How to forward local-user's groups to the container? - docker

My docker command is pretty rich, but still I am not able to see all the local-user's groups when I am inside container. Question is how can I do that?
So from outside docker:
$>>groups
<$USER> adm cdrom sudo dip video plugdev lpadmin sambashare docker
My docker-run command:
docker run -it \
--restart=on-failure:5 \
--name amr_sdk_docker \
--user "$(id --user):$(id --group)" \
--group-add "$(id --group)" \
--hostname "$(hostname)" \
--env "USER=$(whoami)" \
--env "DISPLAY=$DISPLAY" \
--env="QT_X11_NO_MITSHM=1" \
--network=host \
--security-opt apparmor:unconfined \
--security-opt=no-new-privileges \
--pids-limit 128 \
--volume /tmp/.X11-unix:/tmp/.X11-unix \
--volume "${HOME}":/home/"$(whoami)":rw \
--volume "${HOME}"/.cache:/.cache:rw \
--volume /run/user:/run/user \
--volume /var/run/nscd/socket:/var/run/nscd/socket:ro \
--volume /etc/ssl/certs/:/etc/ssl/certs/:ro \
--volume /etc/ssh/:/etc/ssh/:ro \
--volume /usr/share/ca-certificates:/usr/share/ca-certificates:ro \
--volume /etc/passwd:/etc/passwd:ro \
--volume /etc/group:/etc/group:ro \
--volume /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro \
--volume /dev:/dev \
--volume /lib/modules:/lib/modules \
--volume /tmp:/tmp:rw \
--privileged \
<image_name:tag>
And after above command, from inside container:
$ groups
<$USER>

I'm not sure I understand your problem exactly, however you are currently passing only the effective group ID with --group-add. This is already taken care of by:
--user "$(id --user):$(id --group)"
What you might be missing is adding a --group-add argument for each of your local group IDs, which can be identified for your user on the host with:
id --groups

Related

Add cache to jwilder/nginx-proxy Docker

Im trying to activate the cache in docker jwilder/nginx-proxy.
here is my docker run :
docker run \
--detach \
--restart always \
--publish 80:80 \
--publish 443:443 \
--name nginx-proxy \
--network nginx-proxy \
--volume /var/run/docker.sock:/tmp/docker.sock:ro \
--volume nginx-certs:/etc/nginx/certs \
--volume nginx-vhost:/etc/nginx/vhost.d \
--volume nginx-html:/usr/share/nginx/html \
jwilder/nginx-proxy
and how i add Vhost :
docker run \
--detach \
--restart always \
--name dev-website-1\
--network nginx-proxy \
--env VIRTUAL_HOST=website-1.com \
--env LETSENCRYPT_HOST=website-1.com \
--env LETSENCRYPT_EMAIL="info#website-1.com" \
jhay/image-website-1:latest
Im wondering how to "configured a proxy_cache my-cache" like its explain in the doc ?
https://hub.docker.com/r/jwilder/nginx-proxy
Can i set the proxy_cache in the Dockerfile of jwilder/nginx-proxy when i build it ?
and after i add to the Dockerfile of website-1 when i build it ?
$ { echo 'proxy_cache my-cache;'; echo 'proxy_cache_valid 200 302 60m;'; echo 'proxy_cache_valid 404 1m;' } > /path/to/vhost.d/website-1_location
Thank you for your help

Docker GitLab-CE: ulimit

on saturday I tried to install Gitlab-CE on a new root Ubuntu Server. I got this error:
/opt/gitlab/embedded/bin/runsvdir-start: line 24: ulimit: pending signals: cannot modify limit: Operation not permitted
/opt/gitlab/embedded/bin/runsvdir-start: line 37: /proc/sys/fs/file-max: Read-only file system
After setting the password and login (first time), gitlab shows me 404!
I already tried docker exec -it gitlab update-permissions, increase ulimit and so on!
sudo docker run -i \
--hostname ubuntu \
--publish 10443:443 --publish 10080:80 --publish 10022:22 \
--sysctl net.core.somaxconn=1024 \
--ulimit sigpending=62793 \
--ulimit nproc=131072 \
--ulimit nofile=60000 \
--ulimit core=0 \
--name gitlab \
--restart always \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
--volume /srv/gitlab/logs/reconfigure:/var/log/gitlab/reconfigure \
gitlab/gitlab-ce:latest
I definitely spent 15 hours on Google and tried out fixes. So far no chance
Had the same issue and was able to get my local Docker gitlab-ce working by adding:
--privileged
See this issue:3047

docker volume not found for configuration option

I am trying to run this docker command
docker run --rm --name lighthouse -it \
-v $PWD/test-results/lighthouse:/home/chrome/reports \
-v $PWD/lighthouse:/lighthouse \
--cap-add=SYS_ADMIN femtopixel/google-lighthouse \
--config-path=/lighthouse/config/custom-config.js \
$full_url \
--output html \
--output json
But it is not picking up the --config-path argument, somehow I have the volume mapped wrong.
I am trying to create a volume called lighthouse but I get this error:
/usr/bin/entrypoint: 11: exec:
--config-path=/lighthouse/config/custom-config.js: not found
You should be sending the url as the first parameter I think
docker run --rm --name lighthouse -it \
-v $PWD/test-results/lighthouse:/home/chrome/reports \
-v $PWD/lighthouse:/lighthouse \
--cap-add=SYS_ADMIN femtopixel/google-lighthouse \
$full_url \
--config-path=/lighthouse/config/custom-config.js \
--output html \
--output json

Run Jenkins on different port on a docker container

I'm trying to run Jenkins on docker by using a different port. By default Jenkins is running on port 8080, but this port is used by different service in my machine. I would like to run Jenkins on a different port.
I have used the following command without any success:
docker run \
-u root \
--rm \
-d \
--name jenkins \
-p 8081:8081 \
-p 50000:50000 \
--env JAVA_OPTS="--httpPort=8081" \
-v jenkins-data:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkinsci/blueocean
Any ideas?
--env JAVA_OPTS="--httpPort=8081" \
not JAVA_OPTS, change it like this:
-e JENKINS_OPTS="--httpPort=8081"
Use this:
docker run \
-u root \
--rm \
-d \
--name jenkins \
-p 8081:8080 \
-p 50000:50000 \
-v jenkins-data:/var/jenkins_home \
-v /var/run/docker.sock:/var/run/docker.sock \
jenkinsci/blueocean

Pass flag to cAdvisor with docker

I am running cAdvisor using the following code as instructed here:
sudo docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \
--publish=8080:8080 \
--detach=true \
--name=cadvisor \
google/cadvisor:latest
I need to pass the following flag to cAdvisor as suggested in this answer:
--enable_load_reader=true
How do I pass that flag to cAdvisor?
The google/cadvisor container behaves like the binary itself, therefore you can just append the option to the end of the docker run ... command.
You would also like to add the --net host option to your docker run command as noted here:
sudo docker run \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:ro \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \
--publish=8080:8080 \
--detach=true \
--net host \
--name=cadvisor \
google/cadvisor:latest \
--enable_load_reader=true

Resources