From 9105c93bd425524b14c2d22613e740244515ba86 Mon Sep 17 00:00:00 2001
From: yangyan <yangyanyj@chinamobile.com>
Date: Wed, 4 Mar 2020 10:36:11 +0800
Subject: [PATCH] Change sfc pod startup to non root

Change-Id: I141881e3372118dd5ed9077453c05f5ab3b790f6
Issue-ID: VFC-1637
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
---
 .../src/main/assembly/docker/Dockerfile            | 17 ++--------
 .../src/main/assembly/docker/docker-env-config.sh  | 38 ++++++++++++++++++++++
 2 files changed, 40 insertions(+), 15 deletions(-)
 create mode 100644 zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh

diff --git a/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile
index e0c26f6..9e8d9cf 100644
--- a/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile
+++ b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/Dockerfile
@@ -1,24 +1,11 @@
 FROM centos:7
-
-RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
-RUN sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
-RUN yum update -y
-
-RUN yum install -y wget unzip socat java-1.8.0-openjdk-headless
-RUN sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
 ENV JAVA_HOME /usr/lib/jvm/jre
 
 ADD . /service
 WORKDIR /service
-
-# get binary zip from nexus
-RUN wget -q -O vfc-sfcdriver-zte.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.sfc.zte.sfc-driver-standalone&a=vfc-nfvo-driver-sfc-zte-sfc-driver&v=LATEST&e=zip' && \
-    unzip vfc-sfcdriver-zte.zip && \
-    rm -rf vfc-sfcdriver-zte.zip
+RUN bash docker-env-config.sh
 
 EXPOSE 8411
-
+USER onap
 WORKDIR /service
-RUN chmod +x *.sh
-RUN chmod +x docker/*.sh
 ENTRYPOINT docker/docker-entrypoint.sh
diff --git a/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh
new file mode 100644
index 0000000..2c8dc01
--- /dev/null
+++ b/zte/sfc-driver/plugin-standalone/src/main/assembly/docker/docker-env-config.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+install_sf(){
+
+        sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+        sed -i 's|#baseurl=http://mirror.centos.org/centos|baseurl=http://mirrors.ocf.berkeley.edu/centos|' /etc/yum.repos.d/*.repo
+        yum update -y
+        yum install -y wget unzip socat java-1.8.0-openjdk-headless
+        sed -i 's|#networkaddress.cache.ttl=-1|networkaddress.cache.ttl=10|' /usr/lib/jvm/jre/lib/security/java.security
+
+        # get binary zip from nexus
+        wget -q -O vfc-sfcdriver-zte.zip 'https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vfc.nfvo.driver.sfc.zte.sfc-driver-
+standalone&a=vfc-nfvo-driver-sfc-zte-sfc-driver&v=LATEST&e=zip' && \
+        unzip vfc-sfcdriver-zte.zip && \
+        rm -rf vfc-sfcdriver-zte.zip
+
+        chmod +x *.sh
+        chmod +x docker/*.sh
+}
+
+add_user(){
+
+        useradd onap
+        yum -y install sudo
+        chmod u+x /etc/sudoers
+        sed -i '/Same thing without a password/a\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers
+        chmod u-x /etc/sudoers
+        chown onap:onap -R /service
+}
+
+clean_sf_cache(){
+
+        yum clean all
+}
+
+install_sf
+wait
+add_user
+clean_sf_cache
-- 
2.16.6