Docker entrypoint script on ECS, Permission Denied - docker

Im looking at a problem when i deploy to AWS ECS regarding permissions.
I need to start a shell script in the entrypoint of the Dockerfile, which uses wait-for-it.sh to pause until the supporting container is ready.
The base for the project is aspnet core and is intended to facilitate database upgrades.
The error from the container is:
container_linux.go:380: starting container process caused: exec: "./docker-entrypoint.sh": permission denied
Other posts suggest its because the scripts arnt marked as executable. See below build output which confirms this is done
Step 14/21 : WORKDIR /app
---> Running in 5517aabffaa2
Removing intermediate container 5517aabffaa2
---> 9724951dd81b
Step 15/21 : COPY Data.Migrator/wait-for-it.sh wait-for-it.sh
---> dcd710cf0671
Step 16/21 : RUN chmod +x wait-for-it.sh
---> Running in 914a4e63fbcd
Removing intermediate container 914a4e63fbcd
---> d1e8da150a8c
Step 17/21 : COPY ["Data.Migrator/docker-entrypoint.sh", "docker-entrypoint.sh"]
---> 1e193d79558c
Step 18/21 : RUN ["chmod", "+x", "docker-entrypoint.sh"]
---> Running in fb737194fcc3
Removing intermediate container fb737194fcc3
---> e89b9eaa086c
Step 19/21 : COPY --from=publish /app/publish .
---> 972f1bd340ec
Step 20/21 : ENTRYPOINT ["./docker-entrypoint.sh"]
---> Running in 19469ffcfb32
Removing intermediate container 19469ffcfb32
---> 00447053022c
My service in the docker-compose is
data_migrator:
image: xxx.dkr.ecr.eu-west-1.amazonaws.com/migrator:latest
restart: 'always'
depends_on:
sql-server-db:
condition: service_healthy
environment:
MAIN_STORE_CONNECTION_STRING: "Server=sql_server_db,1433;Database=MainStore;User Id=sa;Password=Password123#;MultipleActiveResultSets=True;"
SIGNABLE_STORE_CONNECTION_STRING: "Server=sql_server_db,1433;Database=SignableStore;User Id=sa;Password=Password123#;MultipleActiveResultSets=True;"
DEPENDSUPON_HOST: sql-server-db
DEPENDSUPON_PORT: 1433
ECS_IMAGE_PULL_BEHAVIOR: always
networks:
- publicnet
Docker entrypoint script
#!/bin/bash
# Abort on any error (including if wait-for-it fails).
set -e
# Wait for the backend to be up, if we know where it is.
if [ -n "$DEPENDSUPON_HOST" ]; then
echo "Waiting for database connection..."
./wait-for-it.sh "$DEPENDSUPON_HOST:${DEPENDSUPON_PORT:-6000}"
fi
# Run the main container command.
exec "$#"
and the dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:5.0 AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
WORKDIR /src
COPY ["Data.Migrator/Data.Migrator.csproj", "Data.Migrator/"]
COPY ["Web.Workflow/Web.Workflow.csproj", "Web.Workflow/"]
RUN dotnet restore "Data.Migrator/Data.Migrator.csproj"
COPY . .
WORKDIR "/src/Data.Migrator"
RUN dotnet build "Data.Migrator.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "Data.Migrator.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
# Copy wait-for-it.sh into our image
COPY Data.Migrator/wait-for-it.sh wait-for-it.sh
# Make it executable, in Linux
RUN chmod +x wait-for-it.sh
COPY ["Data.Migrator/docker-entrypoint.sh", "docker-entrypoint.sh"]
RUN ["chmod", "755", "docker-entrypoint.sh"]
# Make it executable, in Linux
COPY --from=publish /app/publish .
ENTRYPOINT ["./docker-entrypoint.sh"]
CMD ["dotnet", "Data.Migrator.dll"]

Related

Whs is my init.sh not found after succeful build?

My Dockerfile
FROM alpine:latest
WORKDIR /usr/src/app
COPY ./init.sh /usr/src/app
RUN chmod +x init.sh
CMD ["sh","-c","init.sh"]
Build goes OK
docker build . -t test
Sending build context to Docker daemon 3.072kB
Step 1/5 : FROM alpine:latest
---> e66264b98777
Step 2/5 : WORKDIR /usr/src/app
---> Running in 1ff4467854af
Removing intermediate container 1ff4467854af
---> 6b4f1fa4ca1c
Step 3/5 : COPY ./init.sh /usr/src/app
---> e61e55063baa
Step 4/5 : RUN chmod +x init.sh
---> Running in ae3724c0f595
Removing intermediate container ae3724c0f595
---> 3c2cd99a30b9
Step 5/5 : CMD ["sh","-c","init.sh"]
---> Running in 9df8c7d70e38
Removing intermediate container 9df8c7d70e38
---> bd9c9af6380d
Successfully built bd9c9af6380d
Successfully tagged test:latest
I got this
docker run -it test
sh: init.sh: not found
Why?
Use ./init.sh to execute the script, provided that the shell script has a proper shebang like #!/bin/sh on the top:
FROM alpine:latest
WORKDIR /usr/src/app
COPY ./init.sh /usr/src/app
RUN chmod +x init.sh
CMD ["sh", "-c", "./init.sh"]
Note that it's actually not necessary, and can be shortened as CMD ./init.sh.

Docker Service failed to build: pull access denied, repository does not exist or may require 'docker login'

I have a project that contains a Dockerfile and a docker-compose.yml.
Dockerfile:
FROM mhart/alpine-node:11 AS builder
WORKDIR /app
COPY . .
RUN yarn install
RUN yarn build
WORKDIR /app
COPY --from=builder /app/build .
CMD ["serve", "-p", "80", "-s", "."]
docker-compose.yml:
version: "3"
services:
front:
build: .
ports:
- 8080:80
restart: always
When I try to run it like below.
docker-compose up -d
I get the following message:
Building front
Step 1/8 : FROM mhart/alpine-node:11 AS builder
---> 5ff13b69f215
Step 2/8 : WORKDIR /app
---> Using cache
---> 1da7c0d4dfac
Step 3/8 : COPY . .
---> Using cache
---> 8d82bb9c0ecf
Step 4/8 : RUN yarn install
---> Using cache
---> 1e557a2dbe03
Step 5/8 : RUN yarn build
---> Using cache
---> ea2d3f56ff39
Step 6/8 : WORKDIR /app
---> Using cache
---> 1edb82c45c49
Step 7/8 : COPY --from=builder /app/build .
ERROR: Service 'front' failed to build: invalid from flag value builder: pull access denied for builder, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
I saw another question on Stackoverflow, I think it may be close to my problem.
invalid from flag value build: pull access denied for build, repository does not exist or may require 'docker login'
But I only have a build stage, not two stage like in the question from the link.
Your docker build is failing because you are missing a FROM command for your runtime environment. This appears to be a multi-stage docker build, and you are attempting to copy files from a previous build stage named builder but you are still in the first (and only) stage of your build (which is called builder).
You have two options. Either one should work.
Introduce a second runtime stage to your build:
Add another FROM command with the image that you want as your runtime. I just used mhart/alpine-node:11 again here but you may want a different runtime environment.
FROM mhart/alpine-node:11 AS builder
WORKDIR /app
COPY . .
RUN yarn install
RUN yarn build
FROM mhart/alpine-node:11 AS runtime
RUN yarn global add serve
WORKDIR /app
COPY --from=builder /app/build .
CMD ["serve", "-p", "80", "-s", "."]
Make it a non multi-stage build:
Just remove the COPY command and change your workdir to the build directory:
FROM mhart/alpine-node:11 AS builder
RUN yarn global add serve
WORKDIR /app
COPY . .
RUN yarn install
RUN yarn build
WORKDIR /app/build
CMD ["serve", "-p", "80", "-s", "."]

How to build Docker for VS 2019 solution?

I have a VS 2019 Solution with 2 projects: P1 (Standard lib) & P2 (ASP.NET Core exe).
P2 contains a Dockerfile.
I have copied the Docker file to up folder, tried to build the docker running the cmd :
>docker build -f Dockerfile ..
Sending build context to Docker daemon 3.056GB
Step 1/18 : FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base
---> 5d7a95ed1660
Step 2/18 : WORKDIR /app
---> Using cache
---> 6e8271ae3df9
Step 3/18 : EXPOSE 80
---> Using cache
---> e45066aa184b
Step 4/18 : EXPOSE 443
---> Using cache
---> 0bbce5ed4c30
Step 5/18 : FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
---> 925a86b607a3
Step 6/18 : WORKDIR /src
---> Using cache
---> e4af901c8e34
Step 7/18 : COPY ["PropMan/PropMan.csproj", "PropMan/"]
COPY failed: stat /var/lib/docker/tmp/docker-builder808977273/PropMan/PropMan.csproj: no such file or directory
How to fix it?
The directory structure
-Solution dir
--ChartJs.Blazor project
---ChartJs.Blazor.csproj
---ChartJs.Blazor files
--PropMan project
---PropMan.csproj
---PropMan files
---Dockerfie (it was created here but later I moved it to solution folder)
-Dockerfie
The Dockerfile
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-buster-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-buster AS build
WORKDIR /src
COPY ["PropMan/PropMan.csproj", "PropMan/"]
COPY ["ChartJs.Blazor/ChartJs.Blazor.csproj", "ChartJs.Blazor/"]
RUN dotnet restore "PropMan/PropMan.csproj"
COPY . .
WORKDIR "/src/PropMan"
RUN dotnet build "PropMan.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "PropMan.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "PropMan.dll"]
I need to go to the solution folder and run
docker build -f PropMan/Dockerfile .
The Dockefile is in project folder.

.NET Core web app won't run in Docker container

I have a vanilla .NET Core 2 web app that I setup in JetBrains Rider and I immediately started working on a Docker environment for it. I followed this guide to get started:
https://docs.docker.com/engine/examples/dotnetcore/
I altered it slightly to come up with this:
FROM microsoft/dotnet:latest AS packager
RUN mkdir -p /opt/build
WORKDIR /opt/build
# Copy csproj and restore as distinct layers
COPY *.csproj .
RUN dotnet restore
# Copy everything else and build
COPY . .
RUN dotnet publish -c Release -o bin
# --
# Build runtime image
FROM microsoft/dotnet:runtime AS runtime
RUN mkdir -p /opt/app
WORKDIR /opt/app
COPY --from=packager /opt/build/bin/. .
ENTRYPOINT ["dotnet", "/opt/app/aspnetapp.dll"]
The image builds and when I go to run the container I get the following output:
dan#mycomputer ~/Desktop/coreapi (master)
$ docker build -t myapp .
Sending build context to Docker daemon 25.09kB
Step 1/12 : FROM microsoft/dotnet:latest AS packager
---> e1a56dca783e
Step 2/12 : RUN mkdir -p /opt/build
---> Using cache
---> 95f9c936d0d1
Step 3/12 : WORKDIR /opt/build
---> Using cache
---> 64f26c356fd7
Step 4/12 : COPY *.csproj .
---> Using cache
---> 38a2fb7ca6bb
Step 5/12 : RUN dotnet restore
---> Using cache
---> 70dbc44d98ae
Step 6/12 : COPY . .
---> Using cache
---> b1019d53a861
Step 7/12 : RUN dotnet publish -c Release -o bin
---> Using cache
---> 8e112606633a
Step 8/12 : FROM microsoft/dotnet:runtime AS runtime
---> cc240a7fd027
Step 9/12 : RUN mkdir -p /opt/app
---> Using cache
---> 954f494febc4
Step 10/12 : WORKDIR /opt/app
---> Using cache
---> b74be941e7dc
Step 11/12 : COPY --from=packager /opt/build/bin/. .
---> Using cache
---> 4c229192d99b
Step 12/12 : ENTRYPOINT ["dotnet", "/opt/app/aspnetapp.dll"]
---> Using cache
---> fb6ef4015fba
Successfully built fb6ef4015fba
Successfully tagged myapp:latest
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.
dan#mycomputer ~/Desktop/coreapi (master)
$ docker run -p 5001:5001 myapp:latest
Did you mean to run dotnet SDK commands? Please install dotnet SDK from:
http://go.microsoft.com/fwlink/?LinkID=798306&clcid=0x409
The app doesn't run and I get a message that says I need to install the SDK. What's up with that? Shouldn't the runtime Docker image have everything neede to run the app?
I was able to find the solution by modifying the ENTRYPOINT to run tail -f /dev/null. From there, I entered the container and saw that the name of the binary adjusts based on your project name which the Docker documentation didn't make clear to me.
I also updated my base images and this solved my problem. Here is my latest Dockerfile below:
FROM microsoft/dotnet:2.1-sdk AS packager
RUN mkdir -p /opt/build
WORKDIR /opt/build
# Copy csproj and restore as distinct layers
COPY *.csproj .
RUN dotnet restore
# Copy everything else and build
COPY . .
RUN dotnet publish -c Release -o bin
# --
# Build runtime image
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS runtime
RUN mkdir -p /opt/app
WORKDIR /opt/app
COPY --from=packager /opt/build/bin/. .
EXPOSE 80
ENTRYPOINT ["dotnet", "/opt/app/coreapi.dll"]

dotnet core 2.0 commands not running in docker

I'm trying to set up my dotnet core app to run through docker on my mac. My Dockerfile looks like this:
FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app
# copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore
# copy everything else and build
COPY . ./
RUN dotnet publish -c Release -o out
# build runtime image
FROM microsoft/dotnet:runtime
WORKDIR /app
COPY --from=build-env /app/out ./
ENTRYPOINT ["dotnet", "backend.dll"]
When I run: docker build -t backend .
I get :
Sending build context to Docker daemon 1.133MB
Step 1/10 : FROM microsoft/dotnet:sdk AS build-env
---> 76d532b4a0ca
Step 2/10 : WORKDIR /app
---> Using cache
---> 9c04cc3784c1
Step 3/10 : COPY *.csproj ./
---> Using cache
---> 18b53c11abd6
Step 4/10 : RUN dotnet restore
---> Running in 46f3843faad7
Aborted
The command '/bin/sh -c dotnet restore' returned a non-zero code: 134
I did some debugging and noticed when I ran any command of dotnet it bombs. I ran dotnet --info and it showed the information but also Aborted. Any suggestions would be greatly appreciated.

Resources