From 12abeb0a36389d6607f5fe348f0dbfa5af6aa3db Mon Sep 17 00:00:00 2001 From: yixingj Date: Thu, 9 Nov 2017 22:54:27 +0800 Subject: [PATCH] Run notary related images with user notary 1>Change the user from root to notary 2>Update the images. --- make/docker-compose.notary.yml | 4 ---- make/photon/notary/server-start.sh | 3 +++ make/photon/notary/server.Dockerfile | 11 ++++++++--- make/photon/notary/signer-start.sh | 3 +++ make/photon/notary/signer.Dockerfile | 9 +++++++-- 5 files changed, 21 insertions(+), 9 deletions(-) create mode 100644 make/photon/notary/server-start.sh create mode 100644 make/photon/notary/signer-start.sh diff --git a/make/docker-compose.notary.yml b/make/docker-compose.notary.yml index feab28a03..2999680df 100644 --- a/make/docker-compose.notary.yml +++ b/make/docker-compose.notary.yml @@ -16,8 +16,6 @@ services: - harbor-notary volumes: - ./common/config/notary:/config - entrypoint: /usr/bin/env sh - command: -c "/migrations/migrate.sh && notary-server -config=/config/server-config.json -logf=logfmt" depends_on: - notary-db - notary-signer @@ -39,8 +37,6 @@ services: - ./common/config/notary:/config env_file: - ./common/config/notary/signer_env - entrypoint: /usr/bin/env sh - command: -c "/migrations/migrate.sh && notary-signer -config=/config/signer-config.json -logf=logfmt" depends_on: - notary-db logging: diff --git a/make/photon/notary/server-start.sh b/make/photon/notary/server-start.sh new file mode 100644 index 000000000..62083adb4 --- /dev/null +++ b/make/photon/notary/server-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh +chown 10000:10000 -R /config +sudo -E -u \#10000 sh -c "/usr/bin/env /migrations/migrate.sh && /bin/notary-server -config=/config/server-config.json -logf=logfmt" diff --git a/make/photon/notary/server.Dockerfile b/make/photon/notary/server.Dockerfile index 740a3e26f..aa2c633a1 100644 --- a/make/photon/notary/server.Dockerfile +++ b/make/photon/notary/server.Dockerfile @@ -2,10 +2,15 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y \ && tdnf erase vim -y \ - && tdnf clean all + && tdnf install -y shadow sudo \ + && tdnf clean all \ + && groupadd -r -g 10000 notary \ + && useradd --no-log-init -r -g 10000 -u 10000 notary + COPY ./binary/notary-server /bin/notary-server COPY ./migrate /bin/migrate COPY ./migrations/ /migrations/ - +COPY ./server-start.sh /bin/server-start.sh +RUN chmod u+x /bin/notary-server /migrations/migrate.sh /bin/migrate /bin/server-start.sh ENV SERVICE_NAME=notary_server -ENTRYPOINT [ "notary-server" ] +ENTRYPOINT [ "/bin/server-start.sh" ] diff --git a/make/photon/notary/signer-start.sh b/make/photon/notary/signer-start.sh new file mode 100644 index 000000000..c6107dbac --- /dev/null +++ b/make/photon/notary/signer-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh +chown 10000:10000 -R /config +sudo -E -u \#10000 sh -c "/usr/bin/env && /migrations/migrate.sh && /bin/notary-signer -config=/config/signer-config.json -logf=logfmt" diff --git a/make/photon/notary/signer.Dockerfile b/make/photon/notary/signer.Dockerfile index e9c67bc13..b6b3b0b76 100644 --- a/make/photon/notary/signer.Dockerfile +++ b/make/photon/notary/signer.Dockerfile @@ -2,10 +2,15 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y \ && tdnf erase vim -y \ - && tdnf clean all + && tdnf install -y shadow sudo \ + && tdnf clean all \ + && groupadd -r -g 10000 notary \ + && useradd --no-log-init -r -g 10000 -u 10000 notary COPY ./binary/notary-signer /bin/notary-signer COPY ./migrate /bin/migrate COPY ./migrations/ /migrations/ +COPY ./signer-start.sh /bin/signer-start.sh +RUN chmod u+x /bin/notary-signer /migrations/migrate.sh /bin/migrate /bin/signer-start.sh ENV SERVICE_NAME=notary_signer -ENTRYPOINT [ "notary-signer" ] +ENTRYPOINT [ "/bin/signer-start.sh" ]