drop root on memcached

This patch add the USER directive to the memcached container. It also removes the -u from the command line to launch memcached, since it will already be run as that use. Change-Id: I87d782a424df99fe1b5694debafa3c0c4a9aba27 Partially-Implements: blueprint drop-root
2015-11-13 15:55:47 -05:00 · 2015-11-13 15:55:47 -05:00 · 66c15ce55e
commit 66c15ce55e
parent f54c5bee3a
2 changed files with 9 additions and 4 deletions
--- a/ansible/roles/memcached/templates/memcached.json.j2
+++ b/ansible/roles/memcached/templates/memcached.json.j2
@ -1,5 +1,4 @@
-{% set memcache_user = 'memcache' if kolla_base_distro in ['ubuntu', 'debian'] else 'memcached' %}
 {
-    "command": "/usr/bin/memcached -u {{ memcache_user }} -vv -l {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} -p {{ memcached_port }}",
+    "command": "/usr/bin/memcached -vv -l {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} -p {{ memcached_port }}",
    "config_files": []
 }
--- a/docker/memcached/Dockerfile.j2
+++ b/docker/memcached/Dockerfile.j2
@ -3,14 +3,20 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)

 {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}

+{% set user = 'memcached' %}
 RUN yum -y install memcached \
-    && yum clean all
+    && yum clean all \
+    && usermod -a -G kolla {{ user }}

 {% elif base_distro in ['ubuntu', 'debian'] %}

+{% set user = 'memcache' %}
 RUN apt-get install -y --no-install-recommends memcached \
-    && apt-get clean
+    && apt-get clean \
+    && usermod -a -G kolla {{ user }}

 {% endif %}

 {{ include_footer }}
+
+USER {{ user }}