Docker image creation by using component specific user

Change-Id: Ia101571e6c882988fcb42494a34c069258e78396
2019-01-17 13:29:52 -06:00 · 2019-01-17 13:29:52 -06:00 · d94bcdb3c2
parent 8cfcbec0f4
commit d94bcdb3c2
2 changed files with 12 additions and 13 deletions
--- a/21
+++ b/21
@ -41,22 +41,19 @@ RUN pip install --default-timeout=100 -r requirements.txt

 RUN python setup.py install

-# Create user ranger_agent
-RUN useradd -u 1000 -ms /bin/bash ranger_agent
+ARG user
+
+# Create user for ranger-agent
+RUN useradd -u 1000 -ms /bin/false ${user:-ranger_agent}

 # Change permissions
-RUN chown -R ranger_agent: /home/ranger_agent \
-    && chown -R ranger_agent: /etc/ranger-agent \
+RUN chown -R ${user:-ranger_agent}: /home/${user:-ranger_agent} \
+    && chown -R ${user:-ranger_agent}: /etc/ranger-agent \
    && mkdir /var/log/ranger-agent \
-    && chown -R ranger_agent: /var/log/ranger-agent \
-    && cp -fr tools/.ssh  /home/ranger_agent/ \
-    && chown -R ranger_agent: /home/ranger_agent/.ssh \
-    && chmod 700 -R /home/ranger_agent/.ssh \
-    && chmod 644 /home/ranger_agent/.ssh/config \
-    && chmod 600 /home/ranger_agent/.ssh/ranger_agent \
+    && chown -R ${user:-ranger_agent}: /var/log/ranger-agent \
    && cd ~/ \
    && rm -fr /tmp/ranger-agent

 # Set work directory
-USER ranger_agent
-WORKDIR /home/ranger_agent/
+USER ${user:-ranger_agent}
+WORKDIR /home/${user:-ranger_agent}/
--- a/4
+++ b/4
@ -21,6 +21,7 @@ LABEL                      ?= commit-id
 PROXY                      ?= http://proxy.foo.com:8000
 NO_PROXY                   ?= localhost,127.0.0.1,.svc.cluster.local
 USE_PROXY                  ?= false
+USER                       := ranger_agent

 IMAGE := ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}

@ -49,6 +50,7 @@ build_$(IMAGE_NAME):

 ifeq ($(USE_PROXY), true)
 	docker build --network host -t $(IMAGE) --label $(LABEL) -f Dockerfile \
+                --build-arg user=$(USER) \
 		--build-arg http_proxy=$(PROXY) \
 		--build-arg https_proxy=$(PROXY) \
 		--build-arg HTTP_PROXY=$(PROXY) \
@ -56,7 +58,7 @@ ifeq ($(USE_PROXY), true)
 		--build-arg no_proxy=$(NO_PROXY) \
 		--build-arg NO_PROXY=$(NO_PROXY) .
 else
-	docker build --network host -t $(IMAGE) --label $(LABEL) -f Dockerfile .
+	docker build --network host -t $(IMAGE) --label $(LABEL) -f Dockerfile --build-arg user=$(USER) .
 endif

 .PHONY: clean