Docker: Permissions error on OpenShift Origin 3.6 - docker

I'm trying to run a pretty simple Flask API in OpenShift Origin 3.6. I can build this container just fine locally and remotely, but when I go to deploy on OpenShift, I get permissions errors on the RUN chmod -R 777 ... lines. Has anyone found a way around this? I wonder if my corporate environment doesn't allow this type of copying, but it's all within a container...
Edit: providing a completely minimal example
Directory structure:
project
├── Dockerfile
└── app
└── api.py
Dockerfile to build base image:
FROM docker.io/ubuntu:16.04
RUN apt-get update && apt-get install -y --no-install-recommends \
cmake curl git make gunicorn nginx python3 python3-pip python3-setuptools build-essential \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
RUN pip3 install --upgrade pip
RUN pip3 install pandas numpy scikit-learn scipy xgboost flask-restful nltk gunicorn
RUN mkdir -p /home/app
WORKDIR /
RUN python3 -c 'import nltk; nltk.download("punkt")'
RUN mv /root/nltk_data /home/app
I then run docker build . -t project:latest --no-cache. Next, the Dockerfile that uses the base image from above to deploy the actual application (I basically just comment out the "base image" lines from above and uncomment these ones from below, using the same Dockerfile file):
FROM project:latest
COPY app /home/app
RUN chmod -R 777 /home/app
WORKDIR /home/app
EXPOSE 5000
CMD ["python3", "api.py"]
I build the container to be deployed using docker build . -t project:app --no-cache.
api.py:
import time
if __name__ == '__main__':
while True:
print('This app is running')
time.sleep(30)

Related

Cannot COPY from previous stage in DockerFIle

This looks like a common issue so I checked a few SO posts but none of them solved my problem.
Here is my Dockerfile:
# MkDocs container
FROM python:3-alpine AS build-env
RUN apk add bash
RUN pip install --upgrade pip
RUN pip install pymdown-extensions \
&& pip install mkdocs \
&& pip install mkdocs-material \
&& pip install mkdocs-rtd-dropdown \
&& pip install mkdocs-git-revision-date-plugin \
&& pip install mkdocs-git-revision-date-localized-plugin \
&& pip install mkdocs-redirects
# executed at ~/Developer/MkDocs
RUN mkdir -p /home/mkdocs/
WORKDIR /home/mkdocs/
COPY . .
RUN mkdocs build -s
WORKDIR /
# Nginx container
FROM nginx:1.21.6-alpine
RUN apk add bash
EXPOSE 80
RUN cat /etc/nginx/nginx.conf
COPY nginx.conf /etc/nginx/nginx.conf
WORKDIR /
RUN mkdir -p /home/mkdocs
COPY --from=build-env /home/mkdocs/site/ /home/mkdocs/
RUN mv /home/mkdocs/* /usr/share/nginx/html/
RUN chown nginx:nginx /usr/share/nginx/html/*
USER nginx:nginx
And here is the command to run docker:
docker run -it --name mkdocs -p 8789:80 nginx
Running localhost:8789 only shows the default nginx homepage, not the built one of MkDocs. I also run docker exec -it --user root <PID> bash to check the directory /usr/share/nginx/html/ but the copied files are not there.
My other checks:
First, I'm 100% sure that the files built in the first stage works and exists
Second, this is what completely frustrated me out. If I run the docker using docker run -it --entrypoint=/bin/bash mkdocs:v1, I can actually see the built MkDocs files:
bash-5.1$ ls /usr/share/nginx/html
404.html 50x.html assets index.html search sitemap.xml sitemap.xml.gz
bash-5.1$

Getting "Additional property ssh is not allowed" error when specifying ssh-agent in docker-compose

I'm trying to build a Python docker image which pip installs from a private repository using ssh. The details of which are in a requirements.txt file.
I've spent a long time reading guides from StackOverflow as well as the official Docker documentation on the subject ...
https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds
https://docs.docker.com/compose/compose-file/build/#ssh
... and have come up with a Dockerfile which builds and runs fine when using:
$ docker build --ssh default -t build_tester .
However, when I try to do the same in a docker-compose.yml file, I get the following error:
$ docker-compose up
services.build-tester.build Additional property ssh is not allowed
This is the same even when enabling buildkit:
$ COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker-compose up
services.build-tester.build Additional property ssh is not allowed
Project structure
- docker-compose.yml
- build_files
- Dockerfile
- requirements.txt
- app
- app.py
Dockerfile
# syntax=docker/dockerfile:1.2
FROM python:bullseye as builder
RUN mkdir -p /build/
WORKDIR /build/
RUN apt-get update; \
apt-get install -y git; \
rm -rf /var/lib/apt/lists/*
RUN mkdir -p -m 0600 ~/.ssh; \
ssh-keyscan -H github.com >> ~/.ssh/known_hosts
RUN python3 -m venv env; \
env/bin/pip install --upgrade pip
COPY requirements.txt .
RUN --mount=type=ssh \
env/bin/pip install -r requirements.txt; \
rm requirements.txt
FROM python:slim as runner
RUN mkdir -p /app/
WORKDIR /app/
COPY --from=builder /build/ .
COPY app/ .
CMD ["env/bin/python", "app.py"]
docker-compose.yml
services:
build-tester:
container_name: build-tester
image: build-tester
build:
context: build_files
dockerfile: Dockerfile
ssh:
- default
If I remove ...
ssh:
- default
... the docker-compose up command builds the image OK but obviously doesn't run as app.py doesn't have the required packages installed from pip.
I'd really like to be able to get this working in this way if possible so any advice would be much appreciated.
OK - so ended up being a very simple fix... Just needed to ensure docker-compose was updated to version 2.6 on my Mac.
For some reason brew wasn't updating my docker cask properly so was still running a package from early Jan 2022. Seems --ssh compatibility was added sometime between then and now.

Docker Build Failing with Given as STDIN as input

Why Docker image build is getting failed when build with - ?
Host Details
- docker desktop community 2.1.0.5 for Windows
- Windows 10
Dockerfile:
FROM ubuntu:latest
MAINTAINER "rizwan#gm.com"
RUN apt-get update \
&& apt-get install -y python3-pip python3-dev \
&& cd /usr/local/bin \
&& ln -s /usr/bin/python3 python \
&& pip3 install --upgrade pip
WORKDIR /app
COPY . /app
COPY requirements.txt /app/requirements.txt
RUN pip3 --no-cache-dir install -r requirements.txt
EXPOSE 5000
CMD ["python3", "my_service.py","--input-path= /input.csv", "--output-path=/output.csv"]
Folder Structure
-Root
-Application.py
-Dockerfile
-requirements.txt
COMMAND
- Failing : docker build - < Dockerfile
Message: ERROR: Could not open requirements file: [Errno 2] No such
file or directory: 'requirements.txt'
- Successful: docker build .
When you run
docker build - < Dockerfile
it sends only the Dockerfile to the Docker daemon, but no other files. When you tell Docker to COPY a file into the image, you haven't actually sent it the file. It's very similar to including everything in your source tree in the .dockerignore file.
Typically you'll send Docker the current directory as the context directory instead:
docker build . # knows to look for Dockerfile by default

Private docker container to release

I am using a Dockerfile multistage configuration similar to the one below.
FROM swift:4.1
WORKDIR /app
COPY . .
RUN swift build --configuration release && mv `swift build -c release --show-bin-path` /build/bin
FROM ubuntu:16.04
RUN apt-get -qq update && apt-get install -y \
libicu55 libxml2 libbsd0 libcurl3 libatomic1 wget && rm -r /var/lib/apt/lists/*
RUN /bin/bash -c "$(wget -qO- https://apt.vapor.sh)"
RUN wget -q https://repo.vapor.codes/apt/keyring.gpg -O- | apt-key add -
RUN apt-get update && apt-get install swift vapor -y
WORKDIR /app
COPY --from=builder /build/bin .
COPY --from=builder /build/lib/* /usr/lib/
EXPOSE 3000
ENTRYPOINT ./Run serve -e prod -b 0.0.0.0 -p 3000
I am currently using this to deploy my service in a virtual server, which due to its low performance takes forever to build the project.
Is it a good practice, and possible, to build and upload to a private repo in docker hub the image result of the builder, so I can do it from my local machine?
Could I then just have the second step in my virtual server? That means:
FROM myPrivateImageBuiltLocally as image
WORKDIR /app
COPY . .
FROM ubuntu:16.04
RUN apt-get -qq update && apt-get install -y \
libicu55 libxml2 libbsd0 libcurl3 libatomic1 wget && rm -r /var/lib/apt/lists/*
RUN /bin/bash -c "$(wget -qO- https://apt.vapor.sh)"
RUN wget -q https://repo.vapor.codes/apt/keyring.gpg -O- | apt-key add -
RUN apt-get update && apt-get install swift vapor -y
WORKDIR /app
COPY --from=builder /build/bin .
COPY --from=builder /build/lib/* /usr/lib/
EXPOSE 3000
ENTRYPOINT ./Run serve -e prod -b 0.0.0.0 -p 3000
Yes you can do it. You don't have to build it locally. You can use the automated build feature of dockerhub. It works like this.
1). Push the code to github/bitbucket
2). Create new image in dockerhub and map to the github repo
This will automatically build the image each time when you push a new commit to the github repo.
You can also see all the stats like build logs, Succss or failure, number of downloads etc...
ref: https://docs.docker.com/docker-cloud/builds/automated-build/#configure-automated-build-settings

Docker port forwarding cannot see the output on browser

I am a newbie to Docker. I'm using ubuntu 14.04 as my OS and I've installed Docker Community Edition by following instructions from https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#set-up-the-repository
I have a created a docker file for my project and run it using docker-compose file.
My Dockerfile is as follows.
# ImageName
FROM node:8.8.1
# Create app required directories
ENV appDir /usr/src/app
RUN mkdir -p /usr/src/app /usr/src/app/datas /usr/log/supervisor
# Change working directory
WORKDIR ${appDir}
# Install dependencies
RUN apt-get update && \
apt-get -y install vim\
supervisor \
python3 \
python3-pip \
python3-setuptools \
groff \
less \
&& pip3 install --upgrade pip \
&& apt-get clean
RUN pip3 --no-cache-dir install --upgrade awscli
# Install app dependencies
COPY graphql/package.json /usr/src/app
RUN npm install
RUN npm install -g webpack
# Copy app source code
COPY graphql/ /usr/src/app
COPY datas/ /usr/src/app/datas
# Set Environment Variables
RUN echo export DATA_DIR=/usr/src/app/datas/ >> ~/.data_variables && \
echo "source ~/.data_variables" >> ~/.bash_login && \
echo "source ~/.data_variables" >> ~/.bashrc
COPY supervisord.conf /etc/supercvisor/conf.d/supervisord.conf
# Expose API port to the outside
EXPOSE 5000
# Launch application
CMD ["/usr/bin/supervisord", "-c", "/etc/supercvisor/conf.d/supervisord.conf"]
My docker-compose file
version: '3'
services:
web:
build: .
image: graphql_img
container_name: graphql_img_master
ports:
- "5000:5000"
My supervisord.conf file
[supervisord]
nodaemon=true
[program:babelWatch]
command=npm run babelWatch
[program:monitor]
command=npm run monitor
As you can see I've exposed the port 5000, but when I try to check the output on the browser using the command localhost:5000/graphql it shows an error
This site can’t be reached
I even tried to check for the ip address of docker container using "docker inspect" command and I've used that container ip address with the port still I'm getting the error. Can somebody please help me out on this. Any help would be much appreciated.
Additionally, it would also really helpful to know how to make the program "run monitor" to run on foreground using supervisor

Resources