Code Review / vfc / nfvo / wfengine.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Change wfengigne pod startup to non root
[vfc/nfvo/wfengine.git] / activiti-extension / src / main / docker / Dockerfile
diff --git a/activiti-extension/src/main/docker/Dockerfile b/activiti-extension/src/main/docker/Dockerfile
index 6a5bed4..dd207cd 100644 (file)
--- a/activiti-extension/src/main/docker/Dockerfile
+++ b/activiti-extension/src/main/docker/Dockerfile
@@ -5,15 +5,18 @@ WORKDIR /home/onap/workflow/wfengineactiviti
 EXPOSE 8080
 
 RUN apk add --update curl && \
+    apk --no-cache add sudo && \
+    addgroup -g 1000 -S onap && \
+    adduser onap -D -G onap -u 1000 && \
+    chmod u+w /etc/sudoers && \
+    sed -i '/User privilege/a\\onap    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
+    chmod u-x /etc/sudoers && \
     rm -rf /var/cache/apk/*
 
 ADD apache-tomcat /home/onap/workflow/wfengineactiviti/
-RUN chmod 755 /home/onap/workflow/wfengineactiviti/bin/*.sh
+RUN chmod 755 /home/onap/workflow/wfengineactiviti/bin/*.sh && chown onap:onap -R /home/onap
 
-ENTRYPOINT ["./bin/entrypoint.sh"]  
+USER onap
+WORKDIR /home/onap/workflow/wfengineactiviti
+ENTRYPOINT ["./bin/entrypoint.sh"]
 CMD ["start"]
-
-
-
-
-