From 47cbfbf96a16edc452f200e234c45acd70a3ec5e Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Thu, 4 Nov 2021 15:37:25 -0700
Subject: [PATCH] Run zookeeper-statsd as the zookeeper user

We may as well align it with the other processes running on this system.

Change-Id: I6de0e5463b3dc66eae46a771d70d1d741527a35e
---
 docker/zookeeper-statsd/Dockerfile                  | 13 +++++++++++++
 .../files/zookeeper-compose/docker-compose.yaml     |  1 +
 2 files changed, 14 insertions(+)

diff --git a/docker/zookeeper-statsd/Dockerfile b/docker/zookeeper-statsd/Dockerfile
index 8cfa6ec8f8..bc02516191 100644
--- a/docker/zookeeper-statsd/Dockerfile
+++ b/docker/zookeeper-statsd/Dockerfile
@@ -18,4 +18,17 @@ FROM docker.io/opendevorg/python-base:3.7
 
 COPY zookeeper-statsd.py /usr/local/bin
 RUN pip install statsd
+
+# 10001 is what we default to in our playbooks when deploying
+# zookeeper proper.
+RUN addgroup zookeeper --gid 10001 --system \
+  && adduser \
+    --system \
+    --uid 10001 \
+    --home /home/zookeeper \
+    --shell /bin/bash \
+    --ingroup zookeeper \
+    zookeeper
+
+USER 10001:10001
 CMD ["/usr/local/bin/zookeeper-statsd.py"]
diff --git a/playbooks/roles/zookeeper/files/zookeeper-compose/docker-compose.yaml b/playbooks/roles/zookeeper/files/zookeeper-compose/docker-compose.yaml
index 576b0ac28e..466e0becad 100644
--- a/playbooks/roles/zookeeper/files/zookeeper-compose/docker-compose.yaml
+++ b/playbooks/roles/zookeeper/files/zookeeper-compose/docker-compose.yaml
@@ -18,6 +18,7 @@ services:
     restart: always
     image: docker.io/opendevorg/zookeeper-statsd:latest
     network_mode: host
+    user: "10001:10001"
     environment:
       STATSD_HOST: graphite.opendev.org
       STATSD_PORT: 8125