From 62191f4e3c7375e896aa8429c946d3fb42b727fc Mon Sep 17 00:00:00 2001 From: sousaedu Date: Thu, 14 Oct 2021 13:37:51 +0100 Subject: [PATCH] Fix bug 1706 - Adding non-root user to run MON Change-Id: I66e7cab3f4707dbe05e17749abd154e05c852888 Signed-off-by: sousaedu --- docker/MON/Dockerfile | 17 ++++++++++++++++- installers/docker/osm_pods/mon.yaml | 7 ------- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/docker/MON/Dockerfile b/docker/MON/Dockerfile index 719d633a..a9b95fc0 100644 --- a/docker/MON/Dockerfile +++ b/docker/MON/Dockerfile @@ -67,7 +67,22 @@ COPY --from=INSTALL /usr/bin/ssh /usr/bin/ssh COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/ COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/ -COPY scripts/ scripts/ +COPY scripts/ /app/osm_mon/scripts/ + +# Creating the user for the app +RUN groupadd -g 1000 appuser && \ + useradd -u 1000 -g 1000 -d /app appuser && \ + mkdir -p /app/osm_mon && \ + mkdir -p /app/storage/kafka && \ + mkdir /app/log && \ + chown -R appuser:appuser /app + +WORKDIR /app/osm_mon + +# Changing the security context +USER appuser + +######################################################################## ENV OSMMON_MESSAGE_DRIVER kafka ENV OSMMON_MESSAGE_HOST kafka diff --git a/installers/docker/osm_pods/mon.yaml b/installers/docker/osm_pods/mon.yaml index 7f2ef746..dff01143 100644 --- a/installers/docker/osm_pods/mon.yaml +++ b/installers/docker/osm_pods/mon.yaml @@ -64,10 +64,3 @@ spec: envFrom: - secretRef: name: mon-secret - volumeMounts: - - name: mon-storage - mountPath: /app/database - volumes: - - name: mon-storage - hostPath: - path: /var/lib/osm/osm_mon_db/_data -- 2.25.1