From c691334181405b0fe22e0624de8fb823720259d8 Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Tue, 10 Nov 2015 10:41:13 +0100 Subject: [PATCH] Drop root for designate Change-Id: I1df05608be62cc008ccef1ca88d0b37983568d22 Partially-Implements: blueprint drop-root --- docker/designate/designate-api/Dockerfile.j2 | 2 ++ docker/designate/designate-api/extend_start.sh | 2 +- docker/designate/designate-backend-bind9/Dockerfile.j2 | 2 ++ docker/designate/designate-base/Dockerfile.j2 | 2 ++ docker/designate/designate-central/Dockerfile.j2 | 2 ++ docker/designate/designate-mdns/Dockerfile.j2 | 2 ++ docker/designate/designate-poolmanager/Dockerfile.j2 | 2 ++ docker/designate/designate-sink/Dockerfile.j2 | 2 ++ 8 files changed, 15 insertions(+), 1 deletion(-) diff --git a/docker/designate/designate-api/Dockerfile.j2 b/docker/designate/designate-api/Dockerfile.j2 index 268a93fedc..4bb3b83194 100644 --- a/docker/designate/designate-api/Dockerfile.j2 +++ b/docker/designate/designate-api/Dockerfile.j2 @@ -14,4 +14,6 @@ RUN yum install -y \ COPY extend_start.sh /usr/local/bin/kolla_extend_start RUN chmod 755 /usr/local/bin/kolla_extend_start +USER designate + {{ include_footer }} diff --git a/docker/designate/designate-api/extend_start.sh b/docker/designate/designate-api/extend_start.sh index f851d894ae..10056778b8 100644 --- a/docker/designate/designate-api/extend_start.sh +++ b/docker/designate/designate-api/extend_start.sh @@ -3,6 +3,6 @@ # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then - sudo -H -u designate designate-manage db_sync + designate-manage db_sync exit 0 fi diff --git a/docker/designate/designate-backend-bind9/Dockerfile.j2 b/docker/designate/designate-backend-bind9/Dockerfile.j2 index 8f9a9aec39..b7c7344420 100644 --- a/docker/designate/designate-backend-bind9/Dockerfile.j2 +++ b/docker/designate/designate-backend-bind9/Dockerfile.j2 @@ -12,4 +12,6 @@ RUN yum install -y bind \ {% endif %} {% endif %} +USER designate + {{ include_footer }} diff --git a/docker/designate/designate-base/Dockerfile.j2 b/docker/designate/designate-base/Dockerfile.j2 index fe9657d6f9..834eec84bc 100644 --- a/docker/designate/designate-base/Dockerfile.j2 +++ b/docker/designate/designate-base/Dockerfile.j2 @@ -29,3 +29,5 @@ RUN ln -s designate-base-source/* designate \ && chown -R designate: /etc/designate /var/log/designate /home/designate {% endif %} + +RUN usermod -a -G kolla designate diff --git a/docker/designate/designate-central/Dockerfile.j2 b/docker/designate/designate-central/Dockerfile.j2 index 2195441ba9..8a9526dc0d 100644 --- a/docker/designate/designate-central/Dockerfile.j2 +++ b/docker/designate/designate-central/Dockerfile.j2 @@ -10,4 +10,6 @@ RUN yum install -y openstack-designate-central \ {% endif %} {% endif %} +USER designate + {{ include_footer }} diff --git a/docker/designate/designate-mdns/Dockerfile.j2 b/docker/designate/designate-mdns/Dockerfile.j2 index 97f9a2ffc9..be9341e12a 100644 --- a/docker/designate/designate-mdns/Dockerfile.j2 +++ b/docker/designate/designate-mdns/Dockerfile.j2 @@ -10,4 +10,6 @@ RUN yum install -y openstack-designate-mdns \ {% endif %} {% endif %} +USER designate + {{ include_footer }} diff --git a/docker/designate/designate-poolmanager/Dockerfile.j2 b/docker/designate/designate-poolmanager/Dockerfile.j2 index 35d847211d..25fc8f7e42 100644 --- a/docker/designate/designate-poolmanager/Dockerfile.j2 +++ b/docker/designate/designate-poolmanager/Dockerfile.j2 @@ -13,4 +13,6 @@ RUN yum install -y \ {% endif %} {% endif %} +USER designate + {{ include_footer }} diff --git a/docker/designate/designate-sink/Dockerfile.j2 b/docker/designate/designate-sink/Dockerfile.j2 index 8b863bfbfa..1d059ea6f7 100644 --- a/docker/designate/designate-sink/Dockerfile.j2 +++ b/docker/designate/designate-sink/Dockerfile.j2 @@ -12,4 +12,6 @@ RUN yum install -y \ {% endif %} {% endif %} +USER designate + {{ include_footer }}