Run multiple command after entrypoint with docker-compose - docker

I have been looking to the matrix of interaction of CMD and ENTRYPOINT and I can't found my way to have container running an entrypoint THEN a cmd with multiple commands
version: '3.8'
services:
test:
image: debian:buster-slim
entrypoint: [ "/entrypoint.sh" ]
volumes:
- ./entrypoint.sh:/entrypoint.sh
command: [ "echo" ,"toto","&&","echo","tutu" ]
where entrypoint.sh is a file containing :
#!/bin/bash
set -e
set -x
echo tata
exec "$#"
"should" print
tata
toto
tutu
but it's printing
tata
toto && echo tutu
I found a solution by replacing [ "echo" ,"toto","&&","echo","tutu" ] by "bash -c 'echo toto && echo tutu'" and then it work.
but I don't get why the first method do not work since the documentation say it will do :
exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd

The problem is generated by the exec command, which synopsis is:
exec [command [argument...]]
so it will only accept one command with multiple arguments.
Solution:
The solution is the one that you pointed out, by using sh -c '':
services:
test:
image: debian:buster-slim
entrypoint: [ "/entrypoint.sh" ]
volumes:
- ./entrypoint.sh:/entrypoint.sh
command: ["sh", "-c", "echo toto && echo tutu"]
because the final result will satisfy the exec command with one command and multiple arguments
On docker side, the official documentation explains the ENTRYPOINT vs CMD very well with this table:
docker table
source
If you combine CMD and ENTRYPOINT in the array context the result would be /entrypoint.sh "echo" "toto" "&&" "echo" "tutu" because each parameter of the CMD will be a parameter for the ENTRYPOINT
Here's the output of the example above executed directly in the terminal:
# ./entrypoint.sh "echo" "toto" "&&" "echo" "tutu"
+ echo tata
tata
+ exec echo toto '&&' echo tutu
toto && echo tutu
And this is the result of the docker-compose up
# docker-compose up
test_1 | + echo tata
test_1 | tata
test_1 | + exec echo toto '&&' echo tutu
test_1 | toto && echo tutu
root_test_1 exited with code 0
As you can see each parameter is passed in the array form so the '&&' is parsed as a string (note the single quotes).
Note:
The result you expected is this one:
# ./entrypoint.sh echo toto && echo tutu
+ echo tata
tata
+ exec echo toto
toto
tutu
In this scenario as you see the only parameter passed to the exec is the first echo toto.
echo tutu is executed in bash terminal after ./entrypoint.sh script exits.
Obviously if this would be parsed by docker as a separate command it will never be executed because the ENTRYPOINT will exit before the echo tutu command.

Related

Dockerfile - CMD with nohup

How can I put the following into Dockerfile? I'm rebuilding a image and have modified few things.
Upon inspecting the original image, I see that it has CMD in a weird format.
"Cmd": [
"/bin/sh",
"-c",
"#(nop) CMD [\"supervisord\" \"-c\" \"/etc/supervisor.conf\"]"
],
The Entrypoint script executes this as its argument. But I'm unsure how to add this in the new Dockerfile.
I'm not sure if I can have 2 CMD and not sure how to add the nohup in a Dockerfile
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["/bin/sh", "-c", "#(nop)"]
CMD ["supervisord","-c", "/etc/supervisor.conf"]
Here is the entrypoint.sh
#!/bin/bash
set -eo pipefail
# if command starts with an option, prepend supervisord
if [ "${1:0:1}" = '-' ]; then
set -- supervisord "$#"
fi
# Add local user;
# Either use the MARADNS_USER_ID if passed in at runtime or fallback.
USER_ID=${MARADNS_USER_ID:-9001}
echo "Starting with UID : $USER_ID"
usermod -u $USER_ID maradns
# update permissions
chown -R maradns.maradns /etc/maradns
chown -R maradns.maradns /var/cache/deadwood
# replace the UID and GID of the maradns user
MARADNS_UID=`id -u maradns`
MARADNS_GID=`id -g maradns`
cp /etc/mararc.custom /etc/mararc
sed -i -r "s/(maradns_uid\s*=\s*)([0-9]+)(.*)/\1${MARADNS_UID}\3/" /etc/mararc
sed -i -r "s/(maradns_gid\s*=\s*)([0-9]+)(.*)/\1${MARADNS_GID}\3/" /etc/mararc
# bind maradns on container host
MARADNS_ADDRESS=`ifconfig eth0 | grep 'inet addr:' | cut -d ' ' -f12 | cut -d ':' -f2`
sed -i -r "s/(ipv4_bind_addresses\s*=\s*)(.*)(.*)/\1\"${MARADNS_ADDRESS}\"\3/" /etc/mararc
# copy filebeat configuration
cp /etc/filebeat/filebeat.yml.custom /etc/filebeat/filebeat.yml
# run command
exec "$#"

Does GitLab CI treat Docker entrypoint & cmd differently somehow?

I'm getting some unexpected behaviour when trying to run a GitLab CI job inside a custom Docker container. It runs as expected outside GitLab. I don't even know what it is I'm not understanding... perhaps there's something about how GitLab runs docker containers that I'm missing, or how Docker ENTRYPOINT and CMD work together, or is it even just a mistake in my shell script?
My custom Docker image is intended to run Percy CLI commands. It's based on node:12-slim and basically just installs Puppeteer and Percy. It sets the ENTRYPOINT to a custom shell script:
ENTRYPOINT ["/usr/bin/local/percy-entrypoint.sh"]
but doesn't override the base image CMD.
My entrypoint script essentially just checks for a couple of env vars (and chucks out some debug stuff), then runs a "sitemap" function:
echo "All args:"
echo "$#"
if [ "$1" = "sitemap" ] ; then
percy exec -- node /sitemap.js
else
exec "$#"
fi
I'm running it from a GitLab-CI job as:
snapshot:
stage: test
image: my/percy-buildbox:latest
script:
- sitemap
variables:
PERCY_TOKEN: ${PERCY_TOKEN}
SITEMAP_URL: percy-sitemap.xml
The output generated by this job is:
All args:
sh -c if [ -x /usr/local/bin/bash ]; then
exec /usr/local/bin/bash
elif [ -x /usr/bin/bash ]; then
exec /usr/bin/bash
elif [ -x /bin/bash ]; then
exec /bin/bash
elif [ -x /usr/local/bin/sh ]; then
exec /usr/local/bin/sh
elif [ -x /usr/bin/sh ]; then
exec /usr/bin/sh
elif [ -x /bin/sh ]; then
exec /bin/sh
elif [ -x /busybox/sh ]; then
exec /busybox/sh
else
echo shell not found
exit 1
fi
$ sitemap
/bin/bash: line 134: sitemap: command not found
I don't even... where's all that if stuff coming from? What's it doing? Where am I going wrong?

Do docker-compose's two `command` forms behave differently?

In Dockerfile, we can specify the CMD to be in one of three different forms:
...
CMD ["executable","param1","param2"] (exec form, this is the preferred form)
CMD ["param1","param2"] (as default parameters to ENTRYPOINT)
CMD command param1 param2 (shell form)
...
If you use the shell form of the CMD, then the <command> will execute in /bin/sh -c:
FROM ubuntu
CMD echo "This is a test." | wc -
If you want to run your <command> without a shell then you must express the command as a JSON array and give the full path to the executable. This array form is the preferred format of CMD. Any additional parameters must be individually expressed as strings in the array:
FROM ubuntu
CMD ["/usr/bin/wc","--help"]
Source
In docker-compose, we can also use two different forms for its command:
...
Override the default command.
command: bundle exec thin -p 3000
The command can also be a list, in a manner similar to dockerfile:
command: ["bundle", "exec", "thin", "-p", "3000"]
Source
Do these two different forms in docker-compose behave the same way as the exec and shell forms in Dockerfile do?
No they do not. docker-compose's command always uses the equivalent of Dockerfile's exec form. This can be easily seen with a quick demo:
Dockerfile with shell form processes shell symbols:
FROM alpine:3.11.5
CMD echo foo && echo bar
$ docker run example
foo
bar
Dockerfile with exec form doesn't do any shell processing:
FROM alpine:3.11.5
CMD ["echo", "foo", "&&", "echo", "bar"]
$ docker run example
foo && echo bar
docker-compose's first command form doesn't do any shell processing:
version: "3.7"
services:
example:
image: alpine:3.11.5
command: echo foo && echo bar
$ docker-compose up
Starting example_example_1 ... done
Attaching to example_example_1
example_1 | foo && echo bar
example_example_1 exited with code 0
And neither does docker-compose's second command form:
version: "3.7"
services:
example:
image: alpine:3.11.5
command: ["echo", "foo", "&&", "echo", "bar"]
$ docker-compose up
Starting example_example_1 ... done
Attaching to example_example_1
example_1 | foo && echo bar
example_example_1 exited with code 0
 
So, if one does want shell processing in docker-compose's command, it has to be explicitly enabled by passing the command to sh -c:
version: "3.7"
services:
example:
image: alpine:3.11.5
command: sh -c "echo foo && echo bar"
$ docker-compose up
Starting example_example_1 ... done
Attaching to example_example_1
example_1 | foo
example_1 | bar
example_example_1 exited with code 0

Run process with non-root user in docker container

I'm building redis sentinal image that run.sh should run as non-rootuser
run.sh
while true; do
master=$(redis-cli -h ${REDIS_SENTINEL_SERVICE_HOST} -p ${REDIS_SENTINEL_SERVICE_PORT} --csv SENTINEL get-master-addr-by-name mymaster | tr ',' ' ' | cut -d' ' -f1)
if [[ -n ${master} ]]; then
master="${master//\"}"
else
master=$(hostname -i)
fi
redis-cli -h ${master} INFO
if [[ "$?" == "0" ]]; then
break
fi
echo "Connecting to master failed. Waiting..."
sleep 10
done
sentinel_conf=/home/ubuntu/sentinel.conf
echo "sentinel monitor mymaster ${master} 6379 2" > ${sentinel_conf}
echo "sentinel down-after-milliseconds mymaster 60000" >> ${sentinel_conf}
echo "sentinel failover-timeout mymaster 180000" >> ${sentinel_conf}
echo "sentinel parallel-syncs mymaster 1" >> ${sentinel_conf}
echo "bind 0.0.0.0" >> ${sentinel_conf}
redis-sentinel ${sentinel_conf} --protected-mode no
}
function launchslave() {
while true; do
master=$(redis-cli -h ${REDIS_SENTINEL_SERVICE_HOST} -p ${REDIS_SENTINEL_SERVICE_PORT} --csv SENTINEL get-master-addr-by-name mymaster | tr ',' ' ' | cut -d' ' -f1)
if [[ -n ${master} ]]; then
master="${master//\"}"
else
echo "Failed to find master."
sleep 60
exit 1
fi
redis-cli -h ${master} INFO
if [[ "$?" == "0" ]]; then
break
fi
echo "Connecting to master failed. Waiting..."
sleep 10
done
sed -i "s/%master-ip%/${master}/" /redis-slave/redis.conf
sed -i "s/%master-port%/6379/" /redis-slave/redis.conf
redis-server /redis-slave/redis.conf --protected-mode no
Dockerfile
FROM alpine:3.4
RUN apk add --no-cache redis sed bash busybox-suid
#su: must be suid to work properly
COPY redis-master.conf /redis-master/redis.conf
COPY redis-slave.conf /redis-slave/redis.conf
RUN adduser -D ubuntu
USER ubuntu
COPY run.sh /home/ubuntu/run.sh
CMD [ "sh", "/home/ubuntu/run.sh" ]
ENTRYPOINT [ "bash", "-c" ]
I deployed in Openshift. The container is continuously restarting and I dont see any logs also. I have seen the some logs before when the "run.sh" is root(default) i.e not mentioned any adduser in Dockerfile.
According to the docker documentation:
Both CMD and ENTRYPOINT instructions define what command gets executed when running a container.
There are few rules that describe their co-operation:
1. Dockerfile should specify at least one of CMD or ENTRYPOINT commands.
2. CMD will be overridden when running the container with alternative arguments.
CMD and ENTRYPOINT layers are completely different in the above Dockerfile, so ENTRYPOINT overrides CMD layer and that's why CMD layer is never executed.
Just delete ENTRYPOINT layer from the Dockerfile, it is not needed here:
FROM alpine:3.4
RUN apk add --no-cache redis sed bash busybox-suid
#su: must be suid to work properly
COPY redis-master.conf /redis-master/redis.conf
COPY redis-slave.conf /redis-slave/redis.conf
RUN adduser -D ubuntu
USER ubuntu
COPY run.sh /home/ubuntu/run.sh
CMD [ "sh", "/home/ubuntu/run.sh" ]
Update:
I see that [[ ]] is used in run.sh script. This construction works in bash, not in sh. That's why the Dockerfile should be the following:
FROM alpine:3.4
RUN apk add --no-cache redis sed bash busybox-suid
#su: must be suid to work properly
COPY redis-master.conf /redis-master/redis.conf
COPY redis-slave.conf /redis-slave/redis.conf
RUN adduser -D ubuntu
USER ubuntu
COPY run.sh /home/ubuntu/run.sh
CMD [ "bash", "/home/ubuntu/run.sh" ]

Docker check if file exists in healthcheck

How do I wait until a file is created in docker? I'm trying the code below, but it doesn't work. If I execute bash -c [ -f /tmp/asdasdasd ] separate from docker shell, it gives me the correct result.
Dockerfiletest:
FROM alpine:3.6
RUN apk update && apk add bash
docker-compose.yml:
version: '2.1'
services:
testserv:
build:
context: .
dockerfile: ./Dockerfiletest
command:
bash -c "rm /tmp/a && sleep 5 && touch /tmp/a && sleep 100"
healthcheck:
# I tried adding '&& exit 1', '|| exit `' it doesn't work.
test: bash -c [ -f /tmp/a ]
timeout: 1s
retries: 20
docker-compose up + wait 10s + docker ps:
: docker ps
STATUS
Up About a minute (health: starting)
I believe you are missing quotes on the command to run. bash -c only accepts one parameter, not a list, so you need to quote the rest of that line to pass it as a single parameter:
bash -c "[ -f /tmp/a ]"
To see the results of your healthcheck, you can run:
docker inspect $container_id -f '{{ json .State.Health.Log }}' | jq .
It turns out that besides missing quotes I also checked existence of socket via -f when I should do
bash -c '[ -S /tmp/uwsgi.sock ]'
Furthermore interval: 5s could be used to decrease default 5s interval.

Resources