run as non root user

author sunil.unnava <sunil.unnava@att.com>

Mon, 8 Apr 2019 23:28:57 +0000 (19:28 -0400)

committer sunil unnava <su622b@att.com>

Mon, 8 Apr 2019 23:33:45 +0000 (23:33 +0000)
author sunil.unnava <sunil.unnava@att.com>
Mon, 8 Apr 2019 23:28:57 +0000 (19:28 -0400)
committer sunil unnava <su622b@att.com>
Mon, 8 Apr 2019 23:33:45 +0000 (23:33 +0000)
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile

index d837fb9..2ac2f3d 100644 (file)
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -31,6 +31,7 @@ ADD broker-list.sh /usr/bin/broker-list.sh
  ADD create-topics.sh /usr/bin/create-topics.sh
  ADD start-kafkaOrMirrorMaker.sh /usr/bin/start-kafkaOrMirrorMaker.sh
  ADD start-mirrormaker.sh /usr/bin/start-mirrormaker.sh
+RUN mkdir /opt/logs
  # The scripts need to have executable permission
  RUN chmod a+x /usr/bin/start-kafka.sh && \
      chmod a+x /usr/bin/broker-list.sh && \
@@ -39,3 +40,11 @@ RUN chmod a+x /usr/bin/start-kafka.sh && \
      chmod a+x /usr/bin/create-topics.sh
  # Use "exec" form so that it runs as PID 1 (useful for graceful shutdown)
  CMD ["start-kafkaOrMirrorMaker.sh"]
+
+RUN addgroup  onap \
+    && adduser  mrkafka -G onap \
+    && chown -R mrkafka:onap  /opt/kafka/ /opt/logs/ /opt/etc/ /kafka/  /usr/bin/ /tmp/
+
+USER mrkafka
+
+
diff --git a/src/main/docker/start-mirrormaker.sh b/src/main/docker/start-mirrormaker.sh

index f82092a..0e9100f 100644 (file)
--- a/src/main/docker/start-mirrormaker.sh
+++ b/src/main/docker/start-mirrormaker.sh
@@ -143,7 +143,6 @@ export KAFKA_OPTS="-Djava.security.auth.login.config=$KAFKA_HOME/config/kafka_se
  
  
  
-mkdir /opt/logs
  cp /tmp/kafka-run-class.sh /opt/kafka/bin
  java -jar /tmp/dmaapMMAgent.jar
author	sunil.unnava <sunil.unnava@att.com>
	Mon, 8 Apr 2019 23:28:57 +0000 (19:28 -0400)
committer	sunil unnava <su622b@att.com>
	Mon, 8 Apr 2019 23:33:45 +0000 (23:33 +0000)
src/main/docker/Dockerfile		patch \| blob \| history
src/main/docker/start-mirrormaker.sh		patch \| blob \| history