From: garciadeblas Date: Mon, 21 Feb 2022 23:00:32 +0000 (+0100) Subject: Revert "Fix bug 1704 - Adding non-root user to run LCM" X-Git-Tag: v10.1.0-rc1~4 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F96%2F11696%2F1;p=osm%2Fdevops.git Revert "Fix bug 1704 - Adding non-root user to run LCM" This reverts commit 9e3816c795590c934a228af35102d307351a77db. Change-Id: I24643c2d1d1e260f2f311d057a8a4e0ae904789a Signed-off-by: garciadeblas --- diff --git a/docker/LCM/Dockerfile b/docker/LCM/Dockerfile index 03907d74..99c198f9 100644 --- a/docker/LCM/Dockerfile +++ b/docker/LCM/Dockerfile @@ -46,6 +46,7 @@ RUN curl https://get.helm.sh/helm-v3.7.2-linux-amd64.tar.gz --output helm-v3.7.2 && mv linux-amd64/helm /usr/local/bin/helm3 \ && rm -r linux-amd64/ + ARG PYTHON3_OSM_COMMON_URL ARG PYTHON3_OSM_LCM_URL ARG PYTHON3_N2VC_URL @@ -95,23 +96,15 @@ COPY --from=INSTALL /usr/bin/ssh /usr/bin/ssh COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/ COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/ -COPY scripts/ /app/osm_lcm/scripts/ - -# Creating the user for the app -RUN groupadd -g 1000 appuser && \ - useradd -u 1000 -g 1000 -d /app appuser && \ - mkdir -p /app/osm_lcm && \ - mkdir -p /app/storage/kafka && \ - mkdir /app/log && \ - chown -R appuser:appuser /app - -WORKDIR /app/osm_lcm - -# Changing the security context -USER appuser +COPY scripts/ scripts/ ######################################################################## +# Used for local storage +VOLUME /app/storage +# Used for logs +VOLUME /app/log + # The following ENV can be added with "docker run -e xxx' to configure LCM ENV OSMLCM_RO_HOST ro ENV OSMLCM_RO_PORT 9090 @@ -158,5 +151,7 @@ ENV OSMLCM_VCA_STABLEREPOURL https://charts.helm.sh/stable HEALTHCHECK --start-period=120s --interval=30s --timeout=30s --retries=1 \ CMD python3 -m osm_lcm.lcm_hc || exit 1 + # Run app.py when the container launches CMD [ "/bin/bash", "scripts/start.sh" ] + diff --git a/installers/docker/osm_pods/lcm.yaml b/installers/docker/osm_pods/lcm.yaml index 5f34c0d8..26284088 100644 --- a/installers/docker/osm_pods/lcm.yaml +++ b/installers/docker/osm_pods/lcm.yaml @@ -30,10 +30,6 @@ spec: labels: app: lcm spec: - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 initContainers: - name: kafka-ro-mongo-test image: alpine:latest @@ -58,4 +54,16 @@ spec: value: mongodb://mongodb-k8s:27017/?replicaSet=rs0 envFrom: - secretRef: - name: lcm-secret + name: lcm-secret + volumeMounts: + - name: osm-packages + mountPath: /app/storage + - name: prometheus-config + mountPath: /etc/prometheus + volumes: + - name: osm-packages + hostPath: + path: /var/lib/osm/osm_osm_packages/_data + - name: prometheus-config + hostPath: + path: /var/lib/osm/prometheus