From f46217e2dcf788f23c974d724ccb4b6f7044e5c6 Mon Sep 17 00:00:00 2001 From: Nicolas Thomas Date: Tue, 4 Sep 2018 16:02:08 +0200 Subject: [PATCH] Move to use Ubuntu 18.04. No more tricks with pip and openstack clients. Use ubuntu user in the Docker as good secu practice --- Dockerfile | 14 +++++++++----- README-DockerClient.md | 4 ++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4beae90..7b47304 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,11 +2,15 @@ #build cmd: # docker build --force-rm -t fortistacks-cli:1.2 . # docker build --force-rm -t fortistacks-cli . -FROM ubuntu:16.04 -MAINTAINER Nicolas Thomas +FROM ubuntu:18.04 +MAINTAINER Nicolas Thomas #Update the Ubuntu software repository inside the dockerfile with the 'RUN' command. -# Update Ubuntu Software repository -RUN apt update && apt -y upgrade && apt -y install git python-pip wget zile byobu bash sudo python-virtualenv wget git cloud-image-utils -RUN pip install --upgrade pip && pip install python-novaclient==9.1.1 python-openstackclient python-heatclient +RUN apt-get update && apt-get -y upgrade +ENV DEBIAN_FRONTEND=noninteractive +RUN apt -y install git python-pip wget zile byobu bash sudo python-virtualenv wget git cloud-image-utils python-openstackclient sudo RUN apt clean + +RUN groupadd -r ubuntu && useradd -g ubuntu -G adm,sudo ubuntu -m -p fortinet && \ + echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-nopasswd && chmod 640 /etc/sudoers.d/99-nopasswd +USER ubuntu CMD ["/bin/bash"] diff --git a/README-DockerClient.md b/README-DockerClient.md index 5b0913a..f7b391e 100644 --- a/README-DockerClient.md +++ b/README-DockerClient.md @@ -9,7 +9,7 @@ Copy your .rc file with the openstack credentials in fortistacks folder. From fortistacks folder: ```shell -docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/root/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t thomnico/fortinet-cse:fortistacks-cli-1.2 +docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/home/ubuntu/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t thomnico/fortinet-cse:fortistacks-cli-1.3 ``` Or adapt to your folder layout. @@ -27,6 +27,6 @@ Check Dockerfile in this folder to see how it is done. Have to use pinpoint version due to weeks long bugs in openstack clients. ```shell -$ docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/root/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t fortistacks-cli:1.2 +$ docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/home/ubuntu/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t fortistacks-cli:1.3 ```