From a8661deac6cdc566f5e3174af2d52a464e8c4ee0 Mon Sep 17 00:00:00 2001
From: "Swapnil Kulkarni (coolsvap)" <me@coolsvap.net>
Date: Mon, 30 Nov 2015 10:30:37 +0530
Subject: [PATCH] Drop root for cinder

Updates to ensure commands run in the cinder containers
are done as the 'cinder' user rather than root.

Change-Id: Ibbe04e3a92195dfb957fa56f762c60a80dbe30ca
Partially-Implements: blueprint drop-root
---
 docker/cinder/cinder-api/Dockerfile.j2       | 2 ++
 docker/cinder/cinder-api/extend_start.sh     | 2 +-
 docker/cinder/cinder-backup/Dockerfile.j2    | 2 ++
 docker/cinder/cinder-base/Dockerfile.j2      | 2 ++
 docker/cinder/cinder-scheduler/Dockerfile.j2 | 2 ++
 docker/cinder/cinder-volume/Dockerfile.j2    | 2 ++
 6 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docker/cinder/cinder-api/Dockerfile.j2 b/docker/cinder/cinder-api/Dockerfile.j2
index f6092aa9f0..e0769302c0 100644
--- a/docker/cinder/cinder-api/Dockerfile.j2
+++ b/docker/cinder/cinder-api/Dockerfile.j2
@@ -14,3 +14,5 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}
+
+USER cinder
diff --git a/docker/cinder/cinder-api/extend_start.sh b/docker/cinder/cinder-api/extend_start.sh
index e9a38ac0f5..176515189d 100644
--- a/docker/cinder/cinder-api/extend_start.sh
+++ b/docker/cinder/cinder-api/extend_start.sh
@@ -4,6 +4,6 @@ set -o errexit
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo -H -u cinder cinder-manage db sync
+    cinder-manage db sync
     exit 0
 fi
diff --git a/docker/cinder/cinder-backup/Dockerfile.j2 b/docker/cinder/cinder-backup/Dockerfile.j2
index f0541f59b3..0549823593 100644
--- a/docker/cinder/cinder-backup/Dockerfile.j2
+++ b/docker/cinder/cinder-backup/Dockerfile.j2
@@ -2,3 +2,5 @@ FROM {{ namespace }}/{{ image_prefix }}cinder-base:{{ tag }}
 MAINTAINER {{ maintainer }}
 
 {{ include_footer }}
+
+USER cinder
diff --git a/docker/cinder/cinder-base/Dockerfile.j2 b/docker/cinder/cinder-base/Dockerfile.j2
index 9adae372a0..fce75009a1 100644
--- a/docker/cinder/cinder-base/Dockerfile.j2
+++ b/docker/cinder/cinder-base/Dockerfile.j2
@@ -37,3 +37,5 @@ RUN ln -s cinder-base-source/* cinder \
     && chown -R cinder: /etc/cinder /var/log/cinder /home/cinder
 
 {% endif %}
+
+RUN usermod -a -G kolla cinder
diff --git a/docker/cinder/cinder-scheduler/Dockerfile.j2 b/docker/cinder/cinder-scheduler/Dockerfile.j2
index f0541f59b3..0549823593 100644
--- a/docker/cinder/cinder-scheduler/Dockerfile.j2
+++ b/docker/cinder/cinder-scheduler/Dockerfile.j2
@@ -2,3 +2,5 @@ FROM {{ namespace }}/{{ image_prefix }}cinder-base:{{ tag }}
 MAINTAINER {{ maintainer }}
 
 {{ include_footer }}
+
+USER cinder
diff --git a/docker/cinder/cinder-volume/Dockerfile.j2 b/docker/cinder/cinder-volume/Dockerfile.j2
index c922e73f20..e3aef3fc27 100644
--- a/docker/cinder/cinder-volume/Dockerfile.j2
+++ b/docker/cinder/cinder-volume/Dockerfile.j2
@@ -13,3 +13,5 @@ RUN yum install -y \
 {% endif %}
 
 {{ include_footer }}
+
+USER cinder