Skip to content

Commit b1ed782

Browse files
HeleneHelene
authored
Merge pull request #370 from Helene/non_root_dockerfile
Restructure Dockerfile
2 parents b3fa573 + d074feb commit b1ed782

File tree

1 file changed

+10
-33
lines changed

1 file changed

+10
-33
lines changed

Dockerfile

Lines changed: 10 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -26,17 +26,10 @@ LABEL com.ibm.summary="It allows the IBM Storage Scale users to perform performa
2626
ENV PYTHONDONTWRITEBYTECODE=1
2727
ENV PYTHONUNBUFFERED=1
2828

29-
ARG USERNAME=bridge
30-
ENV USER=$USERNAME
31-
32-
ARG GROUPNAME=bridge
33-
ENV GROUP=$GROUPNAME
34-
35-
ARG USERID=2001
36-
ENV UID=$USERID
37-
38-
ARG GROUPID=0
39-
ENV GID=$GROUPID
29+
ARG USER=bridge
30+
ARG GROUP=bridge
31+
ARG UID=2001
32+
ARG GID=2099
4033

4134
ARG HTTPPROTOCOL=http
4235
ENV PROTOCOL=$HTTPPROTOCOL
@@ -103,12 +96,12 @@ RUN if [ $(expr "$BASE" : '.*python.*') -eq 0 ]; then \
10396
python3 -m pip install -r /root/requirements_ubi10.txt && \
10497
echo "Installed python version: $(python3 -V)" && \
10598
echo "Installed python packages: $(python3 -m pip list)" && \
106-
yum clean all -y && rm -rf /usr/bin/pip*; else \
99+
yum clean all -y && rm -rf /usr/bin/pip* && rm -rf /usr/lib/python3.12/site-packages/pip*; else \
107100
echo "Already using python container as base image. No need to install it." && \
108101
python3 -m pip install -r /root/requirements.in && \
109102
echo "Installed python packages: $(python3 -m pip list)"; fi
110103

111-
USER root
104+
#USER root
112105

113106
RUN mkdir -p /opt/IBM/bridge /opt/IBM/zimon /var/mmfs/gen && \
114107
mkdir -p /etc/ssl/certs /etc/perfmon-api-keys $CERTPATH $LOGPATH
@@ -129,25 +122,9 @@ RUN echo "$(pwd)"
129122

130123
# Create a container user
131124
RUN if [ "$GID" -gt "0" ]; then groupadd -g $GID $GROUP; else echo "Since root GID specified skipping groupadd"; fi && \
132-
useradd -rm -d /home/$UID -s /bin/bash -g $GID -u $UID $USER
133-
134-
# Change group ownership
135-
RUN chgrp -R $GID /opt/IBM/bridge && \
136-
chgrp -R $GID /opt/IBM/zimon && \
137-
chgrp -R $GID /var/mmfs/gen && \
138-
chgrp -R $GID /etc/ssl/certs && \
139-
chgrp -R $GID /etc/perfmon-api-keys && \
140-
chgrp -R $GID $TLSKEYPATH && \
141-
chgrp -R $GID $LOGPATH
142-
143-
# Set group permissions
144-
RUN chmod -R g=u /opt/IBM/bridge && \
145-
chmod -R g=u /opt/IBM/zimon && \
146-
chmod -R g=u /var/mmfs/gen && \
147-
chmod -R g=u /etc/ssl/certs && \
148-
chmod -R g=u /etc/perfmon-api-keys && \
149-
chmod -R g=u $TLSKEYPATH && \
150-
chmod -R g=u $LOGPATH
125+
if [ "$UID" -gt "0" ]; then useradd -rm -d /home/$UID -s /bin/bash -g $GID -u $UID $USER; else echo "Since root UID specified skipping useradd"; fi
126+
127+
RUN chmod -R a+w $LOGPATH
151128

152129
# Chown all needed files
153130
RUN chown -R $UID:$GID /opt/IBM/bridge && \
@@ -159,7 +136,7 @@ RUN chown -R $UID:$GID /opt/IBM/bridge && \
159136
chown -R $UID:$GID $LOGPATH
160137

161138
# Switch user
162-
USER $GID
139+
USER $UID
163140

164141
CMD ["sh", "-c", "python3 zimonGrafanaIntf.py -c $LOGLEVEL -s $SERVER -r $PROTOCOL -b $BASICAUTH -u $BASICAUTHUSER -a $BASICAUTHPASSW -p $PORT -e $PROMETHEUS -P $SERVERPORT -t $TLSKEYPATH -l $LOGPATH -k $TLSKEYFILE -m $TLSCERTFILE -n $APIKEYNAME -v $APIKEYVALUE -w $RAWCOUNTERS"]
165142

0 commit comments

Comments
 (0)