X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=docker%2FPLA%2FDockerfile;h=b673cb0b6b9ef4e97128f174bb3cebddaf15f294;hb=refs%2Fchanges%2F48%2F11448%2F2;hp=ffc3588b3fd247dde416235ac3450b121fbcef33;hpb=fd164afb3c0f828561b41c6c42a1e351c5d9b653;p=osm%2Fdevops.git diff --git a/docker/PLA/Dockerfile b/docker/PLA/Dockerfile index ffc3588b..b673cb0b 100644 --- a/docker/PLA/Dockerfile +++ b/docker/PLA/Dockerfile @@ -22,7 +22,7 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update && \ python3-dev=3.6.* \ python3-setuptools=39.0.* \ curl=7.58.* && \ - python3 -m easy_install pip==21.0.1 + python3 -m easy_install pip==21.0.1 setuptools==51.0.0 ARG PYTHON3_OSM_COMMON_URL ARG PYTHON3_OSM_PLA_URL @@ -46,19 +46,34 @@ FROM ubuntu:18.04 LABEL authors="Lars-Göran Magnusson" RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update && \ - DEBIAN_FRONTEND=noninteractive apt-get --yes install python3-minimal=3.6.* + DEBIAN_FRONTEND=noninteractive apt-get --yes install python3-minimal=3.6.* \ + && rm -rf /var/lib/apt/lists/* COPY --from=INSTALL /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages -COPY --from=INSTALL /usr/local/lib/python3.6/dist-packages /usr/local/lib/python3.6/dist-packages +COPY --from=INSTALL /usr/local/lib/python3.6/dist-packages /usr/local/lib/python3.6/dist-packages COPY --from=INSTALL /usr/bin/osm* /usr/bin/ COPY --from=INSTALL /minizinc /minizinc -RUN mkdir /entry_data \ - && mkdir /entry_data/mzn-lib \ - && ln -s /entry_data/mzn-lib /minizinc/share/minizinc/exec +RUN mkdir /entry_data && \ + mkdir /placement && \ + mkdir /entry_data/mzn-lib && \ + ln -s /entry_data/mzn-lib /minizinc/share/minizinc/exec -COPY scripts/ scripts/ -RUN mkdir /placement +COPY scripts/ /app/osm_pla/scripts/ + +# Creating the user for the app +RUN groupadd -g 1000 appuser && \ + useradd -u 1000 -g 1000 -d /app appuser && \ + mkdir -p /app/osm_pla && \ + chown -R appuser:appuser /app && \ + chown -R appuser:appuser /entry_data && \ + chown -R appuser:appuser /minizinc && \ + chown -R appuser:appuser /placement + +WORKDIR /app/osm_pla + +# Changing the security context +USER appuser ENV OSMPLA_MESSAGE_DRIVER kafka ENV OSMPLA_MESSAGE_HOST kafka @@ -79,4 +94,4 @@ ENV LD_LIBRARY_PATH "/minizinc/lib:${LD_LIBRARY_PATH}" #HEALTHCHECK --start-period=120s --interval=10s --timeout=5s --retries=5 \ # CMD osm-pla-healthcheck || exit 1 -CMD /bin/bash scripts/start.sh +CMD [ "/bin/bash", "scripts/start.sh" ]