openstack/kolla-ansible
Code Issues Proposed changes

Drop root for gnocchi

Browse Source 
Updates to ensure commands run in the gnocchi containers
are done as the 'gnocchi' user rather than root.

Change-Id: I2e24300e05d1b2eeaa52bdc6ed3ec4599791136e
Partially-Implements: blueprint drop-root
This commit is contained in:
Swapnil Kulkarni (coolsvap) 2015-11-23 08:56:22 +05:30
parent 4d69166e57
commit 17f1d9177f
4 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/gnocchi/gnocchi-api/Dockerfile.j2
View File

@ -17,3 +17,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start RUN chmod 755 /usr/local/bin/kolla_extend_start
{{ include_footer }} {{ include_footer }}
USER gnocchi

2
docker/gnocchi/gnocchi-api/extend_start.sh
View File

@ -3,6 +3,6 @@
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty. # of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
sudo -H -u gnocchi gnocchi-manage db_sync gnocchi-manage db_sync
exit 0 exit 0
fi fi

2
docker/gnocchi/gnocchi-base/Dockerfile.j2
View File

@ -23,3 +23,5 @@ RUN ln -s gnocchi-base-source/* gnocchi \
&& chown -R gnocchi: /etc/gnocchi /var/log/gnocchi /home/gnocchi && chown -R gnocchi: /etc/gnocchi /var/log/gnocchi /home/gnocchi
{% endif %} {% endif %}
RUN usermod -a -G kolla gnocchi

2
docker/gnocchi/gnocchi-statsd/Dockerfile.j2
View File

@ -11,3 +11,5 @@ RUN yum install -y openstack-gnocchi-statsd \
{% endif %} {% endif %}
{{ include_footer }} {{ include_footer }}
USER gnocchi