openstack
/
kolla
Code Issues Proposed changes

Drop root for murano 

Updates to ensure commands run in the murano containers
are done as the 'murano' user rather than root.

Change-Id: I558c46b032f11b83a9dc6b5abc158aa6d24ec0eb
Partially-Implements: blueprint drop-root
This commit is contained in:
Swapnil Kulkarni (coolsvap) 2015-11-30 11:35:18 +05:30
parent b0159f7ec9
commit 2a491b9896
4 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/murano/murano-api/Dockerfile.j2
View File

@ -5,3 +5,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start
{{ include_footer }}
USER murano

2
docker/murano/murano-api/extend_start.sh
View File

@ -3,6 +3,6 @@
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
sudo -H -u murano murano-db-manage --config-file /etc/murano/murano.conf upgrade
murano-db-manage --config-file /etc/murano/murano.conf upgrade
exit 0
fi

2
docker/murano/murano-base/Dockerfile.j2
View File

@ -12,3 +12,5 @@ RUN ln -s murano-base-source/* murano \
&& chown -R murano: /etc/murano /var/log/murano /home/murano
{% endif %}
RUN usermod -a -G kolla murano

2
docker/murano/murano-engine/Dockerfile.j2
View File

@ -2,3 +2,5 @@ FROM {{ namespace }}/{{ image_prefix }}murano-base:{{ tag }}
MAINTAINER {{ maintainer }}
{{ include_footer }}
USER murano