Fix bug 1706 - Adding non-root user to run MON
Change-Id: I66e7cab3f4707dbe05e17749abd154e05c852888
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
(cherry picked from commit 62191f4e3c7375e896aa8429c946d3fb42b727fc)
diff --git a/docker/MON/Dockerfile b/docker/MON/Dockerfile
index 0046df8..fbb0600 100644
--- a/docker/MON/Dockerfile
+++ b/docker/MON/Dockerfile
@@ -80,7 +80,22 @@
COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/
COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/
-COPY scripts/ scripts/
+COPY scripts/ /app/osm_mon/scripts/
+
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+ useradd -u 1000 -g 1000 -d /app appuser && \
+ mkdir -p /app/osm_mon && \
+ mkdir -p /app/storage/kafka && \
+ mkdir /app/log && \
+ chown -R appuser:appuser /app
+
+WORKDIR /app/osm_mon
+
+# Changing the security context
+USER appuser
+
+########################################################################
ENV OSMMON_MESSAGE_DRIVER kafka
ENV OSMMON_MESSAGE_HOST kafka
diff --git a/installers/docker/osm_pods/mon.yaml b/installers/docker/osm_pods/mon.yaml
index 7f2ef74..dff0114 100644
--- a/installers/docker/osm_pods/mon.yaml
+++ b/installers/docker/osm_pods/mon.yaml
@@ -64,10 +64,3 @@
envFrom:
- secretRef:
name: mon-secret
- volumeMounts:
- - name: mon-storage
- mountPath: /app/database
- volumes:
- - name: mon-storage
- hostPath:
- path: /var/lib/osm/osm_mon_db/_data