From fa45731b7f3d1bad82ce2d1c3679a468a50d31cc Mon Sep 17 00:00:00 2001 From: Leonard Gram Date: Wed, 14 Oct 2020 13:38:04 +0200 Subject: [PATCH] Docker: OpenShift compatability (#27813) * openshift wip * Docker: switches from grafana group to root group * Docker: make group fully configurable * Docker: create custom grafana group if needed * Docker: removes duplicated group permission * Docker: more unneccesary changes --- packaging/docker/Dockerfile | 16 ++++++++++------ packaging/docker/ubuntu.Dockerfile | 16 ++++++++++------ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile index 2122c4c2ee3..757901a1761 100644 --- a/packaging/docker/Dockerfile +++ b/packaging/docker/Dockerfile @@ -14,7 +14,7 @@ RUN mkdir /tmp/grafana && tar xzf /tmp/grafana.tar.gz --strip-components=1 -C /t FROM ${BASE_IMAGE} ARG GF_UID="472" -ARG GF_GID="472" +ARG GF_GID="0" ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ @@ -46,9 +46,13 @@ RUN if [ `arch` = "x86_64" ]; then \ COPY --from=0 /tmp/grafana "$GF_PATHS_HOME" -RUN mkdir -p "$GF_PATHS_HOME/.aws" && \ - addgroup -S -g $GF_GID grafana && \ - adduser -S -u $GF_UID -G grafana grafana && \ +RUN if [ ! $(getent group "$GF_GID") ]; then \ + addgroup -S -g $GF_GID grafana; \ + fi + +RUN export GF_GID_NAME=$(getent group $GF_GID | cut -d':' -f1) && \ + mkdir -p "$GF_PATHS_HOME/.aws" && \ + adduser -S -u $GF_UID -G "$GF_GID_NAME" grafana && \ mkdir -p "$GF_PATHS_PROVISIONING/datasources" \ "$GF_PATHS_PROVISIONING/dashboards" \ "$GF_PATHS_PROVISIONING/notifiers" \ @@ -58,12 +62,12 @@ RUN mkdir -p "$GF_PATHS_HOME/.aws" && \ "$GF_PATHS_DATA" && \ cp "$GF_PATHS_HOME/conf/sample.ini" "$GF_PATHS_CONFIG" && \ cp "$GF_PATHS_HOME/conf/ldap.toml" /etc/grafana/ldap.toml && \ - chown -R grafana:grafana "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" && \ + chown -R "grafana:$GF_GID_NAME" "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" && \ chmod -R 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" EXPOSE 3000 COPY ./run.sh /run.sh -USER grafana +USER "$GF_UID" ENTRYPOINT [ "/run.sh" ] diff --git a/packaging/docker/ubuntu.Dockerfile b/packaging/docker/ubuntu.Dockerfile index 3a6ddbc8649..1f50e42f7e4 100644 --- a/packaging/docker/ubuntu.Dockerfile +++ b/packaging/docker/ubuntu.Dockerfile @@ -14,7 +14,7 @@ EXPOSE 3000 # Set DEBIAN_FRONTEND=noninteractive in environment at build-time ARG DEBIAN_FRONTEND=noninteractive ARG GF_UID="472" -ARG GF_GID="472" +ARG GF_GID="0" ENV PATH=/usr/share/grafana/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \ GF_PATHS_CONFIG="/etc/grafana/grafana.ini" \ @@ -33,9 +33,13 @@ RUN apt-get update && apt-get install -y ca-certificates curl tzdata && \ COPY --from=grafana-builder /tmp/grafana "$GF_PATHS_HOME" -RUN mkdir -p "$GF_PATHS_HOME/.aws" && \ - addgroup --system --gid $GF_GID grafana && \ - adduser --system --uid $GF_UID --ingroup grafana grafana && \ +RUN if [ ! $(getent group "$GF_GID") ]; then \ + addgroup --system --gid $GF_GID grafana; \ + fi + +RUN export GF_GID_NAME=$(getent group $GF_GID | cut -d':' -f1) && \ + mkdir -p "$GF_PATHS_HOME/.aws" && \ + adduser --system --uid $GF_UID --ingroup "$GF_GID_NAME" grafana && \ mkdir -p "$GF_PATHS_PROVISIONING/datasources" \ "$GF_PATHS_PROVISIONING/dashboards" \ "$GF_PATHS_PROVISIONING/notifiers" \ @@ -45,10 +49,10 @@ RUN mkdir -p "$GF_PATHS_HOME/.aws" && \ "$GF_PATHS_DATA" && \ cp "$GF_PATHS_HOME/conf/sample.ini" "$GF_PATHS_CONFIG" && \ cp "$GF_PATHS_HOME/conf/ldap.toml" /etc/grafana/ldap.toml && \ - chown -R grafana:grafana "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" && \ + chown -R "grafana:$GF_GID_NAME" "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" && \ chmod -R 777 "$GF_PATHS_DATA" "$GF_PATHS_HOME/.aws" "$GF_PATHS_LOGS" "$GF_PATHS_PLUGINS" "$GF_PATHS_PROVISIONING" COPY ./run.sh /run.sh -USER grafana +USER "$GF_UID" ENTRYPOINT [ "/run.sh" ]