From ea9d5cd067d379344122d98615df39ef9b4d266d Mon Sep 17 00:00:00 2001
From: Sam Yaple <sam@yaple.net>
Date: Thu, 12 Nov 2015 14:34:09 +0000
Subject: [PATCH] Move USER operation after footer

The USER operation affects all docker commands after it. This causes a
problem with our {{ include_footer }} implementation since commands in
that footer may require elevated permissions to perform.

In the current implementation I can no longer remove my proxy settings
once the USER has been changed.

Change-Id: I9b2bab5a15f595f6d52a46c64ddf59ba5608b938
Partially-Implements: blueprint drop-root
---
 docker/designate/designate-api/Dockerfile.j2           | 4 ++--
 docker/designate/designate-backend-bind9/Dockerfile.j2 | 4 ++--
 docker/designate/designate-central/Dockerfile.j2       | 4 ++--
 docker/designate/designate-mdns/Dockerfile.j2          | 4 ++--
 docker/designate/designate-poolmanager/Dockerfile.j2   | 4 ++--
 docker/designate/designate-sink/Dockerfile.j2          | 4 ++--
 docker/glance/glance-api/Dockerfile.j2                 | 4 ++--
 docker/glance/glance-registry/Dockerfile.j2            | 4 ++--
 docker/heat/heat-api-cfn/Dockerfile.j2                 | 4 ++--
 docker/heat/heat-api/Dockerfile.j2                     | 4 ++--
 docker/heat/heat-engine/Dockerfile.j2                  | 4 ++--
 docker/horizon/Dockerfile.j2                           | 4 ++--
 docker/kolla-ansible/Dockerfile.j2                     | 4 ++--
 docker/mariadb/Dockerfile.j2                           | 3 +--
 14 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/docker/designate/designate-api/Dockerfile.j2 b/docker/designate/designate-api/Dockerfile.j2
index 4bb3b83194..c162d41dda 100644
--- a/docker/designate/designate-api/Dockerfile.j2
+++ b/docker/designate/designate-api/Dockerfile.j2
@@ -14,6 +14,6 @@ RUN yum install -y \
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
-USER designate
-
 {{ include_footer }}
+
+USER designate
diff --git a/docker/designate/designate-backend-bind9/Dockerfile.j2 b/docker/designate/designate-backend-bind9/Dockerfile.j2
index b7c7344420..422d7780ca 100644
--- a/docker/designate/designate-backend-bind9/Dockerfile.j2
+++ b/docker/designate/designate-backend-bind9/Dockerfile.j2
@@ -12,6 +12,6 @@ RUN yum install -y bind \
     {% endif %}
 {% endif %}
 
-USER designate
-
 {{ include_footer }}
+
+USER designate
diff --git a/docker/designate/designate-central/Dockerfile.j2 b/docker/designate/designate-central/Dockerfile.j2
index 8a9526dc0d..d1807692bc 100644
--- a/docker/designate/designate-central/Dockerfile.j2
+++ b/docker/designate/designate-central/Dockerfile.j2
@@ -10,6 +10,6 @@ RUN yum install -y openstack-designate-central \
     {% endif %}
 {% endif %}
 
-USER designate
-
 {{ include_footer }}
+
+USER designate
diff --git a/docker/designate/designate-mdns/Dockerfile.j2 b/docker/designate/designate-mdns/Dockerfile.j2
index be9341e12a..39bd60bd5a 100644
--- a/docker/designate/designate-mdns/Dockerfile.j2
+++ b/docker/designate/designate-mdns/Dockerfile.j2
@@ -10,6 +10,6 @@ RUN yum install -y openstack-designate-mdns \
     {% endif %}
 {% endif %}
 
-USER designate
-
 {{ include_footer }}
+
+USER designate
diff --git a/docker/designate/designate-poolmanager/Dockerfile.j2 b/docker/designate/designate-poolmanager/Dockerfile.j2
index 25fc8f7e42..6fbc526069 100644
--- a/docker/designate/designate-poolmanager/Dockerfile.j2
+++ b/docker/designate/designate-poolmanager/Dockerfile.j2
@@ -13,6 +13,6 @@ RUN yum install -y \
     {% endif %}
 {% endif %}
 
-USER designate
-
 {{ include_footer }}
+
+USER designate
diff --git a/docker/designate/designate-sink/Dockerfile.j2 b/docker/designate/designate-sink/Dockerfile.j2
index 1d059ea6f7..be6566177a 100644
--- a/docker/designate/designate-sink/Dockerfile.j2
+++ b/docker/designate/designate-sink/Dockerfile.j2
@@ -12,6 +12,6 @@ RUN yum install -y \
     {% endif %}
 {% endif %}
 
-USER designate
-
 {{ include_footer }}
+
+USER designate
diff --git a/docker/glance/glance-api/Dockerfile.j2 b/docker/glance/glance-api/Dockerfile.j2
index bde6d4bed9..f60a43c3b3 100644
--- a/docker/glance/glance-api/Dockerfile.j2
+++ b/docker/glance/glance-api/Dockerfile.j2
@@ -4,6 +4,6 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
-USER glance
-
 {{ include_footer }}
+
+USER glance
diff --git a/docker/glance/glance-registry/Dockerfile.j2 b/docker/glance/glance-registry/Dockerfile.j2
index c3bdef8d80..5c02dadabb 100644
--- a/docker/glance/glance-registry/Dockerfile.j2
+++ b/docker/glance/glance-registry/Dockerfile.j2
@@ -1,6 +1,6 @@
 FROM {{ namespace }}/{{ image_prefix }}glance-base:{{ tag }}
 MAINTAINER Kolla Project (https://launchpad.net/kolla)
 
-USER glance
-
 {{ include_footer }}
+
+USER glance
diff --git a/docker/heat/heat-api-cfn/Dockerfile.j2 b/docker/heat/heat-api-cfn/Dockerfile.j2
index 658b6aa283..1489e8f2ea 100644
--- a/docker/heat/heat-api-cfn/Dockerfile.j2
+++ b/docker/heat/heat-api-cfn/Dockerfile.j2
@@ -10,6 +10,6 @@ RUN yum -y install openstack-heat-api-cfn \
     {% endif %}
 {% endif %}
 
-USER heat
-
 {{ include_footer }}
+
+USER heat
diff --git a/docker/heat/heat-api/Dockerfile.j2 b/docker/heat/heat-api/Dockerfile.j2
index 026d8fc597..080947faad 100644
--- a/docker/heat/heat-api/Dockerfile.j2
+++ b/docker/heat/heat-api/Dockerfile.j2
@@ -13,6 +13,6 @@ RUN yum -y install openstack-heat-api \
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
-USER heat
-
 {{ include_footer }}
+
+USER heat
diff --git a/docker/heat/heat-engine/Dockerfile.j2 b/docker/heat/heat-engine/Dockerfile.j2
index 7dcf0735ca..841dfda6ca 100644
--- a/docker/heat/heat-engine/Dockerfile.j2
+++ b/docker/heat/heat-engine/Dockerfile.j2
@@ -15,6 +15,6 @@ RUN yum -y install \
     {% endif %}
 {% endif %}
 
-USER heat
-
 {{ include_footer }}
+
+USER heat
diff --git a/docker/horizon/Dockerfile.j2 b/docker/horizon/Dockerfile.j2
index c083fa1072..d08da69142 100644
--- a/docker/horizon/Dockerfile.j2
+++ b/docker/horizon/Dockerfile.j2
@@ -75,6 +75,6 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start \
      && usermod -a -G kolla horizon
 
-USER horizon
-
 {{ include_footer }}
+
+USER horizon
diff --git a/docker/kolla-ansible/Dockerfile.j2 b/docker/kolla-ansible/Dockerfile.j2
index 2466234d61..bf46b8e919 100644
--- a/docker/kolla-ansible/Dockerfile.j2
+++ b/docker/kolla-ansible/Dockerfile.j2
@@ -31,6 +31,6 @@ RUN mkdir -p /etc/ansible /usr/share/ansible /home/ansible \
 COPY kolla_keystone_service.py kolla_keystone_user.py /usr/share/ansible/
 COPY ansible.cfg /home/ansible/.ansible.cfg
 
-USER ansible
-
 {{ include_footer }}
+
+USER ansible
diff --git a/docker/mariadb/Dockerfile.j2 b/docker/mariadb/Dockerfile.j2
index d365048943..05a9710a7c 100644
--- a/docker/mariadb/Dockerfile.j2
+++ b/docker/mariadb/Dockerfile.j2
@@ -37,7 +37,6 @@ RUN chmod 755 /usr/local/bin/kolla_extend_start \
     && chmod 440 /etc/sudoers.d/mariadb_sudoers \
     && usermod -a -G kolla mysql
 
+{{ include_footer }}
 
 USER mysql
-
-{{ include_footer }}