-
Story
-
Resolution: Done
-
Highest
-
None
-
None
Support migration of DCAE components (both platform and services) currently running as root to non-root.
DCAE also is dependent on 3rd party s/w (cloudify) which requires currently to be run as root.
Platform - PolicyHandler, CBS, Inventory, SCH
Services - VESCollector, TCA, RESTConf, PRH, HV-VES
PH - reference - https://git.onap.org/dcaegen2/platform/policy-handler/tree/Dockerfile
SEC-COM recommendation (from https://wiki.onap.org/display/DW/Best+Practices)
USER
Do not run containers as root. Use USER to change to an non-root user.
Create the user and group as in this example:
RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres .
Avoid installing or using sudo. If you need to, use "gosu" instead.
To minimize the number of layers, avoid switching USER back and forth frequently.
- relates to
-
DCAEGEN2-2170 Switch DCAE MOD components to non-root user
-
- Closed
-
-
DCAEGEN2-2171 DL containers running as root
-
- Closed
-
-
-
- Open
-
-
-
- Closed
-
1.
|
CBS container update to run as non-root |
|
Closed | tommycarpenter |
2.
|
InventoryAPI container update to run as non-root |
|
Closed | researchmike |
3.
|
SCH update to run as non-root |
|
Closed | researchmike |
4.
|
Dashboard update to run as non-root |
|
Closed | vv770d |
5.
|
HV-VES container support for non-root |
|
Closed | jaszczur |
6.
|
PRH container support for non-root |
|
Closed | pwielebs |
7.
|
TCA container support for non-root |
|
Closed | vv770d |
8.
|
VES container support for non-root |
|
Closed | vv770d |
9.
|
RESTConf container support for non-root |
|
Closed | s00370346 |