D -G onap -u 1000 && \
+ chmod u+w /etc/sudoers && \
+ sed -i '/User privilege/a\\cmcc ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
+ chmod u-x /etc/sudoers && \
rm -rf /var/cache/apk/*
ADD bin /home/onap/workflow/wfenginemgrservice/
-RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh
-
-ENTRYPOINT ["./entrypoint.sh"]
+RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh && chown onap:onap -R /home/onap
+USER onap
+WORKDIR /home/onap/workflow/wfenginemgrservice
+ENTRYPOINT ["./entrypoint.sh"]
CMD ["start"]
-