From d3efbd07dc4d6095089666011dc79ac3bcae8036 Mon Sep 17 00:00:00 2001 From: "Swapnil Kulkarni (coolsvap)" Date: Mon, 23 Nov 2015 08:51:39 +0530 Subject: [PATCH] Drop root for ceilometer Updates to ensure commands run in the ceilometer containers are done as the 'ceilometer' user rather than root. Change-Id: Ic94b876a002d4413f2038c29ffdb275c68323065 Partially-Implements: blueprint drop-root --- docker/ceilometer/ceilometer-alarm/Dockerfile.j2 | 2 ++ docker/ceilometer/ceilometer-api/Dockerfile.j2 | 2 ++ docker/ceilometer/ceilometer-api/extend_start.sh | 2 +- docker/ceilometer/ceilometer-base/Dockerfile.j2 | 2 ++ docker/ceilometer/ceilometer-central/Dockerfile.j2 | 2 ++ docker/ceilometer/ceilometer-collector/Dockerfile.j2 | 2 ++ docker/ceilometer/ceilometer-compute/Dockerfile.j2 | 2 ++ docker/ceilometer/ceilometer-notification/Dockerfile.j2 | 2 ++ 8 files changed, 15 insertions(+), 1 deletion(-) diff --git a/docker/ceilometer/ceilometer-alarm/Dockerfile.j2 b/docker/ceilometer/ceilometer-alarm/Dockerfile.j2 index d708616b60..83b032926c 100644 --- a/docker/ceilometer/ceilometer-alarm/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-alarm/Dockerfile.j2 @@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-alarm \ {% endif %} {{ include_footer }} + +USER ceilometer diff --git a/docker/ceilometer/ceilometer-api/Dockerfile.j2 b/docker/ceilometer/ceilometer-api/Dockerfile.j2 index 40c6dc788f..fabc4ffa6c 100644 --- a/docker/ceilometer/ceilometer-api/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-api/Dockerfile.j2 @@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start RUN chmod 755 /usr/local/bin/kolla_extend_start {{ include_footer }} + +USER ceilometer diff --git a/docker/ceilometer/ceilometer-api/extend_start.sh b/docker/ceilometer/ceilometer-api/extend_start.sh index 5e38e555d1..108ef33ec5 100644 --- a/docker/ceilometer/ceilometer-api/extend_start.sh +++ b/docker/ceilometer/ceilometer-api/extend_start.sh @@ -3,6 +3,6 @@ # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then - sudo -H -u ceilometer ceilometer-manage db_sync + ceilometer-manage db_sync exit 0 fi diff --git a/docker/ceilometer/ceilometer-base/Dockerfile.j2 b/docker/ceilometer/ceilometer-base/Dockerfile.j2 index 3c8929a0a5..964abad973 100644 --- a/docker/ceilometer/ceilometer-base/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-base/Dockerfile.j2 @@ -21,3 +21,5 @@ RUN ln -s ceilometer-base-source/* ceilometer \ && chown -R ceilometer: /etc/ceilometer /var/log/ceilometer /home/ceilometer {% endif %} + +RUN usermod -a -G kolla ceilometer diff --git a/docker/ceilometer/ceilometer-central/Dockerfile.j2 b/docker/ceilometer/ceilometer-central/Dockerfile.j2 index 1ab75cabf4..a7598c7421 100644 --- a/docker/ceilometer/ceilometer-central/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-central/Dockerfile.j2 @@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-central \ {% endif %} {{ include_footer }} + +USER ceilometer diff --git a/docker/ceilometer/ceilometer-collector/Dockerfile.j2 b/docker/ceilometer/ceilometer-collector/Dockerfile.j2 index e8d706da08..ee28fa2504 100644 --- a/docker/ceilometer/ceilometer-collector/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-collector/Dockerfile.j2 @@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-collector \ {% endif %} {{ include_footer }} + +USER ceilometer diff --git a/docker/ceilometer/ceilometer-compute/Dockerfile.j2 b/docker/ceilometer/ceilometer-compute/Dockerfile.j2 index 078817f9dc..f77d93d9d9 100644 --- a/docker/ceilometer/ceilometer-compute/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-compute/Dockerfile.j2 @@ -14,3 +14,5 @@ RUN yum install -y \ {% endif %} {{ include_footer }} + +USER ceilometer diff --git a/docker/ceilometer/ceilometer-notification/Dockerfile.j2 b/docker/ceilometer/ceilometer-notification/Dockerfile.j2 index b3eb95d2e6..d00d5a543e 100644 --- a/docker/ceilometer/ceilometer-notification/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-notification/Dockerfile.j2 @@ -11,3 +11,5 @@ RUN yum install -y openstack-ceilometer-notification \ {% endif %} {{ include_footer }} + +USER ceilometer