diff --git a/docker/ironic/ironic-api/Dockerfile.j2 b/docker/ironic/ironic-api/Dockerfile.j2
index 1e39d847d8..211b42f579 100644
--- a/docker/ironic/ironic-api/Dockerfile.j2
+++ b/docker/ironic/ironic-api/Dockerfile.j2
@@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER ironic
diff --git a/docker/ironic/ironic-api/extend_start.sh b/docker/ironic/ironic-api/extend_start.sh
index b7ef2b242b..cd9c95a126 100644
--- a/docker/ironic/ironic-api/extend_start.sh
+++ b/docker/ironic/ironic-api/extend_start.sh
@@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u ironic ironic-dbsync upgrade
+    ironic-dbsync upgrade
     exit 0
 fi
diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2
index a0fb01d607..109afed564 100644
--- a/docker/ironic/ironic-base/Dockerfile.j2
+++ b/docker/ironic/ironic-base/Dockerfile.j2
@@ -26,3 +26,5 @@ RUN ln -s ironic-base-source/* ironic \
     && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic
 
 {% endif %}
+
+RUN usermod -a -G kolla ironic
diff --git a/docker/ironic/ironic-conductor/Dockerfile.j2 b/docker/ironic/ironic-conductor/Dockerfile.j2
index 7b56f5d352..340a13000b 100644
--- a/docker/ironic/ironic-conductor/Dockerfile.j2
+++ b/docker/ironic/ironic-conductor/Dockerfile.j2
@@ -11,3 +11,5 @@ RUN yum -y install openstack-ironic-conductor \
 {% endif %}
 
 {{ include_footer }}
+
+USER ironic
diff --git a/docker/ironic/ironic-discoverd/Dockerfile.j2 b/docker/ironic/ironic-discoverd/Dockerfile.j2
index 8bde9d89b9..536d2b878b 100644
--- a/docker/ironic/ironic-discoverd/Dockerfile.j2
+++ b/docker/ironic/ironic-discoverd/Dockerfile.j2
@@ -14,3 +14,5 @@ RUN pip install ironic-discoverd
 {% endif %}
 
 {{ include_footer }}
+
+USER ironic
diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2
index b550be051f..fd19748bf5 100644
--- a/docker/ironic/ironic-pxe/Dockerfile.j2
+++ b/docker/ironic/ironic-pxe/Dockerfile.j2
@@ -25,3 +25,5 @@ RUN apt-get install -y --no-install-recommends \
 COPY tftp-map-file /tftpboot/map-file
 
 {{ include_footer }}
+
+USER ironic