Docker compose throws - adduser: group 'www-data' in use - docker

I have a docker-composer.yml file which used to work just fine a couple of months ago, but now when I run it throws an error.
First, this is my file structure.
.data/db
logs
mariadb
nginx
php7-fpm
src/public
.env
.gitignore
README
docker-compose.yml
The only mention of the error i.e www-data is in two of the files. php7-fpm/Dockerfile and nginx/Dockerfile
Here is the content of these files:
php-fpm/Dockerfile
....
RUN apt-get update && apt-get install -y procps
RUN usermod -u 1000 www-data
USER www-data
WORKDIR /var/www
nginx/Dockerfile
FROM nginx:alpine
COPY ./config/nginx.conf /etc/nginx/
COPY ./sites /etc/nginx/sites-available
RUN apk update \
&& apk upgrade \
&& apk add --no-cache bash \
&& adduser -D -H -u 1000 -s /bin/bash www-data
ARG PHP_UPSTREAM_CONTAINER=php-fpm
ARG PHP_UPSTREAM_PORT=9000
# Set upstream conf and remove the default conf
RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf \
&& rm /etc/nginx/conf.d/default.conf
CMD ["nginx"]
The docker-compose.yml file is a generic one, there is no tampering with user groups, but here is a pastebin for anyone who wants to take a look.
https://pastebin.com/ivRfPvZz
This is the partial output from the docker-compose up -d command.
Image for service php-fpm was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building nginx
Step 1/8 : FROM nginx:alpine
alpine: Pulling from library/nginx
Digest: sha256:17bd1698318e9c0f9ba2c5ed49f53d690684dab7fe3e8019b855c352528d57be
Status: Downloaded newer image for nginx:alpine
---> ea1193fd3dde
Step 2/8 : COPY ./config/nginx.conf /etc/nginx/
---> 65c115482d37
Step 3/8 : COPY ./sites /etc/nginx/sites-available
---> 1fbe81620355
Step 4/8 : RUN apk update && apk upgrade && apk add --no-cache bash && adduser -D -H -u 1000 -s /bin/bash www-data
---> Running in c631ccdf63f2
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
v3.9.4-61-g22a1991b6a [http://dl-cdn.alpinelinux.org/alpine/v3.9/main]
v3.9.4-57-gb40ea6190b [http://dl-cdn.alpinelinux.org/alpine/v3.9/community]
OK: 9776 distinct packages available
(1/1) Upgrading libbz2 (1.0.6-r6 -> 1.0.6-r7)
OK: 27 MiB in 37 packages
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/2) Installing readline (7.0.003-r1)
(2/2) Installing bash (4.4.19-r1)
Executing bash-4.4.19-r1.post-install
Executing busybox-1.29.3-r10.trigger
OK: 29 MiB in 39 packages
adduser: group 'www-data' in use
Service 'nginx' failed to build: The command '/bin/sh -c apk update && apk upgrade && apk add --no-cache bash && adduser -D -H -u 1000 -s /bin/bash www-data' returned a non-zero code: 1
You can see the error is:
adduser: group 'www-data' in use
Service 'nginx' failed to build: The command '/bin/sh -c apk update && apk upgrade && apk add --no-cache bash && adduser -D -H -u 1000 -s /bin/bash www-data' returned a non-zero code: 1
but I don't know how to fix this.

See this, when you use FROM nginx:alpine, in fact it sames with using nginx:1.17.1-alpine because they are just different tags for same image id.
But several month ago, when you use nginx:alpine, latest maybe others, E.g. nginx:1.14.2-alpine, so when rebuild using the same dockerfile, the base image indeed changed. I strongly suggest you use an explicit tag not latest as base image to assure definiteness.
Finally, what happened for several month ago?
Use nginx:1.14.2-alpine, maybe not this version, just an example:
$ docker run --rm -it nginx:1.14.2-alpine cat /etc/group | grep www-data
You can see there is no www-data group in the image, so you can use next to add a new user also a new group with the name www-data:
adduser -D -H -u 1000 -s /bin/bash www-data
Use nginx:1.17.1-alpine, which currently same as nginx:alpine:
$ docker run --rm -it nginx:1.17.1-alpine cat /etc/group | grep www-data
www-data:x:82:
You can see there is a default www-data group in this image, don't know how it generates, in a word, the image update bring something difference.
So, as already a www-data group there, what you have to do is change your command to next to join a existed group:
adduser -D -H -u 1000 -s /bin/bash www-data -G www-data

You can find the DockerFile inside laradock/nginx folder. Just change the line
&& adduser -D -H -u 1000 -s /bin/bash www-data
to
&& adduser -D -H -u 1000 -s /bin/bash www-data -G www-data
This specifies the group that the user is a member of. Once done, build and bring your containers up with
docker-compose build --no-cache nginx
docker-compose up -d

I'm having this issue with Alpine 3.14, where the www-data group already exists in the image.
Adding (delgroup www-data || true) before the line with adduser in it will fix the problem.
&& apk upgrade \
&& apk add --no-cache bash \
&& (delgroup www-data || true) \
&& adduser -D -H -u 1000 -s /bin/bash www-data
The parentheses with the || true will ensure that the command won't fail if the group does not exist, so it is backward compatible.

Related

getting "exec ./bin/activemq: no such file or directory" on docker image run

Using below Dockerfile
FROM docker.io/eclipse-temurin:11-jre
ENV ACTIVEMQ_HOME /opt/activemq
RUN mkdir -p /opt/activemq && chmod 755 /opt/activemq
COPY apache-activemq-5.17.1/. /opt/activemq/
RUN apt update -y && apt upgrade -y
RUN addgroup --system activemq && adduser --system --home $ACTIVEMQ_HOME --uid 10001 --group activemq&& chown -R activemq:activemq $ACTIVEMQ_HOME && chown -h activemq:activemq $ACTIVEMQ_HOME
USER 10001
WORKDIR $ACTIVEMQ_HOME
CMD ["./bin/activemq","console","-Djetty.host=0.0.0.0"]
EXPOSE 61616 8161
Build Docker Image using docker build -t 123:11 .
When I try to run the image using docker run -it 123:11 getting exec ./bin/activemq: no such file or directory.
Same worked on one server and not working on other server.
Tried to overwrite with --entrypoint /bin/bash and verified the files were copied successfully.
Any reason it is working on one server but not on other?
I'm using Docker Desktop on Windows servers.

composer install in Dockerfile not saving dependencies

I have some trouble to dockerize a Symfony project. At the first start from cloning from git repo the dependencies have to installed through composer.
I have read many questions with the same background but i cant get it working.
i show u first my Dockerfile:
ARG PHP_VERSION=8.1
ARG APP_ENV=dev
# Prod image
FROM php:${PHP_VERSION}-fpm-alpine AS app_php
# Update
RUN apk --no-cache update
RUN apk --no-cache add bash git
# Install Node
RUN apk --no-cache add --update nodejs npm
RUN apk --no-cache add --update python3
RUN apk --no-cache add --update make
RUN apk --no-cache add --update g++
# Install pdo
RUN docker-php-ext-install pdo_mysql
# Install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Symfony CLI
RUN curl -sS https://get.symfony.com/cli/installer | bash && mv /root/.symfony/bin/symfony /usr/local/bin/symfony
# WORK DIR
WORKDIR /var/www/html
# https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
ENV COMPOSER_ALLOW_SUPERUSER=1
ENV PATH="${PATH}:/root/.composer/vendor/bin"
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
# prevent the reinstallation of vendors at every changes in the source code
COPY composer.* symfony.* ./
RUN set -eux; \
if [ -f composer.json ]; then \
composer install --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress; \
composer clear-cache; \
fi
RUN set -eux; \
mkdir -p var/cache var/log; \
if [ -f composer.json ]; then \
composer dump-autoload --classmap-authoritative --no-dev; \
composer dump-env prod; \
composer run-script --no-dev post-install-cmd; \
chmod +x bin/console; sync; \
fi
# copy sources
COPY . /var/www/html
RUN rm -Rf docker/
# Start Symfony server on Port 8000
EXPOSE 8000
#RUN symfony console doctrine:migrations:migrate
i can see that the packages were installed through the build process, but after docker-compose up the vendor folder isnt set.
Do u have an idea to solve this?
Running it for you, indeed there is no vendors files where you woudl expect them.
if you run a shell on your container you would see what's really happening:
Get your created container id or tag with docker image ls
And run it:
docker run --rm -it <CONTAINER_ID> /bin/bash
bash-5.1# ls /var/www/html/
Dockerfile composer.1 composer.2 symfony.1 var
bash-5.1# ls -al /root/.composer/
total 8
drwxr-xr-x 1 root root 50 Aug 14 15:47 .
drwx------ 1 root root 16 Aug 14 15:48 ..
-rw-r--r-- 1 root root 799 Aug 14 15:47 keys.dev.pub
-rw-r--r-- 1 root root 799 Aug 14 15:47 keys.tags.pub
bash-5.1# ls /usr/bin/composer
/usr/bin/composer
bash-5.1# ls /usr/local/bin/composer
/usr/local/bin/composer
bash-5.1# which composer
/usr/local/bin/composer
bash-5.1# which symfony
/usr/local/bin/symfony
bash-5.1#
The which command would make you realize:
you don't need to copy composer when you already install it
/usr/local/bin is already part of the PATH
The current ENV command is not necessary plus pointing to a non existing folder.
FYI to keep it slim I have created fake symfony.* and composer.* files and have no composer.json (not shared here).
I hope this helps you solve it.

Building & running a Dockerfile in IntelliJ

My Problem is the following:
If i type this in the command console, it works:
docker build -f src/main/docker/Dockerfile.jvm -t hello . & docker run --name hello --rm -p 8080:8080 hello
But if i try to use it with the "Run-Option" in IntelliJ, it doesnt work.
My command above has 9 Steps like the IntelliJ one, but it seems that the 5th fails. Here is the config:
Here the output from the failed build:
Here from the successful one:
It doesnt even create the Image-Tag like my manual command does.
And last but not least here is the Dockerfile:
FROM fabric8/java-alpine-openjdk11-jre:latest
ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
ENV AB_ENABLED=jmx_exporter
# Be prepared for running in OpenShift too
RUN adduser -G root --no-create-home --disabled-password 1001 \
&& chown -R 1001 /deployments \
&& chmod -R "g+rwX" /deployments \
&& chown -R 1001:root /deployments
COPY target/lib/* /deployments/lib/
COPY target/*-runner.jar /deployments/app.jar
EXPOSE 8080
# run with user 1001
USER 1001
ENTRYPOINT [ "/deployments/run-java.sh" ]
Where is the key Difference? I can stick with the manual one, but the Run-Config would be smoother
There are only 3 files in your build context. It seems weird. You might want to specify the "Context folder" option

Unable to run Heroku exec on a docker container

I've followed the steps here (https://devcenter.heroku.com/articles/exec#enabling-docker-support) to install curl (curl 7.61.1 (x86_64-alpine-linux-musl) libcurl/7.61.1 LibreSSL/2.0.0 zlib/1.2.11 libssh2/1.8.0 nghttp2/1.32.0), python, bash, and openssh (OpenSSH_7.2p2-hpn14v4, OpenSSL 1.0.2p 14 Aug 2018). I've created the /app/.profile.d/heroku-exec.sh file in my container and added a sym link.
However, running heroku ps:exec -a my-app returns the following message:
Establishing credentials... error
! Could not connect to dyno!
! Check if the dyno is running with `heroku ps'
I've verified my application is in fact running (& has the runtime-heroku-exec feature enabled):
web (Free): /bin/sh -c exec\ java\ \$JAVA_OPTS\ -Dserver.port\=\$PORT\ -Djava.security.egd\=file:/dev/./urandom\ -jar\ /app.jar (1)
web.1: up 2018/09/30 09:34:55 -0600 (~ 4m ago)
I've verified that the heroku-exec.sh exists on my deployed container by doing heroku run -a my-app bash and cat /app/.profile.d/heroku-exec.sh
At this point, I'm not sure what to try in order to troubleshoot why heroku exec won't work on my container. Here's what my Dockerfile looks like in case there's something off with how I've put together my application:
FROM openjdk:8-jdk-alpine
RUN apk add --no-cache openssh-keygen
RUN apk add --no-cache openssh-client=7.2_p2-r5 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.4/main --allow-untrusted
RUN apk add --no-cache openssh-sftp-server=7.2_p2-r5 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.4/main --allow-untrusted
RUN apk add --no-cache openssh=7.2_p2-r5 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.4/main --allow-untrusted
RUN apk add --no-cache curl
RUN apk add --no-cache bash
RUN apk add --update --no-cache python
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
RUN adduser -D app-user
USER app-user
ARG JAR_FILE
ARG PORT
ARG HEROKU_FILE_NAME
COPY ${JAR_FILE} app.jar
COPY ${HEROKU_FILE_NAME} /app/.profile.d/heroku-exec.sh
ENV JAVA_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8000
HEALTHCHECK --interval=15m --timeout=10s --retries=3 --start-period=1m CMD curl --fail http://localhost:8080/restaurantscores/actuator/health || exit 1
CMD exec java $JAVA_OPTS -Dserver.port=$PORT -Djava.security.egd=file:/dev/./urandom -jar /app.jar
The "Using with Docker" section of the "Heroku Exec (SSH Tunneling)" documentation doesn't address Alpine usage.
Rather than using /app/.profile.d Alpine uses /etc/profile.d.
So change
COPY ${HEROKU_FILE_NAME} /app/.profile.d/heroku-exec.sh
to
COPY ${HEROKU_FILE_NAME} /etc/profile.d/heroku-exec.sh
Also ensure that heroku-exec.sh is executable. You can do this using chmod +x heroku-exec.sh.
I found that I had to additionally add a python symlink to my alpine-based dockerfile, to get it working:
ln -s /usr/bin/python3 /usr/bin/python
here is an example of a dockerfile, for deploying a very simple nginx application, that definitely works with heroku-exec (as of October 2020):
FROM alpine:latest
# install required packages
RUN apk add --no-cache --update python3 bash curl openssh nginx
# simplfy nginx config to enable ENV variable substitution
RUN echo 'server { listen PORT_NUMBER; }' > /etc/nginx/conf.d/default.conf \
&& mkdir /run/nginx
# add config required for HEROKU_EXEC
# ENV HEROKU_EXEC_DEBUG=1
RUN rm /bin/sh \
&& ln -s /bin/bash /bin/sh \
&& mkdir -p /app/.profile.d/ \
&& printf '#!/usr/bin/env bash\n\nset +o posix\n\n[ -z "$SSH_CLIENT" ] && source <(curl --fail --retry 7 -sSL "$HEROKU_EXEC_URL")\n' > /app/.profile.d/heroku-exec.sh \
&& chmod +x /app/.profile.d/heroku-exec.sh \
&& ln -s /usr/bin/python3 /usr/bin/python
# configure NGINX to listen on dynamic $PORT env variable supplied by Heroku.
CMD sed -i 's/PORT_NUMBER/'"$PORT"'/g' /etc/nginx/conf.d/default.conf; nginx -g 'daemon off;'

Error on building Dockerfile to Image

I have the following Dockerfile. I'm trying to build it to an image, but somehow I receive the following error: ADD service /container/service
ADD failed: stat /mnt/sda1/var/lib/docker/tmp/docker-builder005872257/service: no such file or directory at Step 6/9. I don't know why... Can anyone help me?
FROM osixia/light-baseimage:1.1.1
ARG LDAP_OPENLDAP_GID
ARG LDAP_OPENLDAP_UID
RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi && if [ -z "${LDAP_OPENLDAP_UID}" ]; then useradd -r -g openldap openldap; else useradd -r -g openldap -u ${LDAP_OPENLDAP_UID} openldap; fi
RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update && /container/tool/add-service-available :ssl-tools \
&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ldap-utils \
libsasl2-modules \
libsasl2-modules-db \
libsasl2-modules-gssapi-mit \
libsasl2-modules-ldap \
libsasl2-modules-otp \
libsasl2-modules-sql \
openssl \
slapd \
krb5-kdc-ldap \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ADD service /container/service
RUN /container/tool/install-service
ADD environment /container/environment/99-default
EXPOSE 389 636
EDIT
After adding some ls commands in the Dockerfile I've seen the following line in logs:
Step 6/11 : RUN ls /container/
---> Running in 623dca399324
environment
service
service-available
tool
Removing intermediate container 623dca399324
---> 5f7fcb8a1857
Step 7/11 : RUN ls
---> Running in 7f3bd8662113
bin
boot
container
dev
etc
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
Removing intermediate container 7f3bd8662113
---> 99c17cefc572
Step 8/11 : ADD service /container/service
ADD failed: stat /mnt/sda1/var/lib/docker/tmp/docker-builder200387466/service: no such file or directory
Any idea how can I resolve this?
The error means it can't find the directory which mean it probably doesn't exist or you are doing it the wrong way.
One of the things you can do is to make directory and add service to it. Below is a snippet explanation that could teach or help you:
RUN mkdir /container/
Then ADD service to the directory you created. Thus
ADD service /container/service
This can only serve as what could help to put you to track. However I will advice #mohan08p answer above because that works for me.
it successfully build on my local machine.Can you delete the respective files or directories and try once. Also, check the permissions. Did you configure .dockerignore which will not allow to ADD those files. Or else try running with -f or --file command like,
$ docker build . -f Dockerfile
Hope this helps.

Resources