You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by gr...@apache.org on 2019/02/04 16:14:11 UTC

[kudu] 01/02: [docker] Add a kudu user to the kudu image

This is an automated email from the ASF dual-hosted git repository.

granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 725ad7e981e2f59e7224cf0c81853daa9fae4171
Author: Grant Henke <gr...@apache.org>
AuthorDate: Sat Feb 2 16:37:30 2019 -0600

    [docker] Add a kudu user to the kudu image
    
    As a best practice application images/containers should
    not run as root if they don’t need to. This patch creates a
    kudu user and group and creates/owns the kudu specific
    directories.
    
    I also added a tip to the readme about removing old tags.
    I found myself needing to do this while working on this
    patch.
    
    Change-Id: Ia0d51cf8c6a585f98641de9b91d51e41dec9dbd0
    Reviewed-on: http://gerrit.cloudera.org:8080/12344
    Tested-by: Kudu Jenkins
    Reviewed-by: Adar Dembo <ad...@cloudera.com>
---
 docker/Dockerfile  | 10 ++++++++++
 docker/README.adoc |  7 +++++++
 2 files changed, 17 insertions(+)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 4415908..09583e3 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -182,7 +182,10 @@ LABEL name="Apache Kudu Build" \
 #
 FROM base AS kudu
 
+ARG UID=1000
+ARG GID=1000
 ARG INSTALL_DIR="/opt/kudu"
+ARG DATA_DIR="/var/lib/kudu"
 
 # Copy the binaries.
 WORKDIR $INSTALL_DIR/bin
@@ -216,6 +219,13 @@ COPY --from=build /kudu/build/latest/lib ./lib
 COPY --from=build /kudu/www ./www
 COPY ./docker/kudu-entrypoint.sh /
 
+# Setup the kudu user and create the neccessary directories.
+RUN groupadd -g ${GID} kudu || groupmod -n kudu $(getent group ${GID} | cut -d: -f1) \
+    && useradd --shell /bin/bash -u ${UID} -g ${GID} -m kudu \
+    && chown -R kudu:kudu ${INSTALL_DIR} \
+    && mkdir -p ${DATA_DIR} && chown -R kudu:kudu ${DATA_DIR}
+USER kudu
+
 # Add the entrypoint.
 ENTRYPOINT ["/kudu-entrypoint.sh"]
 CMD ["help"]
diff --git a/docker/README.adoc b/docker/README.adoc
index 27a3847..f762705 100644
--- a/docker/README.adoc
+++ b/docker/README.adoc
@@ -114,6 +114,13 @@ Remove specific images:
 $ docker rmi [IMAGE...]
 ----
 
+Remove images by tag pattern:
+[source,bash]
+----
+$ TAG_PATTERN="apache/kudu:*"
+$ docker rmi $(docker images -q "$TAG_PATTERN" --format "{{.Repository}}:{{.Tag}}")
+----
+
 === Using the cache from pre-built images
 You can tell docker to considered remote or local images in your build
 as cache sources. This can be especially useful when the base or