Drop root for ironic

Updates to ensure commands run in the ironic containers
are done as the 'ironic' user rather than root.

Change-Id: I491041ce02fb5dd3eb60c6ae9169f26d8a8919dd
Partially-Implements: blueprint drop-root

docker/ironic/ironic-api/Dockerfile.j2

@@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER ironic

docker/ironic/ironic-api/extend_start.sh

@@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u ironic ironic-dbsync upgrade
+    ironic-dbsync upgrade
     exit 0
 fi

docker/ironic/ironic-base/Dockerfile.j2

@@ -26,3 +26,5 @@ RUN ln -s ironic-base-source/* ironic \
     && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic
 
 {% endif %}
+
+RUN usermod -a -G kolla ironic

docker/ironic/ironic-conductor/Dockerfile.j2

@@ -11,3 +11,5 @@ RUN yum -y install openstack-ironic-conductor \
 {% endif %}
 
 {{ include_footer }}
+
+USER ironic

docker/ironic/ironic-discoverd/Dockerfile.j2

@@ -14,3 +14,5 @@ RUN pip install ironic-discoverd
 {% endif %}
 
 {{ include_footer }}
+
+USER ironic

docker/ironic/ironic-pxe/Dockerfile.j2

@@ -25,3 +25,5 @@ RUN apt-get install -y --no-install-recommends \
 COPY tftp-map-file /tftpboot/map-file
 
 {{ include_footer }}
+
+USER ironic