Why I am bounced from the Docker container? - docker

FROM docker.elastic.co/elasticsearch/elasticsearch:5.5.2
USER root
WORKDIR /usr/share/elasticsearch/
ENV ES_HOSTNAME elasticsearch
ENV ES_PORT 9200
RUN chown elasticsearch:elasticsearch config/elasticsearch.yml
RUN chown -R elasticsearch:elasticsearch data
# install security plugin
RUN bin/elasticsearch-plugin install -b com.floragunn:search-guard-5:5.5.2-16
COPY ./safe-guard/install_demo_configuration.sh plugins/search-guard-5/tools/
COPY ./safe-guard/init-sgadmin.sh plugins/search-guard-5/tools/
RUN chmod +x plugins/search-guard-5/tools/init-sgadmin.sh
ADD ./run.sh .
RUN chmod +x run.sh
RUN chmod +x plugins/search-guard-5/tools/install_demo_configuration.sh
RUN ./plugins/search-guard-5/tools/install_demo_configuration.sh -y
RUN chmod +x sgadmin_demo.sh
RUN yum install tree -y
#RUN curl -k -u admin:admin https://localhost:9200/_searchguard/authinfo
RUN usermod -aG wheel elasticsearch
USER elasticsearch
EXPOSE 9200
#ENTRYPOINT ["nohup", "./run.sh", "&"]
ENTRYPOINT ["/usr/share/elasticsearch/run.sh"]
#CMD ["echo", "hello"]
Once I add either CMD or Entrypoint - "Container is exited with code 0"
#!/bin/bash
exec $#
If I comment ENTRYPOINT or CMD - all is great.
What I am doing wrong???

If you take a look at official 5.6.9 elasticsearch Dockerfile, you will see the following at the bottom:
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["elasticsearch"]
If you do not know the difference between CMD and ENTRYPOINT, read this answer.
What you're doing is you're overwriting those two instructions with something else. What you really need is to extend CMD. What I usually do in my images, I create an sh script and combine different things I need and then indicate the script for CMD. So, you need to run sgadmin_demo.sh, but you need to wait for elasticsearch first. Create a start.sh script:
#!/bin/bash
elasticsearch
sleep 15
sgadmin_demo.sh
Now, add your script to your image and run it on CMD:
FROM: ...
...
COPY start.sh /tmp/start.sh
CMD ["/tmp/start.sh"]
Now it should be executed once you start a container. Don't forget to build :)

Related

can we create a docker image with multiple instances in it?

I want an image with elasticsearch and zipkin in it but i dont want to download it from docker hub instead I have downloaded the tar.gz file of those and then creating those images. I am able to run both of them individually but not simultaneously (by docker run command).
Please see below Dockerfile
FROM openjdk:11
RUN groupadd -g 1000 elk-zipkin && useradd elk-zipkin -u 1000 -g 1000
RUN mkdir /usr/share/elasticsearch/
RUN mkdir /usr/share/zipkin
#RUN mkdir /usr/share/kibana
COPY /artifacts/elasticsearch-7.17.6.tar.gz /usr/share/elasticsearch
COPY artifacts/zipkin.jar /usr/share/zipkin
#COPY /artifacts/kibana-7.17.6.tar.gz /usr/share/kibana
COPY script.sh /usr/share/zipkin
WORKDIR /usr/share/elasticsearch
RUN tar xvf elasticsearch-7.17.6.tar.gz
#RUN tar xvf kibana-7.17.6.tar.gz
WORKDIR /usr/share/elasticsearch/elasticsearch-7.17.6
RUN set -ex && for path in data logs config config/scripts; do \
mkdir -p "$path"; \
chown -R elk-zipkin:elk-zipkin "$path"; \
done
USER elk-zipkin
ENV PATH=$PATH:/usr/share/elasticsearch/elasticsearch-7.17.6/bin
WORKDIR /usr/share/elasticsearch/elasticsearch-7.17.6/config
#RUN sed -i "s|#network.host: 192.168.0.1|network.host: 0.0.0.0|g" elasticsearch.yml
#RUN sed -i "s|#discovery.seed_hosts: ["host1", "host2"]|discovery.type: single-node|g" elasticsearch.yml
COPY /artifacts/elasticsearch.yml /usr/share/elasticsearch/elasticsearch-7.17.6/config
#CMD ["elasticsearch"]
#EXPOSE 9200 9300
#WORKDIR /usr/share/zipkin
#CMD ["java","-jar","zipkin.jar"]
#EXPOSE 9411
WORKDIR /usr/share/zipkin
CMD ["sh","script.sh"]
script.sh:
java -jar zipkin.jar elasticsearch
Run command for them:
for zipkin -
docker run -d --name=zipkin \ -p=9411:9411 \ --env=STORAGE_TYPE="elasticsearch" \ --env=ES_HOSTS="someurl" IMAGEID
for elasticsearch -
docker run -d --name=elasticsearch1 -p=9200:9200 -p=9300:9300 IMAGEID
I have tried to run both of the service i.e. elasticsearch and zipkin individually and simultaneously.
I am expecting that both should be in one image and by only single docker run command both of the services should get run.
Somehow I made it, one can create a Dockerfile like mentioned in the question and then have to pass some sleep time into the script file to give some extra time for getting up the previous services.
Example:
nohup elasticsearch &
sleep 10
nohup java -jar zipkin.jar
Note: As per comments and the basics of container, one should not create multiple services inside the same container.

Dockerfile wants to copy shell script to /usr/bin but I'm running Windows

I'm using Docker with Windows 10. The Dockerfile for my app includes the following lines:
# Add a script to be executed every time the container starts.
COPY docker/entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/entrypoint.sh
The problem is that because the OS is Win 10, there is no /usr/bin/ path--the equivalent I guess would be C:\Program Files. So when I run docker-compose up (in VS Code's Bash terminal), I get the following error:
my_app_name | exec /usr/bin/entrypoint.sh: no such file or directory
my_app_name exited with code 1
Changing the path in the Dockerfile doesn't seem like a good idea, because then Linux users will have the same problem. What is the right way to handle this for compatibility with both Windows and Linux?
EDIT: the entrypoint.sh script is as follows:
#!/bin/bash
set -e
# Remove a potentially pre-existing server.pid for Rails.
rm -f /docker-rails/tmp/pids/server.pid
# Then exec the container's main process (what's set as CMD in the Dockerfile).
exec "$#"
and the entire Dockerfile is:
FROM ruby:2.6.2
RUN apt-get update -qq && apt-get install -y nodejs postgresql-client cron
RUN mkdir /docker-rails
WORKDIR /docker-rails
COPY Gemfile /docker-rails/Gemfile
COPY Gemfile.lock /docker-rails/Gemfile.lock
WORKDIR /docker-rails
RUN bundle install
COPY . /docker-rails
# Add a script to be executed every time the container starts.
COPY docker/entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
EXPOSE 3000
# Start the main process.
CMD ["rails", "server", "-b", "0.0.0.0"]

docker unzip file on run

Here is my Dockerfiles which work, but my image is heavy.
I would like to unzip only on start! How can I do that?
I would like to execute dockerStatScript.sh just on start, and after "pm2-runtime", "pm2_conf.json"
I have try everything... I don't get it
thank for your help
FROM keymetrics/pm2:12-alpine
RUN apk add --no-cache --upgrade bash && \
apk add postgresql-libs libpq zip unzip tree
WORKDIR /app
COPY docker/dockerStatScript.sh .
RUN chmod +x dockerStatScript.sh
ENV NODE_ENV=production
COPY app_prod/build/2.6.3/app.zip Zapp.zip
COPY app_prod/build/2.6.3/node_modules.zip Znode_modules.zip
COPY app_prod/build/2.6.3/config.zip Zconfig.zip
RUN ["/bin/bash","dockerStatScript.sh"]
CMD [ "pm2-runtime", "pm2_conf.json" ]
EXPOSE 8080
To compress immage use
docker image build --compress {rest-of-the-build-arguments-here}
to start dockerStatScript.sh after "pm2-runtime", "pm2_conf.json"
you will have to create a wrapper shell script like startup.sh with content
./pm2-runtime.sh pm2_conf.json
./dockerStatScript.sh
add it to the docker image like you did for dockerStatScript.sh. i.e.
COPY docker/startup.sh .
RUN chmod +x startup.sh
and than replace these:
RUN ["/bin/bash","dockerStatScript.sh"]
CMD [ "pm2-runtime", "pm2_conf.json" ]
with this:
ENTRYPOINT ["/bin/bash","/app/startup.sh"]
and start container with out parameters because entrypoint going to "startup.sh" on each container start.
here is a helpful link which explains startup options:
https://dev.to/lasatadevi/docker-cmd-vs-entrypoint-34e0.
hope i didn't do any typos :)
UPDATE:
you can use
ENTRYPOINT ["/bin/bash","/app/startup.sh"]
or
CMD ["/bin/bash","/app/startup.sh"]
or omit entrypoint and cmd and just start container with /app/startup.sh as parameter. i.e. docker run image-name "/app/startup.sh" - i am usually using this wa because it gives more flexibility what to run during debug time.
Make sure that your sh file doesn't exit until you need your container to stop.

Why isn't the USER declared in my Dockerfile reflected in the ENTRYPOINT script?

I am trying to fix some tests we're running on Jenkins with Docker, but the script that the ENTRYPOINT in my Dockerfile points to keeps running as root, even though I set the USER in the Dockerfile. This works fine on my local machine but not when running on our Jenkins box.
I've tried running su within my entrypoint script to make sure that the rest of the script run as the correct user, but they still run as root.
So my Dockerfile looks like this:
FROM python:3.6
RUN apt-get update && apt-get install -y gettext libgettextpo-dev
ARG DOCKER_UID # set to 2000 in docker-compose file
ARG ENV=prod
ENV ENV=${ENV}
ARG WORKERS=2
ENV WORKERS=${WORKERS}
RUN useradd -u ${DOCKER_UID} -ms /bin/bash app
RUN chmod -R 777 /home/app
ENV PYTHONUNBUFFERED 1
ADD . /code
WORKDIR /code
RUN chown -R app:app /code
RUN mkdir /platform
RUN chown -R app:app /platform
RUN pip install --upgrade pip
RUN whoami # outputs `root`
USER app
RUN whoami # outputs `app`
RUN .docker/deploy/install_requirements.sh $ENV # runs as `app`
EXPOSE 8000
ENTRYPOINT [".docker/deploy/start.sh", "$ENV"]
and my start.sh looks like:
#!/bin/bash
ENV=$1
echo "USER"
echo `whoami`
echo Running migrations...
python manage.py migrate
mkdir -p static
chmod -R 0755 static
cd /code/
if [ "$ENV" == "performance-dev" ];
then
/home/app/.local/bin/uwsgi --ini .docker/deploy/uwsgi.ini -p 4 --uid app
else
/home/app/.local/bin/uwsgi --ini .docker/deploy/uwsgi.ini --uid app
fi
but the
echo "USER"
echo `whoami`
outputs:
USER
root
which causes commands later in the script the fail as they're the wrong user.
I'd except the output to be
USER
app
and my understanding is that this issue is typically resolved by setting the USER command in the Dockerfile, but I do that and it looks like it is switching user when running the Dockerfile itself.
Edit
The issue was with my docker-compose configuration. My docker-compose config looks like:
version: '3'
services:
service:
user: "${DOCKER_UID}:${DOCKER_UID}"
build:
context: .
dockerfile: .docker/Dockerfile
args:
- ENV=prod
- DOCKER_UID=2000
DOCKER_UID is a variable set on my local machine but not on the Jenkins box, so I set it to 2000 in the override file
The issue I was having, as David Maze pointed out in the comments, was that I was setting the user when actually building the container, via my docker-compose file. I had set the user param to ${DOCKER_UID}, which was never actually set anywhere, so it was defaulting to an empty string. Setting it to 2000 fixed my issue.

Compose not working with Dockerfile using FROM

Right now, I am using a docker-compose file that contains, amongst other stuff, a few lines like this. This executes without any sort of problem. It deploys perfectly and I'm able to access the web server inside through the browser.
container:
command: bash -c "cd /code; chmod +x ./deploy/start_dev.sh; ./deploy/start_dev.sh;"
image: python:3.6
As I needed to be able to connect to the container through SSH I created a Dockerfile that installs it and modifies the config file so it allows unsafe root connections:
FROM python:3.6
RUN apt-get update && apt-get install openssh-server -y
RUN sed -i "s/PermitRootLogin without-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
RUN sed -i "s/PermitEmptyPasswords no/PermitEmptyPasswords yes/g" /etc/ssh/sshd_config
RUN service ssh restart
RUN echo "root:sshpassword" | chpasswd
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/bin/bash"]
After that I changed the docker-compose file to:
container:
command: bash -c "cd /code; chmod +x ./deploy/start_dev.sh; ./deploy/start_dev.sh;"
build:
context: .
From this moment on, whenever I run docker-compose up I get the following output:
container exited with code 0
Is there something I am missing?
In your docker-compose.yaml file, add the following parameter (under the 'container' section):
tty: true
Solved it switching the last two lines of the Dockerfile
ENTRYPOINT ["/bin/sh", "-c"]
CMD ["/bin/bash"]
to
CMD ["/bin/bash", "-c", "/bin/bash"]

Resources