Revert abitrary uid support

This code was already reverted in the zuul images, it doesn't actually provide the value is claims to add and it breaks the running under podman. Revert "Dockerfile: add support for arbritary uid" This reverts commit da2701e0b1. Revert "Dockerfile: add user to shadow file too" This reverts commit 747e957263. Change-Id: Iff606c65c6a3223f13d963d90455fa895193cce8
2020-03-13 15:05:57 -05:00 · 2020-03-13 15:05:57 -05:00 · 6da36e8a3e
parent 9ffe97403d
commit 6da36e8a3e
2 changed files with 1 additions and 40 deletions
--- a/18
+++ b/18
@ -26,32 +26,16 @@ FROM docker.io/opendevorg/python-base as nodepool-base
 COPY --from=builder /output/ /output
 RUN /output/install-from-bindep

-### Containers should NOT run as root as a good practice
 RUN useradd -u 10001 -m -d /var/lib/nodepool -c "Nodepool Daemon" nodepool

-# although this feels odd ... by default has group "shadow", meaning
-# uid_entrypoint can't update it.  This is necessary for things like
-# sudo to work.
-RUN chown root:root /etc/shadow
-
-RUN chmod g=u /etc/passwd /etc/shadow
-ENV APP_ROOT=/var/lib/nodepool
-ENV HOME=${APP_ROOT}
-ENV USER_NAME=nodepool
-RUN chown 10001:1001 ${APP_ROOT}
-COPY tools/uid_entrypoint.sh /uid_entrypoint
-ENTRYPOINT ["/uid_entrypoint"]
-
 FROM nodepool-base as nodepool
 # ============================================================================

-USER 10001
 CMD ["/usr/local/bin/nodepool"]

 FROM nodepool-base as nodepool-launcher
 # ============================================================================

-USER 10001
 CMD _DAEMON_FLAG=${DEBUG:+-d} && \
    _DAEMON_FLAG=${_DAEMON_FLAG:--f} && \
    /usr/local/bin/nodepool-launcher ${_DAEMON_FLAG}
@ -62,6 +46,7 @@ FROM nodepool-base as nodepool-builder
 # dib needs sudo
 RUN echo "nodepool ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nodepool-sudo \
  && chmod 0440 /etc/sudoers.d/nodepool-sudo
+
 # binary deps; see
 #  https://docs.openstack.org/diskimage-builder/latest/developer/vhd_creation.html
 # about the vhd-util deps
@ -87,7 +72,6 @@ RUN \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*

-USER 10001
 CMD _DAEMON_FLAG=${DEBUG:+-d} && \
    _DAEMON_FLAG=${_DAEMON_FLAG:--f} && \
    /usr/local/bin/nodepool-builder ${_DAEMON_FLAG}
--- a/tools/uid_entrypoint.sh
+++ b/tools/uid_entrypoint.sh
@ -1,23 +0,0 @@
-#!/bin/sh
-# Copyright 2019 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-if ! whoami 2>&1 >/dev/null; then
-  if [ -w /etc/passwd ]; then
-     echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd
-     echo "${USER_NAME:-default}:!:18211:0:99999:7:::" >> /etc/shadow
-  fi
-fi
-exec dumb-init "$@"