Run Ocata plugin as non root user

Change-Id: Ia4e201ee586cc62f1ea2f5f38d4001acc7ccc0b5
Issue-ID: MULTICLOUD-500
Signed-off-by: Haibin Huang <haibin.huang@intel.com>

diff --git a/ocata/docker/Dockerfile b/ocata/docker/Dockerfile
index e652533..bff5706 100644 (file)
--- a/ocata/docker/Dockerfile
+++ b/ocata/docker/Dockerfile
@@ -31,13 +31,18 @@ ENV AAI_PASSWORD "AAI"
 
 EXPOSE 9006
 
+RUN groupadd -r onap && useradd -r -g onap onap
+
 WORKDIR /opt/ocata
-RUN apt-get update && apt-get install -y memcached unzip rabbitmq-server
+RUN apt-get update && apt-get install -y memcached unzip
 RUN wget -O /opt/multicloud-openstack-ocata.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.openstack&a=multicloud-openstack-ocata&e=zip&v=1.3.0-SNAPSHOT" && \
     unzip -q -o -B /opt/multicloud-openstack-ocata.zip -d /opt/ && \
     rm -f /opt/multicloud-openstack-ocata.zip
 RUN mkdir -p /var/log/onap/multicloud/openstack/ocata/
 #COPY ./ .
 RUN pip install -r requirements.txt
+RUN chown onap:onap /opt/ocata -R
+
+USER onap
 
 CMD "/opt/ocata/run.sh"

diff --git a/ocata/run.sh b/ocata/run.sh
index ecca986..a66a1e9 100755 (executable)
--- a/ocata/run.sh
+++ b/ocata/run.sh
@@ -16,8 +16,8 @@
 memcached -d -m 2048 -u root -c 1024 -p 11211 -P /tmp/memcached1.pid
 export PYTHONPATH=lib/share
 
-service rabbitmq-server restart
+#service rabbitmq-server restart
 # make sure only 1 worker due to missing the synchronization between workers now
-nohup celery -A ocata worker --concurrency=1 --loglevel=info &
+#nohup celery -A ocata worker --concurrency=1 --loglevel=info &
 
 uwsgi --http :9006 --module ocata.wsgi --master --processes 4