I need to be able fork a process. As i understand it i need to set the security-opt. I have tried doing this with docker command and it works fine. However when i do this in a docker-compose file it seem to do nothing, maybe I'm not using compose right.
Docker
docker run --security-opt=seccomp:unconfined <id> dlv debug --listen=:2345 --headless --log ./cmd/main.go
Docker-compose
Setup
docker-compose.yml
networks:
backend:
services:
example:
build: .
security_opt:
- seccomp:unconfined
networks:
- backend
ports:
- "5002:5002"
Dockerfile
FROM golang:1.8
RUN go get -u github.com/derekparker/delve/cmd/dlv
RUN dlv debug --listen=:2345 --headless --log ./cmd/main.go
command
docker-compose -f docker-compose.yml up --build --abort-on-container-exit
Result
2017/09/04 15:58:33 server.go:73: Using API v1 2017/09/04 15:58:33
debugger.go:97: launching process with args: [/go/src/debug] could not
launch process: fork/exec /go/src/debug: operation not permitted
The compose syntax is correct. But the security_opt will be applied to the new instance of the container and thus is not available at build time like you are trying to do with the Dockerfile RUN command.
The correct way should be :
Dockerfile:
FROM golang:1.8
RUN go get -u github.com/derekparker/delve/cmd/dlv
docker-compose.yml
networks:
backend:
services:
example:
build: .
security_opt:
- seccomp:unconfined
networks:
- backend
ports:
- "5002:5002"
entrypoint: ['/usr/local/bin/dlv', '--listen=: 2345', '--headless=true', '--api-version=2', 'exec', 'cmd/main.go']
Related
I am trying to run Symfony 3 console command inside of my docker container but not able to getting proper output.
docker-compose.yaml
version: '3.4'
services:
app:
build:
context: .
target: symfony_docker_php
args:
SYMFONY_VERSION: ${SYMFONY_VERSION:-}
STABILITY: ${STABILITY:-stable}
volumes:
# Comment out the next line in production
- ./:/srv/app:rw,cached
# If you develop on Linux, comment out the following volumes to just use bind-mounted project directory from host
- /srv/app/var/
- /srv/app/var/cache/
- /srv/app/var/logs/
- /srv/app/var/sessions/
environment:
- SYMFONY_VERSION
nginx:
build:
context: .
target: symfony_docker_nginx
depends_on:
- app
volumes:
# Comment out the next line in production
- ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
- ./public:/srv/app/public:ro
ports:
- '80:80'
My console command
docker-compose exec nginx php bin/console
It returns the following response
the input device is not a TTY. If you are using mintty, try prefixing the command with 'winpty'
Copy from https://docs.docker.com/compose/reference/exec/
To disable this behavior, you can either the -T flag to disable pseudo-tty allocation.
docker-compose exec -T nginx <command>
Or, set COMPOSE_INTERACTIVE_NO_CLI value as 1
export COMPOSE_INTERACTIVE_NO_CLI=1
For php bin/console to run you need to run from app container like below.
docker-compose exec -T app php bin/console
I've been using localstack to develop a service against locally. I've just been running their docker image via docker run --rm -p 4567-4583:4567-4583 -p 8080:8080 localstack/localstack
And then I manually run a small script to set up my S3 buckets, SQS queues, etc.
Now, I'd like to make this easier for others so I thought I'd just add a Dockerfile and docker-compose.yml file. Unfortunately, when I try to get this up and running, using docker-compose up I get an error that the command from my setup script can't connect to the localstack services.
make_bucket failed: s3://localbucket Could not connect to the endpoint URL: "http://localhost:4572/localbucket"
Dockerfile:
FROM localstack/localstack
#since this is just local dev set up, localstack doesn't require
anything specific here.
ENV AWS_DEFAULT_REGION='[useast1]'
ENV AWS_ACCESS_KEY_ID='[lloyd]'
ENV AWS_SECRET_ACCESS_KEY='[christmas]'
COPY bin/localSetup.sh /localSetup.sh
COPY fixtures/notifications.json /notifications.json
RUN ["chmod", "+x", "/localSetup.sh"]
RUN pip install awscli
# expose service & web dashboard ports
EXPOSE 4567-4582 8080
ENTRYPOINT ["/localSetup.sh"]
docker-compose.yml
version: '3'
services:
localstack:
build: .
ports:
- "8080:8080"
- "4567-4582:4567-4582"
localSetup.sh
#!/bin/bash
aws --endpoint-url=http://localhost:4572 s3 mb s3://localbucket
#additional similar calls but left off for brevity
I've tried switching localhost to 127.0.0.1 in my script commands, but I wind up with the same error. I'm probably missing something silly here.
There is another way to create your custom AWS resources when localstack freshly starts up. Since you already have a bash script for your resources, you can simply volume mount your script to /docker-entrypoint-initaws.d/.
So my docker-compose file would be:
localstack:
image: localstack/localstack:latest
container_name: localstack_aws
ports:
- '4566:4566'
volumes:
- './localSetup.sh:/etc/localstack/init/ready.d/init-aws.sh'
Also, I would prefer awslocal over aws --endpoint in the bash script, as it leverages the credentials work and endpoint for you.
try adding hostname to the docker-compose file and editing your entrypoint file to reflect that hostname.
docker-compose.yml
version: '3'
services:
localstack:
build: .
hostname: localstack
ports:
- "8080:8080"
- "4567-4582:4567-4582"
localSetup.sh
#!/bin/bash
aws --endpoint-url=http://localstack:4572 s3 mb s3://localbucket
This was my docker-compose-dev.yaml I used for testing out an app that was using localstack. I used the command docker-compose -f docker-compose-dev.yaml up, I also used the same localSetup.sh you used.
version: '3'
services:
localstack:
image: localstack/localstack
hostname: localstack
ports:
- "4567-4584:4567-4584"
- "${PORT_WEB_UI-8082}:${PORT_WEB_UI-8082}"
environment:
- SERVICES=s3
- DEBUG=1
- DATA_DIR=${DATA_DIR- }
- PORT_WEB_UI=${PORT_WEB_UI- }
- DOCKER_HOST=unix:///var/run/docker.sock
volumes:
- "${TMPDIR:-/tmp/localstack}:/tmp/localstack"
- "/var/run/docker.sock:/var/run/docker.sock"
networks:
- backend
sample-app:
image: "sample-app/sample-app:latest"
networks:
- backend
links:
- localstack
depends_on:
- "localstack"
networks:
backend:
driver: 'bridge'
I know the question has been asked in various situations, but I'm still stucked despite everything I read on the Internet.
I want to have a script executed after the container "mywebsite" is built and I used ENTRYPOINT for that and I know that in normal use, after the ENTRYPOINT command is executed, the container "mywebsite" exit. I tried several tricks to avoid exit, unfortunately without success.
In my DOCKERFILE I have this :
FROM php:7.1.17-apache
[...]
WORKDIR /var/www
COPY docker-entrypoint.sh /var/www/docker-entrypoint.sh
ENTRYPOINT ["sh", "/var/www/docker-entrypoint.sh"]
Then in my docker-entrypoint.sh I have this :
#!/bin/bash
set -e
cd www
chown -R www-data:www-data sites modules themes
exec "$#"
And here is my docker-compose.yml :
version: '3.3'
services:
mywebsite:
build: .
extra_hosts:
- "mywebsite.local:127.0.0.1"
hostname: mywebsite
domainname: local
ports:
- 8088:80
volumes:
- ./www:/var/www/www
- ./vendor:/var/www/vendor
- ./scripts:/var/www/scripts
links:
- database:database
restart: always
tty: true
database:
image: mysql:5.5.49
container_name: mysql-container
ports:
- 3307:3306
volumes:
- ./www/dumps/mywebsite.sql:/docker-entrypoint-initdb.d/dump.sql
restart: always
command: --max_allowed_packet=32505856
environment:
MYSQL_ROOT_PASSWORD: root
MYSQL_DATABASE: mywebsite
When build, all steps are fine, and everything is set properly, but the container "mywebsite" keep exiting. (The "database" service is running fine)
I haded tty: true and exec "$#" but none of that works.
You can end with command like tail -f /dev/null
I often use this directly in my docker-compose.yml with command: tail -f /dev/null. And it is easy to see how I keep the container running.
I had the same problem when creating my own image from a postgis-image. The problem was that I added an entrypoint. When I removed the entrypoint, build the image again, docker-compose does start my container and postgis was accepting connections.
dockerfile
FROM postgis/postgis:12-master
COPY organisation.sql
#ENTRYPOINT ["docker-entrypoint.sh"] #This was the problem
In docker-compose I did not need command's or tty.
version: "3.7"
services:
mydb:
image: mydb:latest
container_name: mytest
ports:
- "5432:5432"
environment:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: secret
First, I downloaded the drone image:
go get github.com/drone/drone/cmd/...
Second, I built the image for arm:
GOARM=7 go build -o release/drone-server github.com/drone/drone/cmd/drone-server
After that, I built the image for docker:
docker -f ./go-workspace/src/github.com/drone/drone/Dockerfile build -t drone/drone .
The docker file looks like so:
# docker build --rm -t drone/drone .
FROM drone/ca-certs
EXPOSE 8000 9000 80 443
ENV DATABASE_DRIVER=sqlite3
ENV DATABASE_CONFIG=/var/lib/drone/drone.sqlite
ENV GODEBUG=netdns=go
ENV XDG_CACHE_HOME /var/lib/drone
ADD release/drone-server /bin/
ENTRYPOINT ["/bin/drone-server"]
That's my docker-compose.yml:
version: '2'
services:
drone-server:
image: drone/drone:latest
ports:
- 8000:8000
- 9000:9000
volumes:
- /var/lib/drone:/var/lib/drone
restart: always
env_file:
- /etc/drone/server.env
drone-agent:
image: drone/agent:linux-arm
command: agent
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
env_file:
- /etc/drone/agent.env
The agent.env file:
DRONE_SECRET=xxx
DRONE_SERVER=[server-hostname]:9000
DOCKER_ARCH=arm
The server.env file:
# Service settings
DRONE_SECRET=xxx
DRONE_HOST=https://[server-hostname]/drone
DRONE_OPEN=false
DRONE_GOGS=true
DRONE_GOGS_URL=https://[server-hostname]/git
DRONE_GOGS_PRIVATE_MODE=true
However, when running docker-compose -f /etc/drone/docker-compose.yml up, I get the following error:
drone-server_1 | standard_init_linux.go:190: exec user process caused "no such file or directory"
And the drone-server exits with code 1.
I configured Apache to reach drone trough a proxy as described here: http://readme.drone.io/0.5/install/setup/apache/
Any help is appreciated.
I run this command manually:
$ docker run -it --rm \
--network app-tier \
bitnami/cassandra:latest cqlsh --username cassandra --password cassandra cassandra-server
But I don't know how to convert it to a docker compose file, specially the container's custom properties such as --username and --password.
What should I write in a docker-compose.yaml file to obtain the same result?
Thanks
Here is a sample of how others have done it. http://abiasforaction.net/apache-cassandra-cluster-docker/
Running the command below
command:
Setting arg's below
environment:
Remember just because you can doesn't mean you should.. Compose is not always the best way to launch something. Often it can be the lazy way.
If your running this as a service id suggest building the dockerfile to start and then creating systemd/init scripts to rm/relaunch it.
an example cassandra docker-compose.yml might be
version: '2'
services:
cassandra:
image: 'bitnami/cassandra:latest'
ports:
- '7000:7000'
- '7001:7001'
- '9042:9042'
- '9160:9160'
volumes:
- 'cassandra_data:/bitnami'
volumes:
cassandra_data:
driver: local
although this will not provide you with your commandline arguments but start it with the default CMD or ENTRYPOINT.
As you are actually running another command then the default you might not want to do this with docker-compose. Or you can create a new Docker image with this command as the default and provide the username and password as ENV's
e.g. something like this (untested)
FROM bitnami/cassandra:latest
ENV USER=cassandra
ENV PASSWORD=password
CMD ["cqlsh", "--username", "$USER", "--password", "$PASSWORD", "cassandra-server"]
and you can build it
docker build -t mycassandra .
and run it with something like:
docker run -it -e "USER=foo" -e "PASSWORD=bar" mycassandra
or in docker-compose
services:
cassandra:
image: 'mycassandra'
ports:
- '7000:7000'
- '7001:7001'
- '9042:9042'
- '9160:9160'
environment:
USER:user
PASSWORD:pass
volumes:
- 'cassandra_data:/bitnami'
volumes:
cassandra_data:
driver: local
You might looking for something like the following. Not sure if it is going to help you....
version: '3'
services:
my_app:
image: bitnami/cassandra:latest
command: /bin/sh -c cqlsh --username cassandra --password cassandra cassandra-server
ports:
- "8080:8080"
networks:
- app-tier
networks:
app-tier:
external: true