Run notary related images with user notary

1>Change the user from root to notary 2>Update the images.
2024-09-29 13:57:33 +02:00 · 2017-11-09 22:54:27 +08:00 · 2017-11-09 22:54:27 +08:00 · 12abeb0a36
commit 12abeb0a36
parent 91ae1255e8
5 changed files with 21 additions and 9 deletions
--- a/make/docker-compose.notary.yml
+++ b/make/docker-compose.notary.yml
@ -16,8 +16,6 @@ services:
      - harbor-notary
    volumes:
      - ./common/config/notary:/config
-    entrypoint: /usr/bin/env sh
-    command: -c "/migrations/migrate.sh && notary-server -config=/config/server-config.json -logf=logfmt"
    depends_on:
      - notary-db
      - notary-signer
@ -39,8 +37,6 @@ services:
      - ./common/config/notary:/config
    env_file:
      - ./common/config/notary/signer_env
-    entrypoint: /usr/bin/env sh
-    command: -c "/migrations/migrate.sh && notary-signer -config=/config/signer-config.json -logf=logfmt"
    depends_on:
      - notary-db
    logging:
--- a/make/photon/notary/server-start.sh
+++ b/make/photon/notary/server-start.sh
@ -0,0 +1,3 @@
+#!/bin/sh
+chown 10000:10000 -R /config
+sudo -E -u \#10000 sh -c "/usr/bin/env /migrations/migrate.sh && /bin/notary-server -config=/config/server-config.json -logf=logfmt"
--- a/make/photon/notary/server.Dockerfile
+++ b/make/photon/notary/server.Dockerfile
@ -2,10 +2,15 @@ FROM vmware/photon:1.0

 RUN tdnf distro-sync -y \
    && tdnf erase vim -y \
-    && tdnf clean all
+    && tdnf install -y shadow sudo \
+    && tdnf clean all \
+    && groupadd -r -g 10000 notary \
+    && useradd --no-log-init -r -g 10000 -u 10000 notary
+
 COPY ./binary/notary-server /bin/notary-server
 COPY ./migrate /bin/migrate
 COPY ./migrations/ /migrations/
-
+COPY ./server-start.sh /bin/server-start.sh
+RUN chmod u+x /bin/notary-server /migrations/migrate.sh /bin/migrate /bin/server-start.sh
 ENV SERVICE_NAME=notary_server
-ENTRYPOINT [ "notary-server" ]
+ENTRYPOINT [ "/bin/server-start.sh" ]
--- a/make/photon/notary/signer-start.sh
+++ b/make/photon/notary/signer-start.sh
@ -0,0 +1,3 @@
+#!/bin/sh
+chown 10000:10000 -R /config
+sudo -E -u \#10000 sh -c "/usr/bin/env && /migrations/migrate.sh && /bin/notary-signer -config=/config/signer-config.json -logf=logfmt"
--- a/make/photon/notary/signer.Dockerfile
+++ b/make/photon/notary/signer.Dockerfile
@ -2,10 +2,15 @@ FROM vmware/photon:1.0

 RUN tdnf distro-sync -y \
    && tdnf erase vim -y \
-    && tdnf clean all
+    && tdnf install -y shadow sudo \
+    && tdnf clean all \
+    && groupadd -r -g 10000 notary \
+    && useradd --no-log-init -r -g 10000 -u 10000 notary
 COPY ./binary/notary-signer /bin/notary-signer
 COPY ./migrate /bin/migrate
 COPY ./migrations/ /migrations/
+COPY ./signer-start.sh /bin/signer-start.sh

+RUN chmod u+x /bin/notary-signer /migrations/migrate.sh /bin/migrate /bin/signer-start.sh
 ENV SERVICE_NAME=notary_signer
-ENTRYPOINT [ "notary-signer" ]
+ENTRYPOINT [ "/bin/signer-start.sh" ]