Docker volumes shared with the Jupyter "lock" the folder - docker

I'm testing Docker Desktop 4.10 on Ubuntu 22.04.
Let's say that I want to run a Jupyter Notebook:
docker run -it \
-v "${PWD}":/home/jovyan/work \
-p 8888:8888 \
jupyter/base-notebook
By doing so, I experience the "Permission denied" error while attempting to create a new notebook in the "work" directory.
Starting the notebook with chown options allows me to solve the problem:
docker run -it \
-v "${PWD}":/home/jovyan/work \
-p 8888:8888 \
--user root \
-e CHOWN_HOME="yes" \
-e CHOWN_HOME_OPTS="-R" \
jupyter/base-notebook
This solution has the drawback of changing the permissions of the folder: I see a padlock on the folder and cannot delete the contents, even after removing the container. In particular, Owner is now "user #100999" and Group "100099".
Looking for alternative solutions with no impact on os-permissions. Thanks

You can tell Docker to use the same owner and group as the directory being mounted.
docker run -it \
-v "${PWD}":/home/jovyan/work \
-p 8888:8888 \
--user "$(stat -c '%u:%g' $PWD)" \
--group-add users \
jupyter/base-notebook
The stat command is used to retrieve the user ID and group ID for the current directory's owner.

Related

Docker run binding container pip site-packages for peristant pip installs

I am trying to bind my pip site-packages docker container directory to my host computer, but on my host computer the directory is empty.
docker run -d \
-p 8080:8080 \
--name "ml-workspace" \
-v "/${PWD}:/workspace" \
--mount type=bind,source=/opt/conda/lib/python3.7/site-packages,target=/workspace/cache/site-packages \
--env AUTHENTICATE_VIA_JUPYTER="password" \
--shm-size 512m \
--restart always \
dagshub/ml-workspace:latest
Also, I am trying to bind the vs studio extensions directory --mount type=bind,source=/root/.vscode/extensions,target=/workspace/cache/extensions, but docker doesn't seem to like . in the path.

NiFi: Why Does My User Have Insufficient Permissions?

I am following the steps in the "Standalone Instance, Two-Way SSL" section of https://hub.docker.com/r/apache/nifi. However, when I visit the NiFi page, my user has insufficient permissions. Below is the process I am using:
Generate self-signed certificates
mkdir conf
docker exec \
-ti toolkit \
/opt/nifi/nifi-toolkit-current/bin/tls-toolkit.sh \
standalone \
-n 'nifi1.bluejay.local' \
-C 'CN=admin,OU=NIFI'
docker cp toolkit:/opt/nifi/nifi-current/nifi-cert.pem conf
docker cp toolkit:/opt/nifi/nifi-current/nifi-key.key conf
docker cp toolkit:/opt/nifi/nifi-current/nifi1.bluejay.local conf
docker cp toolkit:/opt/nifi/nifi-current/CN=admin_OU=NIFI.p12 conf
docker cp toolkit:/opt/nifi/nifi-current/CN=admin_OU=NIFI.password conf
docker stop toolkit
Import client certificate to browser
Import the .p12 file into your browser.
Update /etc/hosts
Add "127.0.0.1 nifi1.bluejay.local" to the end of your /etc/hosts file.
Define a NiFi network
docker network create --subnet=10.18.0.0/16 nifi
Run NiFi in a container
docker run -d \
-e AUTH=tls \
-e KEYSTORE_PATH=/opt/certs/keystore.jks \
-e KEYSTORE_TYPE=JKS \
-e KEYSTORE_PASSWORD=$(grep keystorePasswd conf/nifi1.bluejay.local/nifi.properties | cut -d'=' -f2) \
-e TRUSTSTORE_PATH=/opt/certs/truststore.jks \
-e TRUSTSTORE_PASSWORD=$(grep truststorePasswd conf/nifi1.bluejay.local/nifi.properties | cut -d'=' -f2) \
-e TRUSTSTORE_TYPE=JKS \
-e INITIAL_ADMIN_IDENTITY="CN=admin,OU=NIFI" \
-e NIFI_WEB_PROXY_CONTEXT_PATH=/nifi \
-e NIFI_WEB_PROXY_HOST=nifi1.bluejay.local \
--hostname nifi1.bluejay.local \
--ip 10.18.0.10 \
--name nifi \
--net nifi \
-p 8443:8443 \
-v $(pwd)/conf/nifi1.bluejay.local:/opt/certs:ro \
-v /data/projects/nifi-shared:/opt/nifi/nifi-current/ls-target \
apache/nifi
Visit Page
When you visit http://localhost:8443/nifi, you'll be asked to select a certificate. Select the certificate (e.g. admin) that you imported.
At this point, I am seeing:
Insufficient Permissions
Unknown user with identity 'CN=admin, OU=NIFI'. Contact the system administrator.
In the examples I am seeing, there is no mention of this issue or how to resolve it.
How are permissions assigned to the Initial Admin Identity?
You are missing a space at line
-e INITIAL_ADMIN_IDENTITY="CN=admin,OU=NIFI"
See the error msg.

Question about command to execute when running Jenkins image

I have questions while using the Jenkins image to check the commands to run the container and leave a question.
I ran the following command.
docker run \
-u root \
--rm \
-p 8080:8080 \
--name jenkins \
-v /Users/newbie/jenkins:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkins:lts
What does ' : ' and ' -v ' mean in -v /Users/newbie/jenkins:/var/jenkins_home \ on line 6?
-v = Bind mount a volume. See this
It mounts /Users/newbie/jenkins directory on your host to /var/jenkins_home on your container

Jenkins location in docker, not at /var/jenkins_home

I'm installing Jenkins via docker by following this official guide.
After running command:
docker run \
-u root \
--rm \
-d \
-p 8080:8080 \
-p 50000:50000 \
-v jenkins-data:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkinsci/blueocean
I'm expecting Jenkins to be installed # /var/jenkins_home, but instead it is being installed # /var/lib/docker/volumes/jenkins-data.
Also there is no such folder as /var/jenkins_home.
Am I missing something. Please suggest.
Thank You
/var/jenkins_home is inside the container. You are using named volume & that's why it's located in /var/lib/docker/volumes/jenkins-data.
Instead, you can use host bind mounts as below to ensure you get the data in /var/jenkins_home on the host machine -
docker run \
-u root \
--rm \
-d \
-p 8080:8080 \
-p 50000:50000 \
-v /var/jenkins_home:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkinsci/blueocean
Volumes path in case of host mounts has to be absolute else it results in creating a named volume.

How to run enlightenment wayland in docker container?

I am trying to run enlightenment(https://www.enlightenment.org/start) in a docker container,previously enlightenment is based on X11,but the latest version of enlightenment support wayland. As I searched,we can use the -v parameter when use the "docker run" command to start a docker image like :
$ docker run -it \
--net host \ # may as well YOLO
--cpuset-cpus 0 \ # control the cpu
--memory 512mb \ # max memory it can use
-v /tmp/.X11-unix:/tmp/.X11-unix \ # mount the X11 socket
-e DISPLAY=unix$DISPLAY \ # pass the display
-v $HOME/Downloads:/root/Downloads \ # optional, but nice
-v $HOME/.config/google-chrome/:/data \ # if you want to save state
--device /dev/snd \ # so we have sound
--name chrome \
jess/chrome
(Reference: https://blog.jessfraz.com/post/docker-containers-on-the-desktop/)
But this is based on X11.Currently I do not use the X11,and use the wayland based enlightenment,How can I show my enlightenment UI in docker container?
According to
https://unix.stackexchange.com/questions/330366/how-can-i-run-a-graphical-application-in-a-container-under-wayland
you mount some device such as
/run/user/1000/wayland-0
in your
docker run
command
and here is an extract from
https://github.com/duzy/docker-wayland/blob/master/run.sh
docker run \
--name $container \
-v "$(pwd):/home/user/work" \
--device=/dev/dri/card0:/dev/dri/card0 \
--device=/dev/dri/card1:/dev/dri/card1 \
--device=/dev/dri/controlD64:/dev/dri/controlD64 \
--device=/dev/dri/controlD65:/dev/dri/controlD65 \

Resources