volume already exists but was not created by Docker Compose - docker

This is what i get after i use ddev start on new or any other projects.
I clear all docker images, volumes, etc... and problem repeats again...
Does anybody has the same problem, does it have any connection with versions:
Docker version 20.10.11
Docker Compose version 2.2.0
ddev version v1.18.0
Starting lmp...
Pushed mkcert rootca certs to ddev-global-cache/mkcert
Running Command=ip address show dev docker0
volume "lmp-mariadb" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume
Failed to start lmp: ComposeCmd failed to run 'COMPOSE_PROJECT_NAME=ddev-lmp docker-compose -f /home/loganmm/www/ddev/lmp/.ddev/.ddev-docker-compose-full.yaml up --build -d', action='[up --build -d]', err='exit status 1', stdout='Sending build context to Docker daemon 489B
Step 1/6 : ARG BASE_IMAGE
Step 2/6 : FROM $BASE_IMAGE
---> 87d5f9bd7e6e
Step 3/6 : ARG username
---> Using cache
---> f60cc0e22e2e
Step 4/6 : ARG uid
---> Using cache
---> 01e2924ff925
Step 5/6 : ARG gid
---> Using cache
---> f76f3c567045
Step 6/6 : RUN (groupadd --gid $gid "$username" || groupadd "$username" || true) && (useradd -l -m -s "/bin/bash" --gid "$username" --comment '' --uid $uid "$username" || useradd -l -m -s "/bin/bash" --gid "$username" --comment '' "$username" || useradd -l -m -s "/bin/bash" --gid "$gid" --comment '' "$username")
---> Using cache
---> 74726db594e2
Successfully built 74726db594e2
Successfully tagged drud/ddev-dbserver-mariadb-10.3:v1.18.0-lmp-built
Sending build context to Docker daemon 448B
Step 1/6 : ARG BASE_IMAGE
Step 2/6 : FROM $BASE_IMAGE
---> 1e45807db7e2
Step 3/6 : ARG username
---> Using cache
---> 99d798f1aa8c
Step 4/6 : ARG uid
---> Using cache
---> 30f01bb39027
Step 5/6 : ARG gid
---> Using cache
---> db8269893144
Step 6/6 : RUN (groupadd --gid $gid "$username" || groupadd "$username" || true) && (useradd -l -m -s "/bin/bash" --gid "$username" --comment '' --uid $uid "$username" || useradd -l -m -s "/bin/bash" --gid "$username" --comment '' "$username" || useradd -l -m -s "/bin/bash" --gid "$gid" --comment '' "$username")
---> Using cache
---> 059097a5008c
Successfully built 059097a5008c
Successfully tagged drud/ddev-webserver:v1.18.0-lmp-built
', stderr='volume "lmp-mariadb" already exists but was not created by Docker Compose. Use `external: true` to use an existing volume'

If you use Docker Desktop - go to the preferences and under General uncheck Use Docker Compose v2, then click "Apply & Restart" - as found on https://github.com/drud/ddev/issues/3404#issuecomment-986990802

This is worked around in DDEV v1.18.2+ (and v1.19+), please upgrade. It was a bug in docker-compose 2.2.0+ - please see https://github.com/drud/ddev/issues/3404 for context.

Related

Docker build creates and tags an image that docker run cannot find

I have been given a project that is in a Docker container. I have managed to build the Docker container image and tag it, but when I run it I have problems.
bash-5.1$ docker build -t game:0.0.1 -t game:latest .
Sending build context to Docker daemon 2.584MB
Step 1/12 : FROM nvidia/cuda:10.2-base-ubuntu18.04
---> 84b82c2f5736
Step 2/12 : MAINTAINER me
---> Using cache
---> b8a86a8860d5
Step 3/12 : EXPOSE 5006
---> Using cache
---> fabdfc06768c
Step 4/12 : EXPOSE 8888
---> Using cache
---> a6f8585ce52d
Step 5/12 : ENV DEBIAN_FRONTEND noninteractive
---> Using cache
---> c4dd4de87fdc
Step 6/12 : ENV WD=/home/game/
---> Using cache
---> 871163f5db29
Step 7/12 : WORKDIR ${WD}
---> Using cache
---> 36678a12e551
Step 8/12 : RUN apt-get -y update && apt-get -y upgrade && apt-get -y install git ssh pkg-config python3-pip python3-opencv
---> Using cache
---> 4b83b4944484
Step 9/12 : COPY requirements.txt /requirements.txt
---> Using cache
---> 8e1db9206e80
Step 10/12 : RUN cd / && python3 -m pip install --upgrade pip && pip3 install -r requirements.txt
---> Using cache
---> e096029d458a
Step 11/12 : CMD ["start.py"]
---> Using cache
---> 795bb5a65bc8
Step 12/12 : ENTRYPOINT ["python3"]
---> Using cache
---> 59b472b693f2
Successfully built 59b472b693f2
Successfully tagged game:0.0.1
Successfully tagged game:latest
bash-5.1$ docker run -it -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix game:latest
Unable to find image 'game:latest' locally
docker: Error response from daemon: pull access denied for game, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
bash-5.1$ sudo docker run -it -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix game:latest
It doesn't seem to find the game:latest image even though the output of the above command says it just created it.
I also try to do this after logging into my session.
I tried to run 59b472b693f2 (what is it, is it a container hash code?):
bash-5.1$ docker run 59b472b693f2
python3: can't open file 'start.py': [Errno 2] No such file or directory
bash-5.1$ ls
data_collection demonstrateur.ipynb demo.py Dockerfile examples README.md requirements.txt serious_game start.py test
bash-5.1$
Here is the list of available images:
bash-5.1$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
game 0.0.1 7e7ad7272cf0 15 minutes ago 1.77GB
game latest 7e7ad7272cf0 15 minutes ago 1.77GB
ubuntu latest ba6acccedd29 7 weeks ago 72.8MB
hello-world latest feb5d9fea6a5 2 months ago 13.3kB
nvidia/cuda 10.2-base-ubuntu18.04 84b82c2f5736 2 months ago 107MB
bash-5.1$ docker run -it -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix game:latest
python3: can't open file 'start.py': [Errno 2] No such file or directory
bash-5.1$
I tried to add it in the Dockerfile but still got the same error:
Removing intermediate container 10f2d7506d17
---> 1b776923e5a9
Step 11/13 : COPY start.py /start.py
---> 172c81ff16e9
Step 12/13 : CMD ["start.py"]
---> Running in c7217e2e0f21
Removing intermediate container c7217e2e0f21
---> eaf947ffa0b1
Step 13/13 : ENTRYPOINT ["python3"]
---> Running in 77e2e7b90658
Removing intermediate container 77e2e7b90658
---> 924d8c473e36
Successfully built 924d8c473e36
Successfully tagged seriousgame:0.0.1
Successfully tagged seriousgame:latest
bash-5.1$ docker run -it -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix seriousgame:latest
python3: can't open file 'start.py': [Errno 2] No such file or directory
Here is my Dockerfile:
#############################################################################################################
#
# Creation du container
#
##############################################################################################################
FROM nvidia/cuda:10.2-base-ubuntu18.04
MAINTAINER me
EXPOSE 5006
EXPOSE 8888
ENV DEBIAN_FRONTEND noninteractive
ENV WD=/home/game/
WORKDIR ${WD}
# Add git and ssh
RUN apt-get -y update && \
apt-get -y upgrade && \
apt-get -y install git ssh pkg-config python3-pip python3-opencv
# Dépendances python
COPY requirements.txt /requirements.txt
RUN cd / && \
python3 -m pip install --upgrade pip && \
pip3 install -r requirements.txt
COPY start.py /start.py
CMD ["start.py"]
ENTRYPOINT ["python3"]
Here are all the files within my project:
bash-5.1$ ls
data_collection demonstrateur.ipynb demo.py Dockerfile examples README.md requirements.txt serious_game start.py test
In the first block of code you posted it says Successfully tagged game:latest and Successfully tagged game:0.0.1, but in your docker images output you don't see those images. Looking at the output of your docker images I see that the last time you built the image named serious-game was 1 hour ago. I'm guessing so that you tried to rename the image, but the image ID didn't change.
You can try to remove the old image with docker image rm command (docs), and then try to build it again. The commands sequence to execute is the code block below. Data should be safe becouse I see that you're using volumes (I assume that you know what you're doing).
docker image rm 59b472b693f2
docker build -t game:0.0.1 -t game:latest .
The sequence 59b472b693f2 is the unique ID of the image in your Docker local environment (you can assume that it's an ID like the ones used in databases for indexing).

How to run vsftpd as non root in an ubuntu container?

I am trying to rebuild bogem/ftp to make the container run as non root.
I created my own repo where you can find all the files.
I build it locally:
docker build -t bram_ftp:v0.4 .
Sending build context to Docker daemon 8.704kB
Step 1/17 : FROM ubuntu:latest
---> f643c72bc252
Step 2/17 : RUN apt-get update && apt-get install -y --no-install-recommends vsftpd db-util sudo && apt-get clean
---> Using cache
---> 8ab5e8a0d3d7
Step 3/17 : RUN useradd -m ftpuser
---> Using cache
---> 179c738d8a8b
Step 4/17 : ENV FTP_USER admin
---> Using cache
---> 3f55c42bccda
Step 5/17 : ENV FTP_PASS admin
---> Using cache
---> a44874a4d54e
Step 6/17 : ENV PASV_ADDRESS=127.0.0.1
---> Using cache
---> 824c15835a7f
Step 7/17 : COPY vsftpd_virtual /etc/pam.d/
---> Using cache
---> 5045135bb1ca
Step 8/17 : COPY run-vsftpd.sh /usr/sbin/
---> Using cache
---> 30bd2be7d610
Step 9/17 : COPY config-vsftpd.sh /usr/sbin/
---> Using cache
---> 8347833c2f63
Step 10/17 : RUN /usr/sbin/config-vsftpd.sh
---> Using cache
---> 58237fe9a8be
Step 11/17 : COPY vsftpd.conf /etc/vsftpd/
---> Using cache
---> 92c9cbc75356
Step 12/17 : RUN chown -R ftpuser:ftpuser /etc/vsftpd/ && chown ftpuser:ftpuser /usr/sbin/*-vsftpd.sh && chmod +x /usr/sbin/*-vsftpd.sh && mkdir -p /var/run/vsftpd/empty
---> Running in 91f03e3198df
Removing intermediate container 91f03e3198df
---> 94cfaf7209a9
Step 13/17 : VOLUME /home/ftpuser/vsftpd
---> Running in cfdf44372c17
Removing intermediate container cfdf44372c17
---> 5d7416bd2844
Step 14/17 : VOLUME /var/log/vsftpd
---> Running in c2b5121adb49
Removing intermediate container c2b5121adb49
---> 620cc085a235
Step 15/17 : EXPOSE 20 21
---> Running in f12d22af36cc
Removing intermediate container f12d22af36cc
---> 1dd7698c18b3
Step 16/17 : USER ftpuser
---> Running in d7a2cdcc3aa1
Removing intermediate container d7a2cdcc3aa1
---> 3a88a4a89ac8
Step 17/17 : CMD ["/usr/sbin/run-vsftpd.sh"]
---> Running in 86f5dec18f71
Removing intermediate container 86f5dec18f71
---> 50fdae730864
Successfully built 50fdae730864
Successfully tagged bram_ftp:v0.4
When I run it locally as described in the README then the container just keeps restarting and I do not see any logs/errors.
When I run the container interactively (so -it instead of -d) instead of as daemon I get this error:
docker run -it -v /tmp/vsftpd:/home/ftpuser/vsftpd \
-p 20:20 -p 21:21 -p 47400-47470:47400-47470 \
-e FTP_USER=admin \
-e FTP_PASS=admin \
-e PASV_ADDRESS=127.0.0.1 \
--name ftp \
--restart=always \bram_ftp:v0.4
500 OOPS: config file not owned by correct user, or not a file
But when I check with what user the container is running and the vsftpd.conf permissions are everything seems to be fine:
docker run bram_ftp:v0.4 id
uid=1000(ftpuser) gid=1000(ftpuser) groups=1000(ftpuser)
docker run bram_ftp:v0.4 ls -la /etc/vsftpd
total 28
drwxr-xr-x 1 ftpuser ftpuser 4096 Dec 31 13:12 .
drwxr-xr-x 1 root root 4096 Dec 31 14:28 ..
-rw-r--r-- 1 ftpuser ftpuser 12288 Dec 31 13:12 virtual_users.db
-rw-r--r-- 1 ftpuser ftpuser 12 Dec 31 13:12 virtual_users.txt
-rw-r--r-- 1 ftpuser ftpuser 1734 Dec 31 13:09 vsftpd.conf
When I run the container like below I can get in the container wothout issues:
docker run -it bram_ftp:v0.4 bash
ftpuser#5358b2368c55:/$
I then start vsftpd manually:
docker run -it bram_ftp:v0.4 bash
ftpuser#5358b2368c55:/$ vsftpd /etc/vsftpd/vsftpd.conf
If I then check what processes are running in the container I see this:
docker exec 5358b2368c55 ps -ef
UID PID PPID C STIME TTY TIME CMD
ftpuser 1 0 0 14:31 pts/0 00:00:00 bash
ftpuser 10 1 0 14:32 pts/0 00:00:00 vsftpd /etc/vsftpd/vsftpd.conf
ftpuser 11 0 0 14:33 ? 00:00:00 ps -ef
I don't have any experience with vsftpd so I have no clue what I am doing wrong here. Hope someone can help me out.

Flink Docker Image

I am new in Docker, I am trying to create Flink docker image. Docker image is showing created successfully. But I have a doubt, I can not see Flink binaries in /opt path as mentioned in Dockerfile.
How do I know my Flink Docker image is created successfully.
Screenshot from console, few set of commands are highlighted in red color, means is it OK ?
Status showing Flink Docker image is created:
Please help me. Thank you....
Full Log:
sudo /home/develk/cntx_eng/build.sh \
> --job-artifacts /home/develk/cntx_eng/FlinkContextEnginePoc-0.0.1-SNAPSHOT.jar \
> --from-archive /home/develk/cntx_eng/flink-1.4.0-bin-hadoop24-scala_2.11.tgz \
> --image-name contxeng-flink-poc:1.4.0
--job-artifacts
/home/develk/cntx_eng/FlinkContextEnginePoc-0.0.1-SNAPSHOT.jar
--from-archive
JOB_ARTIFACTS_PATH : /home/develk/cntx_eng/FlinkContextEnginePoc-0.0.1-SNAPSHOT.jar
FROM_ARCHIVE : /home/develk/cntx_eng/flink-1.4.0-bin-hadoop24-scala_2.11.tgz
HADOOP_VERSION :
FLINK_VERSION :
-------------------------Arg Values---------------------------
FLINK_DIST : _TMP_/flink.tgz
JOB_ARTIFACTS_TARGET : _TMP_/artifacts
SHADED_HADOOP :
IMAGE_NAME : contxeng-flink-poc:1.4.0
--------------------------------------------------------------
Sending build context to Docker daemon 606.6MB
Step 1/23 : FROM openjdk:8-jre-alpine
---> f7a292bbb70c
Step 2/23 : RUN apk add --no-cache bash snappy libc6-compat
---> Using cache
---> 9e84497f3616
Step 3/23 : ENV FLINK_INSTALL_PATH=/opt
---> Using cache
---> 87bc358ccf00
Step 4/23 : ENV FLINK_HOME $FLINK_INSTALL_PATH/flink
---> Using cache
---> 712ba8d54555
Step 5/23 : ENV FLINK_LIB_DIR $FLINK_HOME/lib
---> Using cache
---> 80e7b085252e
Step 6/23 : ENV FLINK_PLUGINS_DIR $FLINK_HOME/plugins
---> Using cache
---> 7d39101e47d3
Step 7/23 : ENV FLINK_OPT_DIR $FLINK_HOME/opt
---> Using cache
---> 9bff7fc7145d
Step 8/23 : ENV FLINK_JOB_ARTIFACTS_DIR $FLINK_INSTALL_PATH/artifacts
---> Using cache
---> b0c01f3aab84
Step 9/23 : ENV FLINK_USR_LIB_DIR $FLINK_HOME/usrlib
---> Using cache
---> f4236bc26cab
Step 10/23 : ENV PATH $PATH:$FLINK_HOME/bin
---> Using cache
---> 2cb7cd442b6f
Step 11/23 : ARG flink_dist=NOT_SET
---> Using cache
---> 1a6fc691baa2
Step 12/23 : ARG job_artifacts=NOT_SET
---> Using cache
---> e11400e03120
Step 13/23 : ARG python_version=NOT_SET
---> Using cache
---> 313089fd991e
Step 14/23 : ARG hadoop_jar=NOT_SET*
---> Using cache
---> ccbef4dfa806
Step 15/23 : RUN if [ "$python_version" = "2" ]; then apk add --no-cache python; elif [ "$python_version" = "3" ]; then apk add --no-cache python3 && ln -s /usr/bin/python3 /usr/bin/python; fi
---> Using cache
---> 7e6dca36dad4
Step 16/23 : ADD $flink_dist $hadoop_jar $FLINK_INSTALL_PATH/
---> 5afb7a8e5414
Step 17/23 : ADD $job_artifacts/* $FLINK_JOB_ARTIFACTS_DIR/
---> c2789d3d80b3
Step 18/23 : RUN set -x && ln -s $FLINK_INSTALL_PATH/flink-[0-9]* $FLINK_HOME && ln -s $FLINK_JOB_ARTIFACTS_DIR $FLINK_USR_LIB_DIR && if [ -n "$python_version" ]; then ln -s $FLINK_OPT_DIR/flink-python*.jar $FLINK_LIB_DIR; fi && if [ -f ${FLINK_INSTALL_PATH}/flink-shaded-hadoop* ]; then ln -s ${FLINK_INSTALL_PATH}/flink-shaded-hadoop* $FLINK_LIB_DIR; fi && addgroup -S flink && adduser -D -S -H -G flink -h $FLINK_HOME flink && chown -R flink:flink ${FLINK_INSTALL_PATH}/flink-* && chown -R flink:flink ${FLINK_JOB_ARTIFACTS_DIR}/ && chown -h flink:flink $FLINK_HOME
---> Running in c4cb70216f08
+ ln -s /opt/flink-1.4.0 /opt/flink-1.4.0-bin-hadoop24-scala_2.11.tgz /opt/flink
+ ln -s /opt/artifacts /opt/flink/usrlib
+ '[' -n ]
+ '[' -f /opt/flink-shaded-hadoop-2-uber-2.4.1-8.0.jar ]
+ ln -s /opt/flink-shaded-hadoop-2-uber-2.4.1-8.0.jar /opt/flink/lib
+ addgroup -S flink
+ adduser -D -S -H -G flink -h /opt/flink flink
+ chown -R flink:flink /opt/flink-1.4.0 /opt/flink-1.4.0-bin-hadoop24-scala_2.11.tgz /opt/flink-shaded-hadoop-2-uber-2.4.1-8.0.jar
+ chown -R flink:flink /opt/artifacts/
+ chown -h flink:flink /opt/flink
Removing intermediate container c4cb70216f08
---> 459b1156294b
Step 19/23 : COPY docker-entrypoint.sh /
---> d4ae4be34415
Step 20/23 : USER flink
---> Running in 95a2c9234cd5
Removing intermediate container 95a2c9234cd5
---> ebdc913c7dd9
Step 21/23 : EXPOSE 8081 6123
---> Running in f6fad553a1d7
Removing intermediate container f6fad553a1d7
---> 51e6c57d2bde
Step 22/23 : ENTRYPOINT ["/docker-entrypoint.sh"]
---> Running in 09e7c0759fb6
Removing intermediate container 09e7c0759fb6
---> 99cdeb095b8f
Step 23/23 : CMD ["--help"]
---> Running in f985bd546dcf
Removing intermediate container f985bd546dcf
---> 039086df61e6
Successfully built 039086df61e6
Successfully tagged contxeng-flink-poc:1.4.0
Seems like everything went well.
To see which containers are running:
docker ps
contxeng-flink-poc:1.4.0, should be in there.
If you actually want to interact with Flink you should expose some ports.
The Flink dashboard for example runs on port 8081 of your container.
You can also get an interactive bash shell into your container by running the following command (if your container has bash installed):
docker exec -it contxeng-flink-poc:1.4.0 bash
That's where you will find your Flink binaries.
If the container is not running, check if it was built:
docker images
If that's the case, run it:
docker run -d contxeng-flink-poc:1.4.0

How to include Yourkit inside a neo4j docker image?

while trying to use the 3.5.5 enterprise Dockerfile (https://github.com/neo4j/docker-neo4j-publish/blob/master/3.5.5/community/Dockerfile) and to add YourKit's Docker related commands (https://www.yourkit.com/docs/java/help/docker.jsp)
so first I tried to docker build the Dockerfile without the Yourkit changes but I get this error:
Sending build context to Docker daemon 3.072kB │·······················
Step 1/13 : FROM openjdk:8-jre-alpine │·······················
---> f7a292bbb70c │·······················
Step 2/13 : RUN addgroup -S neo4j && adduser -S -H -h /var/lib/neo4j -G neo4j neo4j │·······················
---> Using cache │·······················
---> e0b1355abc58 │·······················
Step 3/13 : ENV NEO4J_SHA256=0421bb95fd377a1a45cd0a22f3f4163d8b2b07d1f9d8979e42c7f1952961ab92 NEO4J_TARBALL=neo4j-enterprise-3.5.5-unix.tar.gz NEO4J_EDITION=enterprise │·······················
NEO4J_HOME="/var/lib/neo4j" │·······················
---> Running in f33c9400f05b │·······················
Removing intermediate container f33c9400f05b │·······················
---> b5db09236a0f │·······················
Step 4/13 : ARG NEO4J_URI=http://dist.neo4j.org/neo4j-enterprise-3.5.5-unix.tar.gz │·······················
---> Running in 722c0d5ef000 │·······················
Removing intermediate container 722c0d5ef000 │·······················
---> 05ff355a8396 │·······················
Step 5/13 : COPY ./local-package/* /tmp/ │·······················
COPY failed: no source files were specified```
(edited)
Once this works I will add the yourkit specific RUN commands.
One could simply do the following instead:
FROM neo4j:3.5.5
RUN wget https://www.yourkit.com/download/docker/YourKit-JavaProfiler-2019.1-docker.zip -P /tmp/ && \
unzip /tmp/YourKit-JavaProfiler-2019.1-docker.zip -d /usr/local && \
rm /tmp/YourKit-JavaProfiler-2019.1-docker.zip
RUN apk add --no-cache --quiet libc6-compat
ENV PATH "${NEO4J_HOME}"/bin:/lib64:$PATH
ENV LD_LIBRARY_PATH /lib64:$LD_LIBRARY_PATH
VOLUME /data /logs
EXPOSE 7474 7473 7687 10001
ENTRYPOINT ["/sbin/tini", "-g", "--", "/docker-entrypoint.sh"]
CMD ["neo4j"]

Dockerfile: create ENV variable that a USER can see?

Is there a way to set an ENV variable for a custom USER in a docker file?
I am trying the following:
FROM some_repo/my_base_image
ENV FOO_VAR bar_value
USER webapp
# ... continued (not important)
But my "webapp" user can not see the "FOO_VAR" variable. HOWEVER, my root user CAN.
Any help would be appreciated.
Any user can see the environment variables:
$ cat Dockerfile
FROM debian
ENV foo bar
RUN groupadd -r am && useradd -r -g am am
USER am
$ docker build -t test .
...
$ docker run test bash -c 'echo $foo'
bar
So that's not what the problem is. It may be that your process forked a new environment, but I can't be sure as you haven't shared how you're checking the value.
If you switch user context using su within the dockerfile's ENTRYPOINT, CMD or docker exec ... using the form below you enter a new shell process for the given username that does not persist your original environment variables provided by the ENV targets through dockerfile, docker-compose yaml, or docker run -e ...
> su - username -c "run a process"
To avoid this behavior simply remove the dash - from the call like so:
> su username -c "run a process"
Your assigned docker environment variables will now persist.
For future reference, this also holds true within the Dockerfile (and not just for any container's user during run-time):
$ cat Dockerfile
FROM library/debian:9.5
ENV FOO="BAR"
RUN groupadd -r testuser && useradd -r -g testuser testuser
RUN mkdir -p /home/testuser && chown -R testuser /home/testuser
RUN echo "${FOO}" && echo "meh.${FOO}.blah"
USER testuser
RUN echo "${FOO}" && echo "meh.${FOO}.blah" | tee -a ~/test.xt
And docker build:
$ docker build -t test .
Sending build context to Docker daemon 2.048kB
Step 1/7 : FROM library/debian:9.5
---> be2868bebaba
Step 2/7 : ENV FOO="BAR"
---> Running in f2cd5ecca056
Removing intermediate container f2cd5ecca056
---> f6f7b3f26cad
Step 3/7 : RUN groupadd -r testuser && useradd -r -g testuser testuser
---> Running in ab9c0726cc1e
Removing intermediate container ab9c0726cc1e
---> dc9f2a35fb09
Step 4/7 : RUN mkdir -p /home/testuser && chown -R testuser /home/testuser
---> Running in 108b1c03323d
Removing intermediate container 108b1c03323d
---> 4a63e70fc886
Step 5/7 : RUN echo "${FOO}" && echo "meh.${FOO}.blah"
---> Running in 9dcdd6b73e7d
BAR
meh.BAR.blah
Removing intermediate container 9dcdd6b73e7d
---> c33504cadc37
Step 6/7 : USER testuser
---> Running in 596b0588dde6
Removing intermediate container 596b0588dde6
---> 075e2c861021
Step 7/7 : RUN echo "${FOO}" && echo "meh.${FOO}.blah" | tee -a ~/test.xt
---> Running in fb2648d8c120
BAR
meh.BAR.blah
Removing intermediate container fb2648d8c120
---> c7c1c69e200f
Successfully built c7c1c69e200f
Successfully tagged test:latest
(Yet for some reason it doesn't work for me in my own project, when I use the variables as a part of a curl URL target...)
here's what worked for me after browsing around the web looking for the answer:
in the dockerfile
...
RUN apt install sudo -y
ENV MY_VAR="some value"
...
now inside the container (or in my case the script i wrote to run inide it):
sudo -E -u my_user env # <- switch here to whatever command you want to execute
-E stands for preserve-env which means the env vars of the root user will be passed to my_user
heres my reference:
https://dev.to/pfreitag/passing-environment-variables-with-sudo-1ej6

Resources