openstack/kolla-ansible
Code Issues Proposed changes

Drop root for nova

Browse Source 
Updates to ensure commands run in the nova containers
are done as the 'nova' user rather than root.

Change-Id: I0dd0276c2848ad77d92d350dfa0f20161329ed55
Partially-Implements: blueprint drop-root
This commit is contained in:
Swapnil Kulkarni (coolsvap) 2015-11-30 11:28:58 +05:30
parent 917b4df01e
commit 3ef57a9ed6
11 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/nova/nova-api/Dockerfile.j2
View File

@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start
{{ include_footer }}
USER nova

2
docker/nova/nova-api/extend_start.sh
View File

@ -3,6 +3,6 @@
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
sudo -H -u nova nova-manage db sync
nova-manage db sync
exit 0
fi

2
docker/nova/nova-base/Dockerfile.j2
View File

@ -42,3 +42,5 @@ RUN ln -s nova-base-source/* nova \
&& chown -R nova: /etc/nova /var/log/nova /home/nova
{% endif %}
RUN usermod -a -G kolla nova

2
docker/nova/nova-compute/Dockerfile.j2
View File

@ -39,3 +39,5 @@ RUN /var/lib/kolla/venv/bin/pip install --no-cache-dir libvirt-python
{% endif %}
{{ include_footer }}
USER nova

2
docker/nova/nova-conductor/Dockerfile.j2
View File

@ -11,3 +11,5 @@ RUN yum -y install openstack-nova-conductor \
{% endif %}
{{ include_footer }}
USER nova

2
docker/nova/nova-consoleauth/Dockerfile.j2
View File

@ -11,3 +11,5 @@ RUN yum -y install openstack-nova-console \
{% endif %}
{{ include_footer }}
USER nova

2
docker/nova/nova-libvirt/Dockerfile.j2
View File

@ -33,3 +33,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start
{{ include_footer }}
USER nova

2
docker/nova/nova-network/Dockerfile.j2
View File

@ -21,3 +21,5 @@ RUN yum -y install initscripts \
{% endif %}
{{ include_footer }}
USER nova

2
docker/nova/nova-novncproxy/Dockerfile.j2
View File

@ -18,3 +18,5 @@ RUN cd /usr/share && ln -s nova-novncproxy-source/* novnc
{% endif %}
{{ include_footer }}
USER nova

2
docker/nova/nova-scheduler/Dockerfile.j2
View File

@ -11,3 +11,5 @@ RUN yum -y install openstack-nova-scheduler \
{% endif %}
{{ include_footer }}
USER nova

2
docker/nova/nova-spicehtml5proxy/Dockerfile.j2
View File

@ -16,3 +16,5 @@ RUN cd /usr/share && ln -s nova-spicehtml5proxy-source/* spice-html5
{% endif %}
{{ include_footer }}
USER nova