Installing miniconda on alpine linux fails - docker

I have been attempting to install miniconda on an Alpine linux docker image. The minimal "working" example of my failure can be reproduced with Docker as follows:
docker run --rm -it alpine sh
/ # apk update && apk add ca-certificates wget && update-ca-certificates
/ # wget https://repo.continuum.io/miniconda/Miniconda3-4.3.27-Linux-x86_64.sh -O ~/miniconda.sh
/ # sh miniconda.sh -b
PREFIX=/root/miniconda3
installing: python-3.6.2-h02fb82a_12 ...
/root/miniconda.sh: line 361: /root/miniconda3/pkgs/python-3.6.2-h02fb82a_12/bin/python: not found
The file that it looks for is there, though:
/ # ls /root/miniconda3/pkgs/python-3.6.2-h02fb82a_12/bin/python
/root/miniconda3/pkgs/python-3.6.2-h02fb82a_12/bin/python
I would appreciate some insight on this error. I have little idea of what to try next

According to #VladFrolov, anaconda's python is linked to glibc, which isn't available in alpine. For more details about how he built an alpine image with conda, look at https://github.com/frol/docker-alpine-miniconda3
PS: Looks like #VladFrolov now maintains miniconda3:alpine official image https://github.com/ContinuumIO/docker-images/blob/master/miniconda3/alpine/Dockerfile ( Thx for pointing out #rpanai )

You can add this before running the ./miniconda.sh -b:
apk --update add \
bash \
curl \
wget \
ca-certificates \
libstdc++ \
glib \
&& wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-node-bower/master/sgerrand.rsa.pub \
&& curl -L "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk" -o glibc.apk \
&& apk add glibc.apk \
&& curl -L "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-bin-2.23-r3.apk" -o glibc-bin.apk \
&& apk add glibc-bin.apk \
&& curl -L "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/2.25-r0/glibc-i18n-2.25-r0.apk" -o glibc-i18n.apk \
&& apk add --allow-untrusted glibc-i18n.apk \
&& /usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8 \
&& /usr/glibc-compat/sbin/ldconfig /lib /usr/glibc/usr/lib \
&& rm -rf glibc*apk /var/cache/apk/*

Related

Run 'opentsdb' image as non-root

I'm trying to build a custom image of opentsdb to run as non-root user. Our k8s clusters have security policies that doesn't allow containers to run as root. I'm utilizing an existing Dockerfile from here https://hub.docker.com/r/petergrace/opentsdb-docker/dockerfile
Below is my Docker file where I have added extra step to create a new user 'opentsdb' and at the end running it as USER 'opentsdb'
FROM alpine:latest
ENV TINI_VERSION v0.18.0
ENV TSDB_VERSION 2.4.0
ENV HBASE_VERSION 1.4.4
ENV GNUPLOT_VERSION 5.2.4
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/bin/
ENV ALPINE_PACKAGES "rsyslog bash openjdk8 make wget libgd libpng libjpeg libwebp libjpeg-turbo cairo pango lua"
ENV BUILD_PACKAGES "build-base autoconf automake git python3-dev cairo-dev pango-dev gd-dev lua-dev readline-dev libpng-dev libjpeg-turbo-dev libwebp-dev sed"
ENV HBASE_OPTS "-XX:+UseConcMarkSweepGC -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
ENV JVMARGS "-XX:+UseConcMarkSweepGC -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -enableassertions -enablesystemassertions"
RUN addgroup opentsdb && adduser -D -u 100 -G opentsdb opentsdb
# Tini is a tiny init that helps when a container is being culled to stop things nicely
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static-amd64 /tini
RUN chmod +x /tini
ENTRYPOINT ["/tini", "--"]
# Add the base packages we'll need
RUN apk --update add apk-tools \
&& apk add ${ALPINE_PACKAGES} \
# repo required for gnuplot \
--repository http://dl-cdn.alpinelinux.org/alpine/v3.0/testing/ \
&& mkdir -p /opt/opentsdb
WORKDIR /opt/opentsdb/
# Add build deps, build opentsdb, and clean up afterwards.
RUN set -ex && apk add --virtual builddeps ${BUILD_PACKAGES}
RUN ln -s /usr/bin/python3 /usr/bin/python
RUN wget --no-check-certificate \
-O v${TSDB_VERSION}.zip \
https://github.com/OpenTSDB/opentsdb/archive/v${TSDB_VERSION}.zip \
&& unzip v${TSDB_VERSION}.zip \
&& rm v${TSDB_VERSION}.zip \
&& cd /opt/opentsdb/opentsdb-${TSDB_VERSION} \
&& echo "tsd.http.request.enable_chunked = true" >> src/opentsdb.conf \
&& echo "tsd.http.request.max_chunk = 1000000" >> src/opentsdb.conf
RUN cd /opt/opentsdb/opentsdb-${TSDB_VERSION} \
&& find . | xargs grep -s central.maven.org | cut -f1 -d : | xargs sed -i "s/http:\/\/central/https:\/\/repo1/g" \
&& find . | xargs grep -s repo1.maven.org | cut -f1 -d : | xargs sed -i "s/http:\/\/repo1/https:\/\/repo1/g" \
&& ./build.sh \
&& cp build-aux/install-sh build/build-aux \
&& cd build \
&& make install \
&& cd / \
&& rm -rf /opt/opentsdb/opentsdb-${TSDB_VERSION}
RUN cd /tmp && \
wget --no-check-certificate https://sourceforge.net/projects/gnuplot/files/gnuplot/${GNUPLOT_VERSION}/gnuplot-${GNUPLOT_VERSION}.tar.gz && \
tar xzf gnuplot-${GNUPLOT_VERSION}.tar.gz && \
cd gnuplot-${GNUPLOT_VERSION} && \
./configure && \
make install && \
cd /tmp && rm -rf /tmp/gnuplot-${GNUPLOT_VERSION} && rm /tmp/gnuplot-${GNUPLOT_VERSION}.tar.gz
RUN apk del builddeps && rm -rf /var/cache/apk/*
#Install HBase and scripts
RUN mkdir -p /data/hbase /root/.profile.d /opt/downloads
WORKDIR /opt/downloads
RUN wget -O hbase-${HBASE_VERSION}.bin.tar.gz http://archive.apache.org/dist/hbase/${HBASE_VERSION}/hbase-${HBASE_VERSION}-bin.tar.gz \
&& tar xzvf hbase-${HBASE_VERSION}.bin.tar.gz \
&& mv hbase-${HBASE_VERSION} /opt/hbase \
&& rm -r /opt/hbase/docs \
&& rm hbase-${HBASE_VERSION}.bin.tar.gz
# Add misc startup files
RUN ln -s /usr/local/share/opentsdb/etc/opentsdb /etc/opentsdb \
&& rm /etc/opentsdb/opentsdb.conf \
&& mkdir /opentsdb-plugins
ADD files/opentsdb.conf /etc/opentsdb/opentsdb.conf.sample
ADD files/hbase-site.xml /opt/hbase/conf/hbase-site.xml.sample
ADD files/start_opentsdb.sh /opt/bin/
ADD files/create_tsdb_tables.sh /opt/bin/
ADD files/start_hbase.sh /opt/bin/
ADD files/entrypoint.sh /entrypoint.sh
# Fix ENV variables in installed scripts
RUN for i in /opt/bin/start_hbase.sh /opt/bin/start_opentsdb.sh /opt/bin/create_tsdb_tables.sh; \
do \
sed -i "s#::JAVA_HOME::#$JAVA_HOME#g; s#::PATH::#$PATH#g; s#::TSDB_VERSION::#$TSDB_VERSION#g;" $i; \
done
RUN echo "export HBASE_OPTS=\"${HBASE_OPTS}\"" >> /opt/hbase/conf/hbase-env.sh
#4242 is tsdb, rest are hbase ports
EXPOSE 60000 60010 60030 4242 16010 16070
USER opentsdb
#HBase is configured to store data in /data/hbase, vol-mount it to persist your data.
VOLUME ["/data/hbase", "/tmp", "/opentsdb-plugins"]
CMD ["/entrypoint.sh"]
however the newly built image is throwing error and says permission denied for /opt/bin/ files. And the opentsdb is not getting deployed correctly.
On local using docker desktop, everything works fine using root, when I run below command
docker run -dp 4242:4242 petergrace/opentsdb-docker
Do i need to use any chown commands too ?
Could you help how to make opentsdb get deployed correctly using uid 100 ? Thanks in advance!

Failed to get jdk (jdk-8u301-linux-x64.tar.gz) on alpine:3.8

I'm trying to build the image which was built in the past but failing this time as it is failing to download Oracle JDK, it downloads the tar with just a 4 KB file.
I have referred this Docker alpine + oracle java: cannot find java already and tried with the latest version of glibc but no luck.
I'm though able to install the lower version than jdk-8u201.
Any suggestion is appreciated! I have to go with alpine:3.8 only.
FROM alpine:3.8
RUN apk upgrade --update && \
apk add --update curl ca-certificates bash && \
for pkg in glibc-2.23-r1 glibc-bin-2.23-r1 glibc-i18n-2.23-r1; do curl -sSL https://github.com/andyshinn/alpine-pkg-glibc/releases/download/2.23-r1/${pkg}.apk -o /tmp/${pkg}.apk; done && \
apk add --allow-untrusted /tmp/*.apk && \
rm -v /tmp/*.apk && \
mkdir -p /opt/springboot/apps/ && \
( /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 C.UTF-8 || true ) && \
echo "export LANG=C.UTF-8" > /etc/profile.d/locale.sh && \
/usr/glibc-compat/sbin/ldconfig /lib /usr/glibc-compat/lib && \
curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" -o /tmp/java.tar.gz \
https://download.oracle.com/otn-pub/java/jdk/8u201-b09/42970487e3af4f5aa5bca3f542482c60/jdk-8u201-linux-x64.tar.gz && \
gunzip /tmp/java.tar.gz

Docker chrome selenium java openjdk:8 to Alpine

I have a Dockerfile that already works in openjdk:8 but I am trying to convert it to alpine. It is giving me some troubles. The application was made in Java and uses Selenium. This is my current code:
FROM openjdk:8-jdk-alpine
RUN apk update \
&& apk fetch gnupg \
&& apk add --virtual \
curl wget xvfb unzip gnupg \
&& gpg --list-keys
ARG CHROME_DRIVER_VERSION=85.0.4183.87
RUN curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list \
&& apk update \
&& apk add google-chrome-stable \
&& apk cache clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& wget https://chromedriver.storage.googleapis.com/${CHROME_DRIVER_VERSION}/chromedriver_linux64.zip \
&& unzip chromedriver_linux64.zip \
&& mv chromedriver /usr/bin/chromedriver \
&& chown root:root /usr/bin/chromedriver \
&& chmod +x /usr/bin/chromedriver
EXPOSE 42052
.
.
.
I tried to add gnupg like I found in here:
Docker: Using apt-key with alpine image
But it does not work, I just get an error: /bin/sh: gpg: not found
If I removed it, I just get the issue with apt-key that is not found. What is the alternative in alpine or what changes do I have to do to my docker file to work again.
Thanks in advance
Apparently the Chrome .deb file won't work on Alpine. So it needs Chromium to work. If you are already using the ChromeDriver in the Java code it will work without making any changes like in my case.
FROM openjdk:8-jdk-alpine
RUN apk update && apk add --no-cache bash \
alsa-lib \
at-spi2-atk \
atk \
cairo \
cups-libs \
dbus-libs \
eudev-libs \
expat \
flac \
gdk-pixbuf \
glib \
libgcc \
libjpeg-turbo \
libpng \
libwebp \
libx11 \
libxcomposite \
libxdamage \
libxext \
libxfixes \
tzdata \
libexif \
udev \
xvfb \
zlib-dev \
chromium \
chromium-chromedriver \
&& rm -rf /var/cache/apk/* \
/usr/share/man \
/tmp/*
RUN mkdir -p /data && adduser -D chrome \
&& chown -R chrome:chrome /data
USER chrome
.
.
.
If you are going to add create folders and/or add files like in my case, just add USER root to work
It will work the same as the openjdk:8 version.
Actually alpine version in answer post to correct work has to add in code:
chromeOptions.setBinary("/usr/bin/chromium-browser");

Docker image with aws-cli v2 and dind, based on Alpine:3.11

Hi I'm struggling creating a Docker image with aws-cli v2 and Docker, based on Alpine:3.11
I'm using the following commands:
FROM docker:stable #docker is based on Alpine
RUN apk add curl && \
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
unzip awscliv2.zip && \
./aws/install
RUN aws --version && docker -v
I'm obtaining an output like this:
Step 6/6 : RUN aws --version && docker -v
---> Running in 5015c32e62fe
/bin/sh: aws: Permission denied
The command '/bin/sh -c aws --version && docker -v' returned a non-zero code: 127
This is a strange behavior.
AWS binaries won't work on docker images based on Alpine because they are compiling them against glibc.
Two solutions:
build it from ubuntu:latest
Use this Dockerfile which adds glibc and then removes some stuff
FROM alpine:3.11
ENV GLIBC_VER=2.31-r0
RUN apk --no-cache add \
binutils \
curl \
&& curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk \
&& curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk \
&& apk add --no-cache \
glibc-${GLIBC_VER}.apk \
glibc-bin-${GLIBC_VER}.apk \
&& curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \
&& unzip awscliv2.zip \
&& aws/install \
&& rm -rf \
awscliv2.zip \
aws \
/usr/local/aws-cli/v2/*/dist/aws_completer \
/usr/local/aws-cli/v2/*/dist/awscli/data/ac.index \
/usr/local/aws-cli/v2/*/dist/awscli/examples \
&& apk --no-cache del \
binutils \
curl \
&& rm glibc-${GLIBC_VER}.apk \
&& rm glibc-bin-${GLIBC_VER}.apk \
&& rm -rf /var/cache/apk/*
RUN apk add docker
RUN aws --version && docker --version

Is there a more efficient way to dockerize Luarocks?

I am trying to build a lean alpine docker container for unit testing Lua in Google Cloud Build.
It runs fine, but takes about 30 - 50 seconds to build. When I run busted and luacheck, it only takes a few seconds for each. Any thoughts on how I could optimize this build process?
I was using wget and then switched to git. I added curl and unzip since luarocks expects it and openssl for one of luacheck's dependencies. Are there different dependencies I could/should use?
FROM alpine
ENV LUA_VERSION 5.1
RUN apk update
RUN apk add lua${LUA_VERSION}
RUN apk add lua${LUA_VERSION}-dev
RUN apk add bash build-base curl git openssl unzip
RUN cd /tmp && \
git clone https://github.com/keplerproject/luarocks.git && \
cd luarocks && \
sh ./configure && \
make build install && \
cd && \
rm -rf /tmp/luarocks
RUN luarocks install busted
RUN luarocks install luacheck
RUN luarocks install luacov
You can try this
Dockerfile
FROM alpine:3.12
# Set environment
ENV LUA_VERSION=5.1.5 \
LUAROCKS_VERSION=3.4.0
# Install dependency packages
RUN set -xe && \
apk add --no-cache --virtual .build-deps \
curl \
gcc \
g++ \
libc-dev \
make \
readline-dev \
&& \
apk add --no-cache \
readline \
&& \
# Install Lua
wget http://www.lua.org/ftp/lua-${LUA_VERSION}.tar.gz && \
tar zxf lua-${LUA_VERSION}.tar.gz && rm -f lua-${LUA_VERSION}.tar.gz && \
cd lua-${LUA_VERSION} && \
make -j $(getconf _NPROCESSORS_ONLN) linux && make install && \
cd / && rm -rf lua-${LUA_VERSION} && \
# Install LuaRocks
wget https://luarocks.org/releases/luarocks-${LUAROCKS_VERSION}.tar.gz && \
tar zxf luarocks-${LUAROCKS_VERSION}.tar.gz && rm -f luarocks-${LUAROCKS_VERSION}.tar.gz && \
cd luarocks-${LUAROCKS_VERSION} && \
./configure && \
make -j $(getconf _NPROCESSORS_ONLN) build && make install && \
cd / && rm -rf luarocks-${LUAROCKS_VERSION} && \
# Remove all build deps
apk del .build-deps && \
# Test
lua -v && luarocks
COPY docker-entrypoint.sh /usr/local/bin
docker-entrypoint.sh
#!/bin/sh
set -e
buildDepsApk="
curl
libc-dev
gcc
wget
"
pm='unknown'
if [ -e /lib/apk/db/installed ]; then
pm='apk'
fi
if [ "$pm" = 'apk' ]; then
apk add --no-cache ${buildDepsApk}
fi
luarocks install $#
if [ "$pm" = 'apk' ]; then
apk del ${buildDepsApk}
fi
You don't have to build luarocks. You can just install the package using,
RUN apk add luarocks

Resources