Bug 1387423

Summary: Cassandra Docker image currently running as root
Product: [JBoss] Middleware Manager Reporter: Paul Gier <pgier>
Component: OtherAssignee: Matt Wringe <mwringe>
Status: VERIFIED --- QA Contact:
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.0.0 TP2CC: jhardy, ldipotet.job, mmahoney, prasad.anjay
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1386725    

Description Paul Gier 2016-10-20 20:38:52 UTC 
The Cassandra Docker image used by Hawkular Services (Cloudforms Middleware) is currently running as the root user.  This is not compatible with Kubernetes/Openshift so it needs to run as a non-root user.
Comment 2 Paul Gier 2016-10-25 20:32:24 UTC 
I updated the docker-entrypoint.sh script so that it will switch to the cassandra user if the user starts the container as root.  I also verified that the container can be started with an arbitrary user id (docker run --user) as long as the correct permissions are set on the volume (/opt/apache-cassandra/data).

This works in a similar way to the upstream Cassandra docker image.
Comment 3 Paul Gier 2016-10-25 20:34:53 UTC 
This issue can be verified by starting the container and then running the "ps" command to verify that the cassandra server is running as the cassandra user.
For example:
docker exec -ti <cassandra-container-id> ps aux
Comment 5 Luis Dipotet 2018-02-23 02:31:20 UTC 
(In reply to Paul Gier from comment #2)
> I updated the docker-entrypoint.sh script so that it will switch to the
> cassandra user if the user starts the container as root.  I also verified
> that the container can be started with an arbitrary user id (docker run
> --user) as long as the correct permissions are set on the volume
> (/opt/apache-cassandra/data).
> 
> This works in a similar way to the upstream Cassandra docker image.

docker run --user is valid for docker BUT not for Openshift in which when the image is created is done as root so is the PaaS who run the  container and fail when try to deploy it.
Comment 6 Anjay 2018-11-03 09:38:10 UTC 
Hi Luis,

Could you share the chnages you have made in docker-entrypoint.sh script 

Thanks,