Drop root for ceilometer

Updates to ensure commands run in the ceilometer containers are done as the 'ceilometer' user rather than root. Change-Id: Ic94b876a002d4413f2038c29ffdb275c68323065 Partially-Implements: blueprint drop-root
2015-11-23 08:51:39 +05:30 · 2015-11-23 08:51:39 +05:30 · d3efbd07dc
commit d3efbd07dc
parent d14666a51d
8 changed files with 15 additions and 1 deletions
--- a/docker/ceilometer/ceilometer-alarm/Dockerfile.j2
+++ b/docker/ceilometer/ceilometer-alarm/Dockerfile.j2
@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-alarm \
 {% endif %}

 {{ include_footer }}
+
+USER ceilometer
--- a/docker/ceilometer/ceilometer-api/Dockerfile.j2
+++ b/docker/ceilometer/ceilometer-api/Dockerfile.j2
@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start

 {{ include_footer }}
+
+USER ceilometer
--- a/docker/ceilometer/ceilometer-api/extend_start.sh
+++ b/docker/ceilometer/ceilometer-api/extend_start.sh
@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u ceilometer ceilometer-manage db_sync
+    ceilometer-manage db_sync
    exit 0
 fi
--- a/docker/ceilometer/ceilometer-base/Dockerfile.j2
+++ b/docker/ceilometer/ceilometer-base/Dockerfile.j2
@ -21,3 +21,5 @@ RUN ln -s ceilometer-base-source/* ceilometer \
    && chown -R ceilometer: /etc/ceilometer /var/log/ceilometer /home/ceilometer

 {% endif %}
+
+RUN usermod -a -G kolla ceilometer
--- a/docker/ceilometer/ceilometer-central/Dockerfile.j2
+++ b/docker/ceilometer/ceilometer-central/Dockerfile.j2
@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-central \
 {% endif %}

 {{ include_footer }}
+
+USER ceilometer
--- a/docker/ceilometer/ceilometer-collector/Dockerfile.j2
+++ b/docker/ceilometer/ceilometer-collector/Dockerfile.j2
@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-collector \
 {% endif %}

 {{ include_footer }}
+
+USER ceilometer
--- a/docker/ceilometer/ceilometer-compute/Dockerfile.j2
+++ b/docker/ceilometer/ceilometer-compute/Dockerfile.j2
@ -14,3 +14,5 @@ RUN yum install -y \
 {% endif %}

 {{ include_footer }}
+
+USER ceilometer
--- a/docker/ceilometer/ceilometer-notification/Dockerfile.j2
+++ b/docker/ceilometer/ceilometer-notification/Dockerfile.j2
@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-notification \
 {% endif %}

 {{ include_footer }}
+
+USER ceilometer