kolla-ansible/docker/rabbitmq/Dockerfile.j2
Ryan Hallisey 22def41d37 Drop root privileges for rabbitmq
Drop root privileges for rabbitmq.  Only the rabbitmq user
will be able to execute chown of /var/lib/rabbitmq.

Change-Id: I546e6b475a8462bfbc75972854e1fee64f96d9cb
Partially-Implements: blueprint drop-root
2015-11-12 11:38:17 -05:00

39 lines
1.6 KiB
Django/Jinja

FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
MAINTAINER Kolla Project (https://launchpad.net/kolla)
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
RUN yum -y install \
hostname \
https://github.com/rabbitmq/rabbitmq-server/releases/download/rabbitmq_v3_5_5/rabbitmq-server-3.5.5-3.noarch.rpm \
&& yum clean all \
&& rm -rf /var/lib/rabbitmq/* \
&& curl -o /usr/lib/rabbitmq/lib/rabbitmq_server-3.5.5/plugins/rabbitmq_clusterer-3.5.x-189b3a81.ez http://www.rabbitmq.com/community-plugins/v3.5.x/rabbitmq_clusterer-3.5.x-189b3a81.ez
{% elif base_distro in ['ubuntu', 'debian'] %}
RUN apt-get install -y --no-install-recommends rabbitmq-server \
&& apt-get clean \
&& rm -rf /var/lib/rabbitmq/* \
&& curl -o /usr/lib/rabbitmq/lib/rabbitmq_server-3.5.4/plugins/rabbitmq_clusterer-3.5.x-189b3a81.ez http://www.rabbitmq.com/community-plugins/v3.5.x/rabbitmq_clusterer-3.5.x-189b3a81.ez
{% endif %}
# NOTE(sdake): the /bin/true unblocks the rabbitmq-plugins tool. Not sure how
# or why. My suspicion is it sends a signal to the parent
# process.
RUN /usr/lib/rabbitmq/bin/rabbitmq-plugins enable --offline \
rabbitmq_management \
rabbitmq_clusterer \
&& /bin/true
COPY extend_start.sh /usr/local/bin/kolla_extend_start
COPY rabbitmq_sudoers /etc/sudoers.d/rabbitmq_sudoers
RUN chmod 755 /usr/local/bin/kolla_extend_start \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/rabbitmq_sudoers \
&& usermod -a -G kolla rabbitmq
{{ include_footer }}
USER rabbitmq