Fix bug 1706 - Adding non-root user to run MON

Change-Id: I66e7cab3f4707dbe05e17749abd154e05c852888 Signed-off-by: sousaedu <eduardo.sousa@canonical.com>

Fix bug 1706 - Adding non-root user to run MON
Change-Id: I66e7cab3f4707dbe05e17749abd154e05c852888 Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
62191f4e · sousaedu · Mark Beierl · a8e75d03 · 62191f4e · 62191f4e
Commit 62191f4e authored 3 years ago by sousaedu Committed by Mark Beierl 3 years ago
--- a/docker/MON/Dockerfile
+++ b/docker/MON/Dockerfile
@@ -67,7 +67,22 @@ COPY --from=INSTALL /usr/bin/ssh /usr/bin/ssh
 COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/
 COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/

-COPY scripts/ scripts/
+COPY scripts/ /app/osm_mon/scripts/
+
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+    useradd -u 1000 -g 1000 -d /app appuser && \
+    mkdir -p /app/osm_mon && \
+    mkdir -p /app/storage/kafka && \
+    mkdir /app/log && \
+    chown -R appuser:appuser /app
+
+WORKDIR /app/osm_mon
+
+# Changing the security context
+USER appuser
+
+########################################################################

 ENV OSMMON_MESSAGE_DRIVER kafka
 ENV OSMMON_MESSAGE_HOST kafka

--- a/installers/docker/osm_pods/mon.yaml
+++ b/installers/docker/osm_pods/mon.yaml
@@ -64,10 +64,3 @@ spec:
        envFrom:
        - secretRef:
           name: mon-secret
-        volumeMounts:
-        - name: mon-storage
-          mountPath: /app/database
-      volumes:
-      - name: mon-storage
-        hostPath:
-         path: /var/lib/osm/osm_mon_db/_data