Change ems pod startup to non root

author yangyan <yangyanyj@chinamobile.com>

Wed, 4 Mar 2020 02:26:47 +0000 (10:26 +0800)

committer yangyan <yangyanyj@chinamobile.com>

Wed, 4 Mar 2020 02:26:52 +0000 (10:26 +0800)
author yangyan <yangyanyj@chinamobile.com>
Wed, 4 Mar 2020 02:26:47 +0000 (10:26 +0800)
committer yangyan <yangyanyj@chinamobile.com>
Wed, 4 Mar 2020 02:26:52 +0000 (10:26 +0800)
diff --git a/ems/microservice-standalone/src/main/assembly/docker/Dockerfile b/ems/microservice-standalone/src/main/assembly/docker/Dockerfile

index 9669dd3..f13840a 100755 (executable)
--- a/ems/microservice-standalone/src/main/assembly/docker/Dockerfile
+++ b/ems/microservice-standalone/src/main/assembly/docker/Dockerfile
@@ -1,25 +1,10 @@
  FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
  ENV JAVA_HOME /usr/lib/jvm/jre
-
  ADD . /service
  WORKDIR /service
-RUN mkdir emsdriver
-
-# get binary zip from nexus
-RUN wget -q -O emsdiver-standalone.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.ems.ems&a=emsdriver-standalone&v=LATEST&e=zip' && \
-    unzip emsdiver-standalone.zip -d emsdriver && \
-    rm -rf emsdiver-standalone.zip
+RUN bash docker-env-config.sh
  
  EXPOSE 8206
-
+USER onap
  WORKDIR /service
-RUN chmod +x emsdriver/*.sh
-RUN chmod +x emsdriver/docker/*.sh
  ENTRYPOINT emsdriver/docker/docker-entrypoint.sh
diff --git a/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh

new file mode 100644 (file)

index 0000000..84ab986
--- /dev/null
+++ b/ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+install_sf(){
+
+        sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+        sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+        yum -y update
+        yum -y install wget unzip socat java-1.8.0-openjdk-headless
+        sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+        mkdir emsdriver
+
+        # get binary zip from nexus
+        wget -q -O emsdiver-standalone.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.ems.ems&a=emsdriv
+er-standalone&v=LATEST&e=zip' && \
+            unzip emsdiver-standalone.zip -d emsdriver && \
+            rm -rf emsdiver-standalone.zip
+
+        chmod +x /service/emsdriver/*.sh
+        chmod +x /service/emsdriver/docker/*.sh
+}
+
+add_user(){
+
+        useradd onap
+        yum -y install sudo
+        chmod u+x /etc/sudoers
+        sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
+        chmod u-x /etc/sudoers
+        chown onap:onap -R /service
+}
+
+clean_sf_cache(){
+
+        yum clean all
+}
+
+install_sf
+wait
+add_user
+clean_sf_cache
author	yangyan <yangyanyj@chinamobile.com>
	Wed, 4 Mar 2020 02:26:47 +0000 (10:26 +0800)
committer	yangyan <yangyanyj@chinamobile.com>
	Wed, 4 Mar 2020 02:26:52 +0000 (10:26 +0800)
ems/microservice-standalone/src/main/assembly/docker/Dockerfile		patch \| blob \| history
ems/microservice-standalone/src/main/assembly/docker/docker-env-config.sh	[new file with mode: 0644]	patch \| blob