feat: Container as non root user

rfaircloth-splunk · rfaircloth-splunk · commit 89246a95b0f9 · 2021-11-03T14:41:21.000-04:00
Update Dockerfile

Update Dockerfile

fix

Update entrypoint.sh

Update entrypoint.sh

Update entrypoint.sh
diff --git a/Dockerfile b/Dockerfile
@@ -14,9 +14,12 @@
 # limitations under the License.
 #
 FROM registry.access.redhat.com/ubi8/ubi
+RUN groupadd -g 1001 celery \
+    && useradd -m -u 1001 -g celery celery
 
 RUN curl -fsSL https://goss.rocks/install | GOSS_VER=v0.3.13 sh
 ARG PYTHON_RUNTIME_VERSION=3.8
+
 RUN cd /tmp ;\
     dnf install tzdata curl wget nc python${PYTHON_RUNTIME_VERSION} python3-pip procps-ng -y ;\
     dnf update -y ;\
@@ -27,4 +30,5 @@ COPY dist/*.whl /tmp
 RUN pip${PYTHON_RUNTIME_VERSION} install $(ls /tmp/*.whl); rm -f /tmp/*.whl
 
 WORKDIR /work
+USER 1001
 ENTRYPOINT [ "/work/entrypoint.sh" ]
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -60,7 +60,7 @@ then
   sc4snmp-poller $@ &
 else
   echo starting sc4-snmp-worker
-  celery -A splunk_connect_for_snmp_poller.manager.celery_client worker -l INFO -n worker1
+  celery -A splunk_connect_for_snmp_poller.manager.celery_client worker -l INFO -n worker1 || exit 1
 fi
 
 pid="$!"
