Remove sudo capability for onap user for VF-C gvnfm docker

author yangyan <yangyanyj@chinamobile.com>

Thu, 5 Mar 2020 02:51:15 +0000 (10:51 +0800)

committer yangyan <yangyanyj@chinamobile.com>

Thu, 5 Mar 2020 02:51:25 +0000 (10:51 +0800)
author yangyan <yangyanyj@chinamobile.com>
Thu, 5 Mar 2020 02:51:15 +0000 (10:51 +0800)
committer yangyan <yangyanyj@chinamobile.com>
Thu, 5 Mar 2020 02:51:25 +0000 (10:51 +0800)
diff --git a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh

index 1cd99b0..f996163 100644 (file)
--- a/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
+++ b/juju/juju-vnfmadapter/Juju-vnfmadapterService/docker/docker-env-config.sh
@@ -1,5 +1,11 @@
  #!/bin/bash
-install_sf(){
+
+add_user(){
+
+       useradd  onap
+}
+
+set_up_mysql(){
  
         sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
         sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
@@ -14,8 +20,21 @@ install_sf(){
                 rm -f mysql-community-release-el7-5.noarch.rpm
         yum -y update
         yum -y install mysql-server
-       mysql_install_db --user=mysql --datadir=/var/lib/mysql
-       
+       mysql_install_db --user=onap --datadir=/var/lib/mysql
+
+        chown onap:onap -R /var/run/mysqld
+        chmod g+s /var/run/mysqld
+        setfacl -d --set u:onap:rwx /var/run/mysqld
+        chown onap:onap /var/log/mysqld.log
+        chmod g+s /var/log/mysqld.log
+        chown onap:onap -R /var/lib/mysql-files
+        chmod g+s /var/lib/mysql-files
+        setfacl -d --set u:onap:rwx /var/lib/mysql-files
+        chown onap:onap /etc/my.cnf
+}
+
+set_up_tomcat(){
+
         # Set up tomcat
         wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz && \
                 tar --strip-components=1 -xf apache-tomcat-8.5.30.tar.gz && \
@@ -31,16 +50,10 @@ install_sf(){
         # Set permissions
         find . -type d -exec chmod o-w {} \;
         find . -name "*.sh" -exec chmod +x {} \;
-}
-
-add_user(){
  
-       useradd onap
-       yum -y install sudo
-       chmod u+x /etc/sudoers
-       sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
-       chmod u-x /etc/sudoers
         chown onap:onap -R /service
+       chmod g+s /service
+       setfacl -d --set u:onap:rwx /service
  }
  
  clean_sf_cache(){
@@ -48,7 +61,7 @@ clean_sf_cache(){
         yum clean all
  }
  
-install_sf
-wait
  add_user
+set_up_mysql
+set_up_tomcat
  clean_sf_cache
author	yangyan <yangyanyj@chinamobile.com>
	Thu, 5 Mar 2020 02:51:15 +0000 (10:51 +0800)
committer	yangyan <yangyanyj@chinamobile.com>
	Thu, 5 Mar 2020 02:51:25 +0000 (10:51 +0800)