kolla-ansible/docker/haproxy/Dockerfile.j2
Michal Rostecki a5c1aa0b81 Run HAProxy in a chroot jail
It's impossible to drop root for the HAProxy container.
But HAProxy provides a possibility to use a chroot jail.

When attaching to the HAProxy container, we see that
the root directory is changed:

    $ sudo docker exec -ti haproxy bash
    (haproxy)[root@operator /]# ls -di /
    259 /

Co-Authored-By: Vikram Hosakote <vhosakot@cisco.com>

Closes-Bug: #1552289

Change-Id: I9d55e9b741b8560cac53dc8b837a24a3029a4dc0
2016-05-06 10:23:49 +02:00

26 lines
643 B
Django/Jinja

FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
MAINTAINER {{ maintainer }}
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
RUN yum -y install \
haproxy \
&& yum clean all
{% elif base_distro in ['debian', 'ubuntu'] %}
RUN apt-get install -y --no-install-recommends \
haproxy \
&& apt-get clean
{% endif %}
RUN usermod -a -G kolla haproxy \
&& mkdir -p /var/lib/kolla/haproxy \
&& chown -R haproxy: /var/lib /run
COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config
RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config
{{ include_footer }}