diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-10-21 10:46:31 +0200 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-10-21 10:55:46 +0200 |
commit | b1e22e37cc436451b3519a0ef7f9704b5a86f9cc (patch) | |
tree | bc5569b1114576adb855b1fdbcf84a870a90e44f | |
parent | b3bb826fcc018791d92b546589d7044fea637ce9 (diff) |
Stop using root in testing containers
It now creates and leverages xtesting as main user.
Change-Id: I5b871ac2729a875674514aab75ae079e1bf125f5
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
-rw-r--r-- | docker/benchmarking/Dockerfile | 2 | ||||
-rw-r--r-- | docker/cnf/Dockerfile | 2 | ||||
-rw-r--r-- | docker/core/Dockerfile | 3 | ||||
-rw-r--r-- | docker/healthcheck/Dockerfile | 2 |
4 files changed, 9 insertions, 0 deletions
diff --git a/docker/benchmarking/Dockerfile b/docker/benchmarking/Dockerfile index 4bc06efc..d958b565 100644 --- a/docker/benchmarking/Dockerfile +++ b/docker/benchmarking/Dockerfile @@ -3,6 +3,7 @@ FROM opnfv/functest-kubernetes-smoke ARG NETPERF_TAG=master ARG PLOTPERF_TAG=master +USER root COPY plotperf.py.patch /tmp/plotperf.py.patch RUN apk --no-cache add --update py3-matplotlib && \ apk --no-cache add --virtual .build-deps --update patch go && \ @@ -16,5 +17,6 @@ RUN apk --no-cache add --update py3-matplotlib && \ mv plotperf.py plotperf && chmod a+x plotperf) && \ rm -rf perf-tests /tmp/plotperf.py.patch && \ apk del .build-deps +USER xtesting COPY testcases.yaml /etc/xtesting/testcases.yaml CMD ["run_tests", "-t", "all"] diff --git a/docker/cnf/Dockerfile b/docker/cnf/Dockerfile index 690313d9..37cb4691 100644 --- a/docker/cnf/Dockerfile +++ b/docker/cnf/Dockerfile @@ -3,6 +3,7 @@ FROM opnfv/functest-kubernetes-core ARG CNF_TESTSUITE_TAG=v0.34.0 ARG HELM_TAG=v3.3.1 +USER root RUN apk --no-cache add --update wget curl libc6-compat ncurses && \ tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest.txt) && \ case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \ @@ -28,5 +29,6 @@ RUN apk --no-cache add --update wget curl libc6-compat ncurses && \ ln -s /src/cnf-testsuite/points-all.yml /src/cnf-testsuite/points.yml && \ ln -s /usr/local/bin/cnf-testsuite /src/cnf-testsuite/cnf-testsuite && \ rm -rf /src/cnf-testsuite-$CNF_TESTSUITE_TAG.tar.gz /src/cnf-testsuite/.git ;; esac +USER xtesting COPY testcases.yaml /etc/xtesting/testcases.yaml CMD ["run_tests", "-t", "all"] diff --git a/docker/core/Dockerfile b/docker/core/Dockerfile index 9f1e489f..eefc0da8 100644 --- a/docker/core/Dockerfile +++ b/docker/core/Dockerfile @@ -40,7 +40,10 @@ RUN apk -U upgrade && \ printf "[database]\nconnection = 'sqlite:////var/lib/rally/database/rally.sqlite'" > /etc/rally/rally.conf && \ mkdir -p /var/lib/rally/database && rally db create && \ rm -r /src/requirements/.git /tmp/Try-a-quick-fix-vs-asynchronuous-issues.patch && \ + addgroup -g 1000 xtesting && adduser -u 1000 -G xtesting -D xtesting && \ + mkdir -p /etc/xtesting && chown -R xtesting: /etc/xtesting && \ apk del .build-deps +USER xtesting COPY logging.ini /etc/xtesting/logging.ini COPY logging.debug.ini /etc/xtesting/logging.debug.ini CMD ["run_tests", "-t", "all"] diff --git a/docker/healthcheck/Dockerfile b/docker/healthcheck/Dockerfile index 0100d706..13ffe449 100644 --- a/docker/healthcheck/Dockerfile +++ b/docker/healthcheck/Dockerfile @@ -1,5 +1,6 @@ FROM opnfv/functest-kubernetes-core +USER root RUN apk --no-cache add --update curl libc6-compat && \ tag=$(curl -s https://storage.googleapis.com/kubernetes-release/release/latest.txt) && \ case $(uname -m) in armv7l) arch=arm;; aarch64) arch=arm64;; x86_64) arch=amd64;; esac && \ @@ -11,5 +12,6 @@ RUN apk --no-cache add --update curl libc6-compat && \ mv /src/kubernetes/test/bin/e2e.test /src/kubernetes/test/bin/ginkgo /usr/local/bin/ && \ chmod +x /usr/local/bin/kubectl /usr/local/bin/e2e.test /usr/local/bin/ginkgo && \ rm -r /src/kubernetes /src/kubernetes-test-linux-$arch.tar.gz +USER xtesting COPY testcases.yaml /etc/xtesting/testcases.yaml CMD ["run_tests", "-t", "all"] |