Code Review / vfc / nfvo / wfengine.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Change wfengigne pod startup to non root
[vfc/nfvo/wfengine.git] / wfenginemgrservice / src / main / docker / Dockerfile
diff --git a/wfenginemgrservice/src/main/docker/Dockerfile b/wfenginemgrservice/src/main/docker/Dockerfile
index 5ca819b..7c5e8e9 100644 (file)
--- a/wfenginemgrservice/src/main/docker/Dockerfile
+++ b/wfenginemgrservice/src/main/docker/Dockerfile
@@ -5,11 +5,17 @@ WORKDIR /home/onap/workflow/wfenginemgrservice
 EXPOSE 10550\r
 \r
 RUN apk add --update curl && \\r
+    apk --no-cache add sudo && \\r
+    addgroup -g 1000 -S onap && \\r
+    adduser cmcc -D -G onap -u 1000 && \\r
+    chmod u+w /etc/sudoers && \\r
+    sed -i '/User privilege/a\\cmcc    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \\r
+    chmod u-x /etc/sudoers && \\r
     rm -rf /var/cache/apk/*\r
 \r
 ADD bin /home/onap/workflow/wfenginemgrservice/\r
-RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh\r
-\r
-ENTRYPOINT ["./entrypoint.sh"]  \r
+RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh && chown onap:onap -R /home/onap\r
+USER onap\r
+WORKDIR /home/onap/workflow/wfenginemgrservice\r
+ENTRYPOINT ["./entrypoint.sh"]\r
 CMD ["start"]\r
-\r