From 17f1d9177f4434a081c67cbd914b791744a874ad Mon Sep 17 00:00:00 2001
From: "Swapnil Kulkarni (coolsvap)" <me@coolsvap.net>
Date: Mon, 23 Nov 2015 08:56:22 +0530
Subject: [PATCH] Drop root for gnocchi

Updates to ensure commands run in the gnocchi containers
are done as the 'gnocchi' user rather than root.

Change-Id: I2e24300e05d1b2eeaa52bdc6ed3ec4599791136e
Partially-Implements: blueprint drop-root
---
 docker/gnocchi/gnocchi-api/Dockerfile.j2    | 2 ++
 docker/gnocchi/gnocchi-api/extend_start.sh  | 2 +-
 docker/gnocchi/gnocchi-base/Dockerfile.j2   | 2 ++
 docker/gnocchi/gnocchi-statsd/Dockerfile.j2 | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/docker/gnocchi/gnocchi-api/Dockerfile.j2 b/docker/gnocchi/gnocchi-api/Dockerfile.j2
index 00c0797260..2c8faf43b2 100644
--- a/docker/gnocchi/gnocchi-api/Dockerfile.j2
+++ b/docker/gnocchi/gnocchi-api/Dockerfile.j2
@@ -17,3 +17,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER gnocchi
diff --git a/docker/gnocchi/gnocchi-api/extend_start.sh b/docker/gnocchi/gnocchi-api/extend_start.sh
index 344c3063f2..aeb3d07d03 100644
--- a/docker/gnocchi/gnocchi-api/extend_start.sh
+++ b/docker/gnocchi/gnocchi-api/extend_start.sh
@@ -3,6 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u gnocchi gnocchi-manage db_sync
+    gnocchi-manage db_sync
     exit 0
 fi
diff --git a/docker/gnocchi/gnocchi-base/Dockerfile.j2 b/docker/gnocchi/gnocchi-base/Dockerfile.j2
index 86384114ed..457c02621b 100644
--- a/docker/gnocchi/gnocchi-base/Dockerfile.j2
+++ b/docker/gnocchi/gnocchi-base/Dockerfile.j2
@@ -23,3 +23,5 @@ RUN ln -s gnocchi-base-source/* gnocchi \
     && chown -R gnocchi: /etc/gnocchi /var/log/gnocchi /home/gnocchi
 
 {% endif %}
+
+RUN usermod -a -G kolla gnocchi
diff --git a/docker/gnocchi/gnocchi-statsd/Dockerfile.j2 b/docker/gnocchi/gnocchi-statsd/Dockerfile.j2
index f569e165bb..063fabd112 100644
--- a/docker/gnocchi/gnocchi-statsd/Dockerfile.j2
+++ b/docker/gnocchi/gnocchi-statsd/Dockerfile.j2
@@ -11,3 +11,5 @@ RUN yum install -y openstack-gnocchi-statsd \
 {% endif %}
 
 {{ include_footer }}
+
+USER gnocchi