From: sousaedu Date: Thu, 14 Oct 2021 12:37:51 +0000 (+0100) Subject: Fix bug 1706 - Adding non-root user to run MON X-Git-Tag: v11.0.2~18 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F68%2F11668%2F2;p=osm%2Fdevops.git Fix bug 1706 - Adding non-root user to run MON Change-Id: I66e7cab3f4707dbe05e17749abd154e05c852888 Signed-off-by: sousaedu (cherry picked from commit 62191f4e3c7375e896aa8429c946d3fb42b727fc) --- diff --git a/docker/MON/Dockerfile b/docker/MON/Dockerfile index 0046df8a..fbb0600e 100644 --- a/docker/MON/Dockerfile +++ b/docker/MON/Dockerfile @@ -80,7 +80,22 @@ COPY --from=INSTALL /usr/bin/ssh /usr/bin/ssh COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/ COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/ -COPY scripts/ scripts/ +COPY scripts/ /app/osm_mon/scripts/ + +# Creating the user for the app +RUN groupadd -g 1000 appuser && \ + useradd -u 1000 -g 1000 -d /app appuser && \ + mkdir -p /app/osm_mon && \ + mkdir -p /app/storage/kafka && \ + mkdir /app/log && \ + chown -R appuser:appuser /app + +WORKDIR /app/osm_mon + +# Changing the security context +USER appuser + +######################################################################## ENV OSMMON_MESSAGE_DRIVER kafka ENV OSMMON_MESSAGE_HOST kafka diff --git a/installers/docker/osm_pods/mon.yaml b/installers/docker/osm_pods/mon.yaml index 7f2ef746..dff01143 100644 --- a/installers/docker/osm_pods/mon.yaml +++ b/installers/docker/osm_pods/mon.yaml @@ -64,10 +64,3 @@ spec: envFrom: - secretRef: name: mon-secret - volumeMounts: - - name: mon-storage - mountPath: /app/database - volumes: - - name: mon-storage - hostPath: - path: /var/lib/osm/osm_mon_db/_data