I'm attempting to SSHFS from the container to a remote server, with the mount created during the Dockerfile build.
The mount command works if executed in the already running container, and will work if I make the command the entrypoint (but then I have to string on the real entrypoint script on the end with a ; which feels too klugy.)
If I put the command in the Dockerfile with a RUN, it fails with a fuse: device not found, try 'modprobe fuse' first error.
Here's the files...
install.sh
#!/bin/bash
USAGE="install.sh <dir_to_parse> <filetype_to_parse>"
if [ $# -lt 2 ]
then
echo "$USAGE"
exit 1
fi
REMOTE_DIR=$1 FILE_EXTENSION=$2 docker-compose -p '' -f docker-compose.yml up -d --build
docker-compose.yml
version: "3"
services:
source.test:
build:
context: .
dockerfile: ./Dockerfile
image: test.source
container_name: test.source
environment:
ELASTIC_HOST: “http://<redacted>:<redacted>”
REMOTE_SERVER: <redacted>
REMOTE_USER: <redacted>
REMOTE_KEY: /etc/ssl/certs/<redacted>
FEEDER_URL: http://<redacted>/api
MONGOHOST: mongo
WALKDIRS: <redacted>
REMOTE_DIR: ${REMOTE_DIR}
FILE_EXTENSION: ${FILE_EXTENSION}
volumes:
- /etc/ssl/certs/:/etc/ssl/certs/
ports:
- 127.0.0.1:6000:80
cap_add:
- SYS_ADMIN
devices:
- "/dev/fuse:/dev/fuse"
security_opt:
- "apparmor:unconfined"
networks:
default:
external:
name: test
Dockerfile
FROM ubuntu:18.04
RUN apt-get update && apt-get -y install \
fuse \
sshfs
COPY <redacted> /etc/ssl/certs/<redacted>
COPY fuse.conf /etc/fuse.conf
RUN chown root:root /etc/fuse.conf
RUN chmod 644 /etc/fuse.conf
RUN mkdir /mnt/filestobeparsed
# Fails with fuse: device not found
RUN sshfs username#<xxx.xxx.xxx.xxx>:/remote/path /mnt/filestobeparsed -o StrictHostKeyChecking=no,IdentityFile=/etc/ssl/certs/<redacted>,auto_cache,reconnect,transform_symlinks,follow_symlinks,allow_other
ENTRYPOINT tail -f /dev/null
# Works but is klugy
#ENTRYPOINT sshfs username#<xxx.xxx.xxx.xxx>:/remote/path /mnt/filestobeparsed -o StrictHostKeyChecking=no,IdentityFile=/etc/ssl/certs/<redacted>,auto_cache,reconnect,transform_symlinks,follow_symlinks,allow_other; tail -f /dev/null
Related
I am deploying on AWS clamav
whos Dockerfile is :
FROM alpine:3.14
LABEL maintainer="Markus Kosmal <code#m-ko.de>"
RUN apk add --no-cache bash clamav clamav-daemon clamav-libunrar
COPY conf /etc/clamav
COPY bootstrap.sh /
COPY envconfig.sh /
COPY check.sh /
RUN mkdir /var/run/clamav && \
chown clamav:clamav /var/run/clamav && \
chmod 750 /var/run/clamav && \
chown -R clamav:clamav bootstrap.sh check.sh /etc/clamav && \
chmod u+x bootstrap.sh check.sh
EXPOSE 3310/tcp
USER clamav
CMD ["/bootstrap.sh"]
and since I am using a mirror I am testing locally using a docker-compose file
version: "3.7"
services:
mirror:
build:
context: .
dockerfile: mirror/Dockerfile
ports:
- "8080:8080"
clamav:
build:
context: ../clamav
environment:
CLAMAVDATABASEMIRROR: "http://0.0.0.0:8080"
depends_on:
- mirror
ports:
- "3310:3310"
services work fine and when I run docker-compose up --build I can see from the logs that the services is pulling the daily update and stuff.
if I run docker container ls
I get that clamav has ports: 3310/tcp wheras the mirror has a mapped port on my local host
0.0.0.0:8080->8080/tcp
and I can run curl localhost:8080
But If I try and curl localhost on 3310 I get
curl: (52) Empty reply from server
now: how do I perform a healthcheck on the clamav service?
I'm using Docker to host a Jena/Fuseki container. I have a very outdated Fuseki instance on another server that I would like to migrate the data from. I've backed up the old server into a .nq file, but I can't create a new datastore with this file.
Dockerfile:
FROM openjdk:10
ENV JENAVERSION=3.7.0
ENV FUSEKI_HOME=/fuseki
RUN mkdir /fuseki
RUN mkdir /jena
RUN wget http://apache.claz.org/jena/binaries/apache-jena-fuseki-$JENAVERSION.tar.gz -P /tmp \
&& tar -zxvf /tmp/apache-jena-fuseki-$JENAVERSION.tar.gz -C /tmp \
&& mv -v /tmp/apache-jena-fuseki-$JENAVERSION/* /fuseki
RUN wget http://apache.claz.org/jena/binaries/apache-jena-$JENAVERSION.tar.gz -P /tmp \
&& tar -zxvf /tmp/apache-jena-$JENAVERSION.tar.gz -C /tmp \
&& mv -v /tmp/apache-jena-$JENAVERSION/* /jena
EXPOSE 3030
ENTRYPOINT ["/bin/bash", "/fuseki/fuseki-server"]
Docker-Compose file:
version: '2'
services:
fuseki_test:
build:
context: /docker/buildfiles/
dockerfile: /docker/buildfiles/fuseki
restart: unless-stopped
ports:
- "19095:3030"
volumes:
- "/docker/jena2/databases/data:/run/databases/PDE_PROD"
- "/docker/jena2/backups:/run/backups"
- "/docker/jena2/shiro.ini:/run/shiro.ini:ro"
- "/docker/jena2/fuseki-tdb2.ttl:/run/config.ttl:ro"
- "/docker/data:/staging"
environment:
- ADMIN_PASSWORD=password
- JVM_ARGS=-Xmx16g
Here's the command I used to try to load the data:
/bin/bash /jena/bin/tdb2.tdbloader --loc=/run/databases/PDE_PROD /staging/PDE_DEV_2_2018-02-15_12-51-30.nq
Everything loads without errors, the data shows up in the folder I would expect, no errors starting Fuseki, but no triples show up.
I have the following Dockerfile (I've removed what is not relevant):
FROM centos:centos6
ENV TERM=xterm
ARG INSTALL_WKHTMLTOPDF=no
ARG WKHTMLTOPDF_VERSION=latest
ARG INSTALL_PDFTK=no
ARG PDFTK_VERSION=latest
ARG PHP_VERSION=default
...
COPY container-files /
...
EXPOSE 80 9001
WORKDIR /var/www/html
ENTRYPOINT bash -C '/entrypoint.sh';'bash'
The entrypoint.sh is as follow:
#!/bin/bash
set -e
if [ "$UID" == 0 ]; then
uid=1000;
else
uid=${UID};
fi
if [ -z "${GID}" ]; then
gid=1000;
else
gid=${GID};
fi
echo "UID: $uid"
echo "GID: $gid"
touch /var/log/xdebug.log
chown apache:root /var/log/xdebug.log
rm -f /var/run/apache2/apache2.pid
exec httpd -DFOREGROUND "$#"
And finally the docker-compose.yml file:
version: '3.4'
services:
erx:
image: arx_dev
ports:
- "80:80"
environment:
VHOST_DOCUMENT_ROOT: /var/www/html
volumes:
- ./server_logs:/var/log/:ro
After build the image and try docker-compose up -d it does not start because touch can't create the file in a RO filesystem.
PS F:\Development\docker\rx> docker logs rx_erx_1
UID: 1000
GID: 1000
touch: cannot touch `/var/log/xdebug.log': Read-only file system
PS F:\Development\docker\rx>
How I can create the file and then mount the /var/log as read only? I would like to check some logs from the host directly and avoid bash into the container. Any ideas?
I am building an app with Go and Glide in docker. I also have to use reflex to trigger the compiling automatically.
I can not figure out how to make Glide work out with docker.
Dockerfile
FROM golang:1.8.1-alpine
ENV GOBINARIES /go/bin
ENV BUILDPATH /code
ENV REFLEXURL=http://s3.amazonaws.com/wbm-raff/bin/reflex1.8a
ENV REFLEXSHA=19bdbbb68c869f85ee22a6b7fa9c73f8e5b46d0fe7a73df37e028555a6ba03e8
WORKDIR $GOBINARIES
RUN rm -rf /var/cache/apk/*
RUN wget -q "$REFLEXURL" -O reflex
RUN chmod +x /go/bin/reflex
ENV TOOLS /go/_tools
RUN mkdir -p $BUILDPATH
ENV PORT 5000
EXPOSE $PORT
RUN mkdir -p $TOOLS
ADD build.sh $TOOLS
ADD reflex.conf $TOOLS
RUN chown root $TOOLS/build.sh
RUN chmod +x $TOOLS/build.sh
WORKDIR $BUILDPATH
CMD ["reflex","-c","/go/_tools/reflex.conf"]
build.sh
set -e
echo "[build.sh:building binary]"
cd $BUILDPATH
glide install -s -v
go build -o /servicebin && rm -rf /tmp/*
echo "[build.sh:launching binary]"
/servicebin
reflex.conf
-sr '\.build$' -- sh -c '/go/_tools/build.sh'
docker-compose.yaml
version: '3'
services:
logen:
build:
context: ./Docker
dockerfile: Dockerfile
ports:
- "5000:5000"
volumes:
- .:/code
Atom on-save plugin configuration file
[
{
"srcDir": ".",
"destDir": ".",
"files": "**/*.go",
"command": "echo $(date) - ${srcFile} > .build"
}
]
main.go
package main
import (
"io"
"log"
"net/http"
"os"
"github.com/astaxie/beego"
)
func hello(w http.ResponseWriter, r *http.Request) {
io.WriteString(w, "Hello world!1")
}
func main() {
log.SetOutput(os.Stdout)
port := ":" + os.Getenv("PORT")
http.HandleFunc("/", hello)
log.Printf("\n Application is listening on %v\n", port)
http.ListenAndServe(port, nil)
}
Actually, I do not need to install Glide in the container! Just reflect the vendor folder in host machine to $GOPATH/src in docker-compose.yml. Then the compile will be ok.
version: '3'
services:
logen:
build:
context: ./Docker
dockerfile: Dockerfile
ports:
- "5000:5000"
volumes:
- .:/code
- ./vendor:/go/src
I made a docker-composer.yml because it's cleaner.
From these commands below:
docker run -d -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -e POSTGRES_USER=rundeck -e POSTGRES_PASSWORD=rundeck --name rundeck_db postgres:9.4.5
docker run --rm -ti -p 192.168.59.103:4440:4440 --link rundeck_db:db --name rundeck 3a34fdafc98a
To:
rundeck_db:
image: postgres:9.4.5
environment:
POSTGRES_USER: rundeck
POSTGRES_PASSWORD: rundeck
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
ports:
- "5432:5432"
rundeck:
build: .
ports:
- "192.168.59.103:4440:4440"
links:
- rundeck_db:db
And Dockerfile is
FROM mbopm/ubuntu-oracle-java:2.0
# install rundeck
RUN wget -O /opt/rundeck.deb http://dl.bintray.com/rundeck/rundeck-deb/rundeck-2.6.1-1-GA.deb && \
dpkg -i /opt/rundeck.deb && \
rm -rf /opt/rundeck.deb /var/lib/apt/lists/* /tmp/* /var/tmp/*
# change base configuration
RUN mkdir /etc/service/rundeck && \
mkdir /var/lib/rundeck/.ssh && \
chown -R rundeck:rundeck /var/lib/rundeck
# add init and startup scripts
ADD assets/run/rundeck.sh /etc/service/rundeck/run
ADD assets/startup/* /etc/my_init.d/
# http, https
EXPOSE 4440
# project files
# configs
# ssh-keys
# logs
VOLUME [ "/var/rundeck", "/etc/rundeck", "/var/lib/rundeck/.ssh", "/var/log/rundeck" ]
Suddenly it doesn't function. (Postgres works, but Rundeck doesn't.)
Also docker ps says
COMMAND part should be /sbin/my_init instead of /bin/sh -c ./run.sh
Any ideas?
Add
CMD [ "/sbin/my_init" ]
at the end of your dockerfile in order to change the COMMAND part
you can also add command to you docker-compose.yml file
rundeck:
build: .
command: /sbin/my_init
ports:
- "192.168.59.103:4440:4440"
links:
- rundeck_db:db