[Security Fix] Update Openstack Utility Container Image

Update Python Packages to non-vulnerable as per Claire Scan Change-Id: I01651be3bf6354fc553dad98938810473db71ac3
2020-06-12 12:40:31 -05:00 · 2020-06-12 12:40:31 -05:00 · 0c3435b7f9
commit 0c3435b7f9
parent 9447bb867c
2 changed files with 24 additions and 29 deletions
--- a/charts/openstack-utility/templates/bin/_start.sh.tpl
+++ b/charts/openstack-utility/templates/bin/_start.sh.tpl
@ -15,13 +15,3 @@ limitations under the License.
 set -ex
 sed -i 's/$PrivDropToUser syslog/$PrivDropToUser nobody/' /etc/rsyslog.conf
 /etc/init.d/rsyslog start
-{{/*
-These lines will disable extra handler, extra formatter, extra level to the
-root logger by oslo-rootwrap module, imported in _openstack-utility-rootwrap.tpl.
-These lines will get rid of duplicate logs, generated because of the formatter
-attached by oslo-rootwrap.
-*/}}
-sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/handler.setFormatter/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/os.path.basename/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py
-sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py
--- a/images/openstack-utility/Dockerfile.ubuntu_bionic
+++ b/images/openstack-utility/Dockerfile.ubuntu_bionic
@ -10,24 +10,29 @@ LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc

 ARG DEBIAN_FRONTEND=noninteractive

-RUN set -xe && \
-    sed -i '/nobody/d' /etc/passwd && \
-    echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd && \
-    apt-get update && \
-    apt-get install -y \
-      bash \
-      sudo \
-      rsyslog \
-      python3 \
-      python3-pip &&\
-    pip3 install \
-      oslo.rootwrap==5.8.0 \
-      python-openstackclient==3.18.1 \
-      python-glanceclient==2.16.0 \
-      python-novaclient==13.0.2 \
-      python-neutronclient==6.12.0 \
-      python-cinderclient==4.2.1 && \
-    apt-get clean -y && \
-    rm -rf /var/lib/apt/lists/*
+RUN set -xe \
+    && sed -i '/nobody/d' /etc/passwd \
+    && echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
+    && apt-get update \
+    && apt-get install -y \
+       bash \
+       sudo \
+       rsyslog \
+       python3.6 \
+       python3-pip \
+    && pip3 install \
+         oslo.rootwrap==5.8.0 \
+         python-openstackclient==3.18.1 \
+         python-glanceclient==2.16.0 \
+         python-novaclient==13.0.2 \
+         python-neutronclient==6.12.0 \
+         python-cinderclient==4.2.1 \
+    && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN sed -i "/rootwrap_logger.setLevel/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/handler.setFormatter/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/os.path.basename/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py \
+    && sed -i "/rootwrap_logger.addHandler/s/.*/#&/" /usr/local/lib/python3.6/dist-packages/oslo_rootwrap/wrapper.py

 CMD ["/bin/bash"]