I am getting error "Unix syslog delivery error" when i run my docker image through kubernetes.
My dockerfile looks like this.
FROM debian:jessie
EXPOSE 3307
COPY maven /abc/
WORKDIR /abc
RUN apt-get update && apt-get install -y openssl libssl-dev libgssapi-krb5-2 syslog-ng-core && adduser user1 && chown -R user1 /abc
ENTRYPOINT ["/bin/sh","/abc/run.sh"]
USER abc
and my run.sh is below
#!/bin/bash
chmod 755 /abc/mongosqld
/abc/mongosqld --schema /abc/rmg.drdl --mongo-uri mongodb://10.*.*.*:4232 --auth --mongo-username admin --mongo-password admin --sslPEMKeyFile=/abc/mongosqld-server.pem --sslMode allowSSL --quiet
Please let me know how to resolve this.
I was deploying the image through kubernetes. And it is resolved by installing rsyslog in the RUN command and starting syslog before running the mongosqld process.my run.sh looks like:
#!/bin/bash
chmod 755 /abc/mongosqld
echo "password" | sudo -S service rsyslog start
ln -s /dev/stdout /log/sqld.log
/abc/mongosqld --schema /abc/rmg.drdl --mongo-uri mongodb://10.*.*.*:4232 --auth --mongo-username admin --mongo-password admin --sslPEMKeyFile=/abc/mongosqld-server.pem --sslMode allowSSL --logAppend --logRotate=reopen --logPath=/log/sqld.log
my dockerfile:
FROM debian:jessie
EXPOSE 3307
COPY maven /abc/
WORKDIR /abc
RUN apt-get update && apt-get install -y openssl libssl-dev libgssapi-krb5-2 rsyslog && adduser user1 && chown -R user1 /abc
ENTRYPOINT ["/bin/sh","/abc/run.sh"]
USER abc
Related
I'd like to start with I'm new to docker/kubernetes, so I apologize if I get terminologies wrong.
We are trying to get our docker image to run on kubernetes. When deployed on kubernetes, the yaml file generated has this line:
securityContext:
runAsUser: 1000
runAsGroup: 1000
As is, the website doesn't work, but if changed to 0 from 1000, it works.
We suspect that it has to do with apache in our Dockerfile, but haven't been able to figure out how to fix it. Here is the Dockerfile (with ENV and COPY commands removed):
FROM cern/cc7-base
EXPOSE 8083
RUN yum update -y && yum install -y \
ImageMagick \
httpd \
npm \
php \
python3-pip
RUN echo "alias python=python3" >>~/.bashrc
RUN yum update -y && yum install -y \
epel-release \
root \
python3-root
COPY requirements.txt /code/requirements.txt
RUN pip3 install -r /code/requirements.txt
RUN mkdir /db /run/secrets
RUN chown -R apache:apache /db /var/www /run/secrets
RUN ln -s /dev/stdout /etc/httpd/logs/access_log
RUN ln -s /dev/stderr /etc/httpd/logs/error_log
RUN chown apache:apache /etc/httpd/logs/error_log
RUN chown apache:apache /etc/httpd/logs/access_log
RUN chmod 666 /etc/httpd/logs/error_log
RUN chmod 666 /etc/httpd/logs/access_log
WORKDIR /webapp
COPY webapp/package.json /webapp/package.json
RUN npm install
COPY webapp /webapp
RUN npm run build
RUN cp -r /webapp/build /var/www/public
RUN cp -r /webapp/build /webapp/public
RUN mkdir /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons
RUN chmod 777 /var/www/results /var/www/results/pdfs /var/www/results/pngs /var/www/results/jsons
RUN chgrp -R 1000 /run && chmod -R g=u /run
RUN chgrp -R 1000 /etc/httpd/logs && chmod -R g=u /etc/httpd/logs
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]
Some of the things I tried are: How to run Apache as non-root user?, https://www.henryxieblogs.com/2020/01/dockerfile-example-of-linux-nonroot.html, https://takac.dev/docker-run-apache-as-non-root-user-based-on-the-official-image/
I am not sure if they are not addressing my problem, or if I am just executing the solutions wrong.
Changing the location of error_log, access_log in httpd.conf solved this for me. I also changed all the apache:apache to 1000:1000 in the Dockerfile.
I got the idea to change the location of the logs from here:
https://stackoverflow.com/a/525724/9062782
I have a docker image with base image ubuntu and tomcat installed later on that image. After the docker build, I am able to run the docker image locally without any issue. But when it is deployed on OpenShift, it fails to start.
Dockerfile
FROM ubuntu:latest
RUN apt-get -y update && apt-get -y upgrade
RUN apt-get -y install openjdk-8-jdk wget
RUN wget http://apache.stu.edu.tw/tomcat/tomcat-8/v8.5.58/bin/apache-tomcat-8.5.58.tar.gz -O /tmp/tomcat.tar.gz && \
cd /tmp && tar xvfz tomcat.tar.gz && \
cp -Rv /tmp/apache-tomcat-8.5.58/* /usr/local/tomcat/
EXPOSE 8080
CMD /usr/local/tomcat/bin/catalina.sh run
By default, OpenShift Container Platform runs containers using an arbitrarily assigned user ID. For an image to support running as an arbitrary user, directories and files that may be written to by processes in the image should be owned by the root group and be read/writable by that group. Files to be executed should also have group execute permissions.
Here is the modified Dockerfile
FROM ubuntu:latest
RUN apt-get -y update && apt-get -y upgrade
RUN apt-get -y install openjdk-8-jdk wget
RUN wget http://apache.stu.edu.tw/tomcat/tomcat-8/v8.5.58/bin/apache-tomcat-8.5.58.tar.gz -O /tmp/tomcat.tar.gz && \
cd /tmp && tar xvfz tomcat.tar.gz && \
cp -Rv /tmp/apache-tomcat-8.5.58/* /usr/local/tomcat/
#Add a user ubuntu with UID 1001
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1001 ubuntu && \
chown -R ubuntu:root /usr/local/tomcat && \
chgrp -R 0 /usr/local/tomcat && \
chmod -R g=u /usr/local/tomcat
#Specify the user with UID
USER 1001
EXPOSE 8080
CMD /usr/local/tomcat/bin/catalina.sh run
Refer section "Support Arbitrary User IDs" on the Guideline from Openshift
To relax the security in your cluster so that images are not forced to run as a pre-allocated UID, without granting everyone access to the privileged SCC:
Grant all authenticated users access to the anyuid SCC:
$ oc adm policy add-scc-to-group anyuid system:authenticated
This allows images to run as the root UID if no USER is specified in the Dockerfile.
I have created a docker image, and I have problem to start automatically or even start mysql.
The problem is echo "$#" in entrypoint.sh, I expect to run mysqld_safe, but It doesn't. If a change the line echo "$#" to mysqld_safe --user=mysql it starts successfully. I don't know what is the correct form for run automatically as mysql_safe --user=mysql. What should to write in dockerfile CMD[] to run entrypoint.sh correctly.
My code is next:
-----------
Dockerfile:
-----------
## OS part
## -------
FROM debian:buster-slim
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mysql && useradd -r -g mysql mysql
#RUN apt-get update && apt-get install -y --no-install-recommends gnupg dirmngr && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends gnupg dirmngr
# Add packages for testing
RUN apt-get install iproute2 iputils-ping net-tools vim traceroute less -y
## MYSQL part
##-----------
ENV PATH /usr/local/mysql/bin:$PATH
#ENV MYSQLDATA /usr/local/mysql/data
VOLUME /usr/local/mysql/
ADD mysql-standard-4.0.27-pc-linux-gnu-i686 /usr/local/mysql
ADD my.cnf /etc/
#RUN chown -R mysql /usr/local/mysql/ && chgrp -R mysql /usr/local/mysql/
COPY entrypoint.sh /usr/local/bin/
#RUN chmod +x /entrypoint.sh
EXPOSE 3306
ENTRYPOINT ["entrypoint.sh"]
CMD ["mysqld_safe"]
---------------
Entrypoint.sh:
---------------
#!/bin/bash
set -e
# global variable
setup_env() {
MYSQLDATA="/usr/local/mysql/data"
MYSQLBASE="/usr/local/mysql"
MYSQL_ROOT_PASSWORD="password"
}
# init database
init__database_dir() {
echo "Change rights ..."
ls -la "$MYSQLDATA"
chown -R mysql "$MYSQLDATA"
chgrp -R mysql "$MYSQLDATA"
echo "Initializing database..."
cd $MYSQLBASE
scripts/mysql_install_db --user=mysql
}
temp_server_start() {
mysqld_safe --user=mysql &
}
temp_server_stop() {
mysqladmin shutdown -uroot
sleep 30
}
setup_db() {
sleep 20
echo "start password setting"
mysql -e "GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY '$MYSQL_ROOT_PASSWORD' WITH GRANT OPTION"
echo "password ready"
}
# start mysql if it is exist.
main() {
setup_env
if [ -z "$(ls -A "$MYSQLDATA/mysql/")" ]; then
init__database_dir
temp_server_start
setup_db
temp_server_stop
fi
echo "start mysqld_safe"
echo "$#"
}
main
I think you forgot to pass the parameters in your entrypoint.sh. The last line should be
main "$#"
when i am running the container getting restart.sh file is not found error
code in dockerFile:
RUN addgroup --system ${USER_GROUP} && adduser --system
${NON_ROOT_USER} --ingroup ${USER_GROUP}
RUN apt-get update && apt-get install -y netcat jq iputils-ping wget
vim curl
COPY get-tca.sh /opt/tca/get-tca.sh
COPY restart.sh /opt/tca/restart.sh
RUN chmod 755 /opt/tca/restart.sh
RUN chmod 755 /opt/tca/mr-watchdog.sh
USER ${NON_ROOT_USER}:${USER_GROUP}
ENTRYPOINT /opt/tca/restart.sh
in while i'm trying to build an image im getting following error.
In this image i need to download jenkins, run jenkins in background and then download jenkins-cli, then i have to give my input to cli.
FROM ubuntu:14.04
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y software-properties-common && \
add-apt-repository ppa:webupd8team/java -y && \
apt-get update && \
echo oracle-java7-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections && \
apt-get install -f -y oracle-java9-installer && \
apt install -y default-jre curl wget git nano; \
apt-get clean
# Install dependencies
RUN apt-get -y update && \
apt-get -yqq --no-install-recommends install git bzip2 curl unzip && \
apt-get update
ENV JAVA_HOME /usr
ENV PATH $JAVA_HOME/bin:$PATH
# copy jenkins war file to the container
ADD http://mirrors.jenkins.io/war-stable/2.107.1/jenkins.war /opt/jenkins.war
RUN chmod 644 /opt/jenkins.war
ENV JENKINS_HOME /jenkins
# configure the container to run jenkins, mapping container port 8080 to that host port
ENTRYPOINT ["nohup","java", "-jar", "/opt/jenkins.war"]
RUN mkdir /jenkins/
RUN echo 2.107.1 > /jenkins/jenkins.install.UpgradeWizard.state
RUN echo 2.107.1 > /jenkins/jenkins.install.InstallUtil.lastExecVersion
EXPOSE 8080
VOLUME /jenkins
#jenkins-cli installation
RUN mkdir -p /jcli
RUN chmod 644 /jcli
RUN curl --insecure -OL http://192.168.99.100:8080/jnlpJars/jenkins-cli.jar \
--output /jcli/jenkins-cli.jar
VOLUME /ssh
ENV JENKINS_URL "http://192.168.99.100:8080"
ENV PRIVATE_KEY "C:\Users\himn\.ssh/id_rsa"
ENTRYPOINT ["java","-jar","/jcli/jenkins-cli.jar","-noCertificateCheck","-noKeyAuth"]
CMD ["--help"]
QUESTIONS
Is jenkins-cli downloading
which directory its unable to locate
do i need to run jenkins in background to download jenkins-cli aand
work and How to do it?
and solutions for it
Thank u in advance
last few lines of my Dockerfile
# copy jenkins war file to the container
ADD http://mirrors.jenkins.io/war-stable/2.107.1/jenkins.war /opt/jenkins.war
RUN chmod 644 /opt/jenkins.war
ENV JENKINS_HOME /jenkins
# configure the container to run jenkins, mapping container port 8080 to that host port
ENTRYPOINT ["nohup","java", "-jar", "/opt/jenkins.war"]
RUN mkdir /jenkins/
RUN echo 2.107.1 > /jenkins/jenkins.install.UpgradeWizard.state
RUN echo 2.107.1 > /jenkins/jenkins.install.InstallUtil.lastExecVersion
EXPOSE 8080
VOLUME /jenkins
#jenkins-cli installation
RUN mkdir -p /jcli
RUN chmod 644 /jcli
RUN curl --insecure -OL http://192.168.99.100:8080/jnlpJars/jenkins-cli.jar \
--output /jcli/jenkins-cli.jar
VOLUME /ssh
ENV JENKINS_URL "http://192.168.99.100:8080"
ENV PRIVATE_KEY "C:\Users\himn\.ssh/id_rsa"
ENTRYPOINT ["java","-jar","/jcli/jenkins-cli.jar","-noCertificateCheck","-noKeyAuth"]
CMD ["--help"]
you can try after updating your Dockfile entrypoint as
ENTRYPOINT ["java","-jar","/opt/tmp/jenkin-cli.jar","-noCertificateCheck","-noKeyAuth"]
and also remove following lines:
RUN chmod 644 jenkins-cli.jar
WORKDIR /opt/tmp/jenkins-cli
COPY opt/tmp/jenkins-cli.jar ./jenkins-cli
This looks like a typo error. In your curl command i.e step 19/27, --output is /opt/tmp/jenkin-cli.jar it needs to be /opt/tmp/jenkins-cli.jar.
Error states that it is unable to locate the file /opt/tmp/jenkins-cli.jar because you created the file with name jenkin-cli.jar & not jenkins-cli.jar.
Now the 2nd mistake is you are missing / before opt and moreover,
COPY works from host to container & not within the container. In that case, you don't need to download the CLI to create a container and image.