Fix 1706 - Adding non-root user to run MON

Change-Id: I38ac2da20967e5fff6f63277248599576a45d80d
Signed-off-by: beierlm <mark.beierl@canonical.com>

diff --git a/docker/MON/Dockerfile b/docker/MON/Dockerfile
index 0046df8..fbb0600 100644 (file)
--- a/docker/MON/Dockerfile
+++ b/docker/MON/Dockerfile
@@ -80,7 +80,22 @@ COPY --from=INSTALL /usr/bin/ssh /usr/bin/ssh
 COPY --from=INSTALL /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/
 COPY --from=INSTALL /lib/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/
 
-COPY scripts/ scripts/
+COPY scripts/ /app/osm_mon/scripts/
+
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+    useradd -u 1000 -g 1000 -d /app appuser && \
+    mkdir -p /app/osm_mon && \
+    mkdir -p /app/storage/kafka && \
+    mkdir /app/log && \
+    chown -R appuser:appuser /app
+
+WORKDIR /app/osm_mon
+
+# Changing the security context
+USER appuser
+
+########################################################################
 
 ENV OSMMON_MESSAGE_DRIVER kafka
 ENV OSMMON_MESSAGE_HOST kafka

diff --git a/installers/docker/osm_pods/mon.yaml b/installers/docker/osm_pods/mon.yaml
index 37fcdcb..8b00fb4 100644 (file)
--- a/installers/docker/osm_pods/mon.yaml
+++ b/installers/docker/osm_pods/mon.yaml
@@ -64,10 +64,3 @@ spec:
         envFrom:
         - secretRef:
            name: mon-secret
-        volumeMounts:
-        - name: mon-storage
-          mountPath: /app/database
-      volumes:
-      - name: mon-storage
-        hostPath:
-         path: /var/lib/osm/osm_mon_db/_data