From: beierlm <mark.beierl@canonical.com>
Date: Tue, 15 Feb 2022 16:29:21 +0000 (-0500)
Subject: Fix 1706 - Adding non-root user to run MON
X-Git-Tag: v10.1.0-rc1~7
X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=026b356fb9f1bb9629cea9c56c7adc9ec2df1f36;p=osm%2Fdevops.git

Fix 1706 - Adding non-root user to run MON

Change-Id: I38ac2da20967e5fff6f63277248599576a45d80d
Signed-off-by: beierlm <mark.beierl@canonical.com>
---

diff --git a/docker/MON/Dockerfile b/docker/MON/Dockerfile
index 0046df8a..fbb0600e 100644
--- a/docker/MON/Dockerfile
+++ b/docker/MON/Dockerfile
@@ -80,7 +80,22 @@ COPY --from=INSTALL /usr/bin/ssh /usr/bin/ssh
 COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/
 COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/
 
-COPY scripts/ scripts/
+COPY scripts/ /app/osm_mon/scripts/
+
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+    useradd -u 1000 -g 1000 -d /app appuser && \
+    mkdir -p /app/osm_mon && \
+    mkdir -p /app/storage/kafka && \
+    mkdir /app/log && \
+    chown -R appuser:appuser /app
+
+WORKDIR /app/osm_mon
+
+# Changing the security context
+USER appuser
+
+########################################################################
 
 ENV OSMMON_MESSAGE_DRIVER kafka
 ENV OSMMON_MESSAGE_HOST kafka
diff --git a/installers/docker/osm_pods/mon.yaml b/installers/docker/osm_pods/mon.yaml
index 37fcdcb4..8b00fb46 100644
--- a/installers/docker/osm_pods/mon.yaml
+++ b/installers/docker/osm_pods/mon.yaml
@@ -64,10 +64,3 @@ spec:
         envFrom:
         - secretRef:
            name: mon-secret
-        volumeMounts:
-        - name: mon-storage
-          mountPath: /app/database
-      volumes:
-      - name: mon-storage
-        hostPath:
-         path: /var/lib/osm/osm_mon_db/_data