From: yangyan <yangyanyj@chinamobile.com>
Date: Wed, 4 Mar 2020 02:53:49 +0000 (+0800)
Subject: Change wfengigne pod startup to non root
X-Git-Tag: 1.3.3~8
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=49cf6c962e524260c3a11dd0456a6ff1c26721a9;p=vfc%2Fnfvo%2Fwfengine.git

Change wfengigne pod startup to non root

Change-Id: I15295be19b31d5ca8b757d171cc6afc4dca1e72e
Issue-ID: VFC-1637
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
---

diff --git a/activiti-extension/src/main/docker/Dockerfile b/activiti-extension/src/main/docker/Dockerfile
index 6a5bed4..dd207cd 100644
--- a/activiti-extension/src/main/docker/Dockerfile
+++ b/activiti-extension/src/main/docker/Dockerfile
@@ -5,15 +5,18 @@ WORKDIR /home/onap/workflow/wfengineactiviti
 EXPOSE 8080
 
 RUN apk add --update curl && \
+    apk --no-cache add sudo && \
+    addgroup -g 1000 -S onap && \
+    adduser onap -D -G onap -u 1000 && \
+    chmod u+w /etc/sudoers && \
+    sed -i '/User privilege/a\\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
+    chmod u-x /etc/sudoers && \
     rm -rf /var/cache/apk/*
 
 ADD apache-tomcat /home/onap/workflow/wfengineactiviti/
-RUN chmod 755 /home/onap/workflow/wfengineactiviti/bin/*.sh
+RUN chmod 755 /home/onap/workflow/wfengineactiviti/bin/*.sh && chown onap:onap -R /home/onap
 
-ENTRYPOINT ["./bin/entrypoint.sh"]  
+USER onap
+WORKDIR /home/onap/workflow/wfengineactiviti
+ENTRYPOINT ["./bin/entrypoint.sh"]
 CMD ["start"]
-
-
-
-
-
diff --git a/wfenginemgrservice/src/main/docker/Dockerfile b/wfenginemgrservice/src/main/docker/Dockerfile
index 5ca819b..7c5e8e9 100644
--- a/wfenginemgrservice/src/main/docker/Dockerfile
+++ b/wfenginemgrservice/src/main/docker/Dockerfile
@@ -5,11 +5,17 @@ WORKDIR /home/onap/workflow/wfenginemgrservice
 EXPOSE 10550
 
 RUN apk add --update curl && \
+    apk --no-cache add sudo && \
+    addgroup -g 1000 -S onap && \
+    adduser cmcc -D -G onap -u 1000 && \
+    chmod u+w /etc/sudoers && \
+    sed -i '/User privilege/a\\cmcc    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
+    chmod u-x /etc/sudoers && \
     rm -rf /var/cache/apk/*
 
 ADD bin /home/onap/workflow/wfenginemgrservice/
-RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh
-
-ENTRYPOINT ["./entrypoint.sh"]  
+RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh && chown onap:onap -R /home/onap
+USER onap
+WORKDIR /home/onap/workflow/wfenginemgrservice
+ENTRYPOINT ["./entrypoint.sh"]
 CMD ["start"]
-