From 66c15ce55eae078ae43628e91e4b3bfd516317a5 Mon Sep 17 00:00:00 2001 From: Britt Houser Date: Fri, 13 Nov 2015 15:55:47 -0500 Subject: [PATCH] drop root on memcached This patch add the USER directive to the memcached container. It also removes the -u from the command line to launch memcached, since it will already be run as that use. Change-Id: I87d782a424df99fe1b5694debafa3c0c4a9aba27 Partially-Implements: blueprint drop-root --- ansible/roles/memcached/templates/memcached.json.j2 | 3 +-- docker/memcached/Dockerfile.j2 | 10 ++++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ansible/roles/memcached/templates/memcached.json.j2 b/ansible/roles/memcached/templates/memcached.json.j2 index a32e899e29..06bc2b4e7b 100644 --- a/ansible/roles/memcached/templates/memcached.json.j2 +++ b/ansible/roles/memcached/templates/memcached.json.j2 @@ -1,5 +1,4 @@ -{% set memcache_user = 'memcache' if kolla_base_distro in ['ubuntu', 'debian'] else 'memcached' %} { - "command": "/usr/bin/memcached -u {{ memcache_user }} -vv -l {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} -p {{ memcached_port }}", + "command": "/usr/bin/memcached -vv -l {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} -p {{ memcached_port }}", "config_files": [] } diff --git a/docker/memcached/Dockerfile.j2 b/docker/memcached/Dockerfile.j2 index d8e023aaf6..db75d880a0 100644 --- a/docker/memcached/Dockerfile.j2 +++ b/docker/memcached/Dockerfile.j2 @@ -3,14 +3,20 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla) {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} +{% set user = 'memcached' %} RUN yum -y install memcached \ - && yum clean all + && yum clean all \ + && usermod -a -G kolla {{ user }} {% elif base_distro in ['ubuntu', 'debian'] %} +{% set user = 'memcache' %} RUN apt-get install -y --no-install-recommends memcached \ - && apt-get clean + && apt-get clean \ + && usermod -a -G kolla {{ user }} {% endif %} {{ include_footer }} + +USER {{ user }}