Create user and add permissions

netboxlabs · Oct 14, 2024 · 6f87678 · 6f87678
1 parent f01c2c1
commit 6f87678
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 38 deletions.
diff --git a/agent/docker/Dockerfile b/agent/docker/Dockerfile
@@ -1,21 +1,35 @@
 ARG PKTVISOR_TAG=latest-develop
+ARG OTEL_TAG=0.111.0
+
 FROM golang:1.23-alpine AS builder
 
 WORKDIR /go/src/github.com/netboxlabs/orb-agent
 COPY go.mod .
 RUN go mod tidy
 COPY . .
-RUN apk update && apk add make build-base git
+RUN apk update && apk add --no-cache build-base git make
 RUN mkdir /tmp/build && CGO_ENABLED=1 make agent_bin && mv build/orb-agent /tmp/build/orb-agent
 
+FROM otel/opentelemetry-collector-contrib:${OTEL_TAG} AS otelcol-contrib
+
 FROM orbcommunity/pktvisor:${PKTVISOR_TAG}
 
-RUN mkdir /opt/orb
+RUN addgroup --system netdev && useradd -m --shell /bin/bash -G netdev appuser && echo "appuser ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+# Create necessary directories and set ownership to appuser
+RUN mkdir -p /opt/orb && chown appuser:appuser /opt/orb \
+    && chown appuser:appuser /usr/local/bin \
+    && chown appuser:appuser /var/run
+
 COPY --from=builder /tmp/build/orb-agent /usr/local/bin/orb-agent
 COPY --from=builder /go/src/github.com/netboxlabs/orb-agent/agent/docker/agent_default.yaml /opt/orb/agent_default.yaml
 COPY --from=builder /go/src/github.com/netboxlabs/orb-agent/agent/docker/orb-agent-entry.sh /usr/local/bin/orb-agent-entry.sh
 COPY --from=builder /go/src/github.com/netboxlabs/orb-agent/agent/docker/run-agent.sh /run-agent.sh
 
+COPY --from=otelcol-contrib /otelcol-contrib /usr/local/bin/otelcol-contrib
+
 RUN chmod a+x /run-agent.sh
 
+USER appuser
+
 ENTRYPOINT [ "/usr/local/bin/orb-agent-entry.sh" ]
diff --git a/agent/docker/Dockerfile.full b/agent/docker/Dockerfile.full
diff --git a/agent/docker/agent_default.yaml b/agent/docker/agent_default.yaml
@@ -8,3 +8,6 @@ orb:
     pktvisor: 
       binary: /usr/local/sbin/pktvisord
       config_file: /opt/orb/agent_default.yaml
+    otel:
+      binary: /usr/local/bin/otelcol-contrib
+      config_file: /opt/orb/agent_default.yaml
diff --git a/agent/docker/agent_default_full.yaml b/agent/docker/agent_default_full.yaml
diff --git a/cmd/main.go b/cmd/main.go
@@ -149,7 +149,7 @@ func mergeOrError(path string) {
 	v.SetDefault("orb.cloud.mqtt.id", "")
 	v.SetDefault("orb.cloud.mqtt.key", "")
 	v.SetDefault("orb.cloud.mqtt.channel_id", "")
-	v.SetDefault("orb.db.file", "./orb-agent.db")
+	v.SetDefault("orb.db.file", "/opt/orb/orb-agent.db")
 	v.SetDefault("orb.tls.verify", true)
 	v.SetDefault("orb.otel.host", "localhost")
 	v.SetDefault("orb.otel.port", 0)