a5c1aa0b81
It's impossible to drop root for the HAProxy container. But HAProxy provides a possibility to use a chroot jail. When attaching to the HAProxy container, we see that the root directory is changed: $ sudo docker exec -ti haproxy bash (haproxy)[root@operator /]# ls -di / 259 / Co-Authored-By: Vikram Hosakote <vhosakot@cisco.com> Closes-Bug: #1552289 Change-Id: I9d55e9b741b8560cac53dc8b837a24a3029a4dc0
26 lines
643 B
Django/Jinja
26 lines
643 B
Django/Jinja
FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
|
|
MAINTAINER {{ maintainer }}
|
|
|
|
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
|
|
|
|
RUN yum -y install \
|
|
haproxy \
|
|
&& yum clean all
|
|
|
|
{% elif base_distro in ['debian', 'ubuntu'] %}
|
|
|
|
RUN apt-get install -y --no-install-recommends \
|
|
haproxy \
|
|
&& apt-get clean
|
|
|
|
{% endif %}
|
|
|
|
RUN usermod -a -G kolla haproxy \
|
|
&& mkdir -p /var/lib/kolla/haproxy \
|
|
&& chown -R haproxy: /var/lib /run
|
|
|
|
COPY ensure_latest_config.sh /usr/local/bin/kolla_ensure_haproxy_latest_config
|
|
RUN chmod 755 /usr/local/bin/kolla_ensure_haproxy_latest_config
|
|
|
|
{{ include_footer }}
|