Change sfc pod startup to non root

author yangyan <yangyanyj@chinamobile.com>

Wed, 4 Mar 2020 02:36:11 +0000 (10:36 +0800)

committer Yan Yang <yangyanyj@chinamobile.com>

Wed, 4 Mar 2020 02:36:57 +0000 (02:36 +0000)
author yangyan <yangyanyj@chinamobile.com>
Wed, 4 Mar 2020 02:36:11 +0000 (10:36 +0800)
committer Yan Yang <yangyanyj@chinamobile.com>
Wed, 4 Mar 2020 02:36:57 +0000 (02:36 +0000)
diff --git a/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile

index e0c26f6..9e8d9cf 100644 (file)
--- a/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile
+++ b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile
@@ -1,24 +1,11 @@
  FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
  ENV JAVA_HOME /usr/lib/jvm/jre
  
  ADD . /service
  WORKDIR /service
-
-# get binary zip from nexus
-RUN wget -q -O vfc-sfcdriver-zte.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.sfc.zte.sfc-driver-standalone&a=vfc-nfvo-driver-sfc-zte-sfc-driver&v=LATEST&e=zip' && \
-    unzip vfc-sfcdriver-zte.zip && \
-    rm -rf vfc-sfcdriver-zte.zip
+RUN bash docker-env-config.sh
  
  EXPOSE 8411
-
+USER onap
  WORKDIR /service
-RUN chmod +x *.sh
-RUN chmod +x docker/*.sh
  ENTRYPOINT docker/docker-entrypoint.sh
diff --git a/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh

new file mode 100644 (file)

index 0000000..2c8dc01
--- /dev/null
+++ b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+install_sf(){
+
+        sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+        sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+        yum update -y
+        yum install -y wget unzip socat java-1.8.0-openjdk-headless
+        sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+        # get binary zip from nexus
+        wget -q -O vfc-sfcdriver-zte.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.sfc.zte.sfc-driver-
+standalone&a=vfc-nfvo-driver-sfc-zte-sfc-driver&v=LATEST&e=zip' && \
+        unzip vfc-sfcdriver-zte.zip && \
+        rm -rf vfc-sfcdriver-zte.zip
+
+        chmod +x *.sh
+        chmod +x docker/*.sh
+}
+
+add_user(){
+
+        useradd onap
+        yum -y install sudo
+        chmod u+x /etc/sudoers
+        sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
+        chmod u-x /etc/sudoers
+        chown onap:onap -R /service
+}
+
+clean_sf_cache(){
+
+        yum clean all
+}
+
+install_sf
+wait
+add_user
+clean_sf_cache
author	yangyan <yangyanyj@chinamobile.com>
	Wed, 4 Mar 2020 02:36:11 +0000 (10:36 +0800)
committer	Yan Yang <yangyanyj@chinamobile.com>
	Wed, 4 Mar 2020 02:36:57 +0000 (02:36 +0000)
zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile		patch \| blob \| history
zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh	[new file with mode: 0644]	patch \| blob