Drop root for heat

Drop root user for heat containers.

Change-Id: Ib07c0193f97bb18cc6154b4015b4056fd983f6c1
Partially-Implements: blueprint drop-root

docker/heat/heat-api-cfn/Dockerfile.j2

@@ -10,4 +10,6 @@ RUN yum -y install openstack-heat-api-cfn \
     {% endif %}
 {% endif %}
 
+USER heat
+
 {{ include_footer }}

docker/heat/heat-api/Dockerfile.j2

@@ -13,4 +13,6 @@ RUN yum -y install openstack-heat-api \
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
+USER heat
+
 {{ include_footer }}

docker/heat/heat-api/extend_start.sh

@@ -3,7 +3,7 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u heat heat-manage db_sync
+    heat-manage db_sync
     openstack domain create heat_user_domain
     openstack user create --domain heat_user_domain heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD}
     openstack role add --domain heat_user_domain --user heat_domain_admin admin

docker/heat/heat-base/Dockerfile.j2

@@ -20,3 +20,5 @@ RUN ln -s heat-base-source/* heat \
     && chown -R heat: /etc/heat /var/log/heat /home/heat
 
 {% endif %}
+
+RUN usermod -a -G kolla heat

docker/heat/heat-engine/Dockerfile.j2

@@ -15,4 +15,6 @@ RUN yum -y install \
     {% endif %}
 {% endif %}
 
+USER heat
+
 {{ include_footer }}