Revert abitrary uid support
This code was already reverted in the zuul images, it doesn't actually provide the value is claims to add and it breaks the running under podman. Revert "Dockerfile: add support for arbritary uid" This reverts commitda2701e0b1
. Revert "Dockerfile: add user to shadow file too" This reverts commit747e957263
. Change-Id: Iff606c65c6a3223f13d963d90455fa895193cce8
This commit is contained in:
parent
9ffe97403d
commit
6da36e8a3e
18
Dockerfile
18
Dockerfile
|
@ -26,32 +26,16 @@ FROM docker.io/opendevorg/python-base as nodepool-base
|
|||
COPY --from=builder /output/ /output
|
||||
RUN /output/install-from-bindep
|
||||
|
||||
### Containers should NOT run as root as a good practice
|
||||
RUN useradd -u 10001 -m -d /var/lib/nodepool -c "Nodepool Daemon" nodepool
|
||||
|
||||
# although this feels odd ... by default has group "shadow", meaning
|
||||
# uid_entrypoint can't update it. This is necessary for things like
|
||||
# sudo to work.
|
||||
RUN chown root:root /etc/shadow
|
||||
|
||||
RUN chmod g=u /etc/passwd /etc/shadow
|
||||
ENV APP_ROOT=/var/lib/nodepool
|
||||
ENV HOME=${APP_ROOT}
|
||||
ENV USER_NAME=nodepool
|
||||
RUN chown 10001:1001 ${APP_ROOT}
|
||||
COPY tools/uid_entrypoint.sh /uid_entrypoint
|
||||
ENTRYPOINT ["/uid_entrypoint"]
|
||||
|
||||
FROM nodepool-base as nodepool
|
||||
# ============================================================================
|
||||
|
||||
USER 10001
|
||||
CMD ["/usr/local/bin/nodepool"]
|
||||
|
||||
FROM nodepool-base as nodepool-launcher
|
||||
# ============================================================================
|
||||
|
||||
USER 10001
|
||||
CMD _DAEMON_FLAG=${DEBUG:+-d} && \
|
||||
_DAEMON_FLAG=${_DAEMON_FLAG:--f} && \
|
||||
/usr/local/bin/nodepool-launcher ${_DAEMON_FLAG}
|
||||
|
@ -62,6 +46,7 @@ FROM nodepool-base as nodepool-builder
|
|||
# dib needs sudo
|
||||
RUN echo "nodepool ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nodepool-sudo \
|
||||
&& chmod 0440 /etc/sudoers.d/nodepool-sudo
|
||||
|
||||
# binary deps; see
|
||||
# https://docs.openstack.org/diskimage-builder/latest/developer/vhd_creation.html
|
||||
# about the vhd-util deps
|
||||
|
@ -87,7 +72,6 @@ RUN \
|
|||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
USER 10001
|
||||
CMD _DAEMON_FLAG=${DEBUG:+-d} && \
|
||||
_DAEMON_FLAG=${_DAEMON_FLAG:--f} && \
|
||||
/usr/local/bin/nodepool-builder ${_DAEMON_FLAG}
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
#!/bin/sh
|
||||
# Copyright 2019 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
if ! whoami 2>&1 >/dev/null; then
|
||||
if [ -w /etc/passwd ]; then
|
||||
echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
|
||||
echo "${USER_NAME:-default}:!:18211:0:99999:7:::" >> /etc/shadow
|
||||
fi
|
||||
fi
|
||||
exec dumb-init "$@"
|
Loading…
Reference in New Issue