I have the following at the end of my Dockerfile:
ENTRYPOINT bash -C '/usr/local/bin/setup_php_settings';'bash'
If I am not wrong that /usr/local/bin/setup_php_settings will be executed each time the container is started. If so then I have a few installation stuff (like this ZRay for example) inside that script that I would like to move to another script that would be executed just once on image build process let's say.
The content of the setup_php_settings (whithout the ZRay part) is the following:
#!/bin/bash -x
set -e
PHP_ERROR_REPORTING=${PHP_ERROR_REPORTING:-"E_ALL & ~E_DEPRECATED & ~E_NOTICE"}
sed -ri 's/^display_errors\s*=\s*Off/display_errors = On/g' /etc/php5/apache2/php.ini
sed -ri 's/^display_errors\s*=\s*Off/display_errors = On/g' /etc/php5/cli/php.ini
sed -ri "s/^error_reporting\s*=.*$//g" /etc/php5/apache2/php.ini
sed -ri "s/^error_reporting\s*=.*$//g" /etc/php5/cli/php.ini
echo "error_reporting = $PHP_ERROR_REPORTING" >> /etc/php5/apache2/php.ini
echo "error_reporting = $PHP_ERROR_REPORTING" >> /etc/php5/cli/php.ini
mkdir -p /data/tmp/php/uploads
mkdir -p /data/tmp/php/sessions
mkdir -p /data/tmp/php/xdebug
chown -R www-data:www-data /data/tmp/php*
ln -sf /etc/php5/mods-available/zz-php.ini /etc/php5/apache2/conf.d/zz-php.ini
ln -sf /etc/php5/mods-available/zz-php-directories.ini /etc/php5/apache2/conf.d/zz-php-directories.ini
ln -sf /usr/share/php/libzend-framework-php/Zend/ /usr/share/php/Zend
a2enmod rewrite
php5enmod mcrypt
# Apache gets grumpy about PID pre-existing files
: "${APACHE_PID_FILE:=${APACHE_RUN_DIR:=/var/run/apache2}/apache2.pid}"
rm -f "$APACHE_PID_FILE"
source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND "$#"
The question is, how do I execute such new script during image build? Using CMD? Any other workaround?
The correct directive for this is RUN. This would run the script on image build. in your case -
RUN /usr/local/bin/setup_php_settings
CMD bash
Related
I have an application that I am testing in Docker as a JBoss bootable jar. The dockerfile adds the jar to the container, and then runs it. I'd like to pass the database credentials as environment variables for testing, and then as secrets in OpenShift. I tried adding the jar and manipulating it prior to running the CMD java -jar myapp.jar, but the path varies from build to build, and my attempt to capture the path doesn't work when I build the image. I also considered injecting the variables after the application is deployed. It worked, but it was a manual process.
Pre-altering the file did not work because as I was unzipping the files, I was unable to set a variable to store the random path.
FROM registry.redhat.io/ubi8/openjdk-17-runtime
USER root
ENV envhostname=localhost envusername=myappuser envpassword=myapppassword envSID=myappsid
RUN microdnf install fontconfig &&\
microdnf install zip-3.0-23.el8.x86_64
USER 185
ADD myapp-0.0.1-SNAPSHOT-bootable.jar myapp-0.0.1-SNAPSHOT-bootable.jar
RUN unzip myapp-0.0.1-SNAPSHOT-bootable.jar
RUN unzip -n wildfly.zip
RUN export contentpath=$(find . -name "content" | grep -E 'content.+content')
RUN unzip $contentpath
RUN contentpath=${contentpath::-7}
RUN sed -i "s/envhostname/$envhostname/i" $contentpath/WEB-INF/classes/myapp/common/bc4j.xcfg
RUN sed -i "s/envusername/$envusername/i" $contentpath/WEB-INF/classes/myapp/common/bc4j.xcfg
RUN sed -i "s/envpassword/$envpassword/i" $contentpath/WEB-INF/classes/myapp/common/bc4j.xcfg
RUN sed -i "s/envSID/$envSID/i" $contentpath/WEB-INF/classes/myapp/common/bc4j.xcfg
RUN zip -f -Ar $contentpath/content $contentpath/WEB-INF/classes/myapp/common/bc4j.xcfg
RUN zip -f wildfly.zip $contentpath/content
RUN zip -f myapp-0.0.1-SNAPSHOT-bootable.jar wildfly.zip
CMD java -jar myapp-0.0.1-SNAPSHOT-bootable.jar
And I don't know how to automatically trigger a shell script to run after the CMD.
There has to be some better way to handle this.
Oof. I just needed to think this through more. I solved this by modifying my Dockerfile as such
FROM registry.redhat.io/ubi8/openjdk-17-runtime
USER root
ENV envhostname=localhost envusername=myappuser envpassword=mapppw envSID=myapp
RUN microdnf install fontconfig &&\
microdnf install zip-3.0-23.el8.x86_64
ADD myapp-0.0.1-SNAPSHOT-bootable.jar myapp-0.0.1-SNAPSHOT-bootable.jar
ADD prepcfg.sh prepcfg.sh
RUN chmod 777 myapp-0.0.1-SNAPSHOT-bootable.jar
USER 185
CMD ["./prepcfg.sh"]
and creating prepcfg.sh
#!/bin/sh
unzip myapp-0.0.1-SNAPSHOT-bootable.jar
unzip -n wildfly.zip
export contentpath=$(find . -name "content" | grep -E 'content.+content')
contentpath=${contentpath::-7}
cd $contentpath
unzip content
sed -i "s/envhostname/$envhostname/i" WEB-INF/classes/myapp/common/bc4j.xcfg
sed -i "s/envusername/$envusername/i" WEB-INF/classes/myapp/common/bc4j.xcfg
sed -i "s/envpassword/$envpassword/i" WEB-INF/classes/myapp/common/bc4j.xcfg
sed -i "s/envSID/$envSID/i" WEB-INF/classes/myapp/common/bc4j.xcfg
zip -f -Ar content WEB-INF/classes/myapp/common/bc4j.xcfg
cd ~
zip wildfly.zip $contentpath/content
zip myapp-0.0.1-SNAPSHOT-bootable.jar wildfly.zip
java -jar myapp-0.0.1-SNAPSHOT-bootable.jar
Because I don't need to worry about running two commands when I can just initialize my JBoss server at the end of the script called in the Dockerfile.
Im trying to run filebeat in a docker container with the s6 overlay.
When s6 executes or when i manually execute the filebeat binary i get sh: ./filebeat: not found
This is my Dockerfile:
FROM alpine:3.15
ENV AM_I_IN_A_DOCKER_CONTAINER Yes
COPY root/ /
ADD https://github.com/just-containers/s6-overlay/releases/download/v1.21.8.0/s6-overlay-amd64.tar.gz /tmp/
ADD https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.0.0-linux-x86_64.tar.gz /tmp/
ADD requirements.txt /etc/services.d/01_instabot/requirements.txt
ADD src/ /etc/services.d/01_instabot/
RUN chmod +x /usr/local/bin/install.sh
RUN /usr/local/bin/install.sh
#ENTRYPOINT ["/init"]
This is my install.sh:
#!/bin/sh
echo "Unpacking s6 overlay"
gunzip -c /tmp/s6-overlay-amd64.tar.gz | tar -xf - -C /
echo "Creating user"
adduser -D -u 2000 -s /sbin/nologin -D -H botuser
adduser -D -u 2001 -s /sbin/nologin -D -H filebeatuser
echo "Set time"
ln -snf /usr/share/zoneinfo/"$TZ" /etc/localtime && echo "$TZ" > /etc/timezone
apk add --no-cache tzdata
echo "Install filebeat"
gunzip -c /tmp/filebeat-8.0.0-linux-x86_64.tar.gz | \
tar -xf - -C /etc/services.d/00_filebeat/ --strip-components=1
mv /etc/services.d/00_filebeat/my_filebeat.yml /etc/services.d/00_filebeat/filebeat.yml
echo "Install app dependencies"
apk add --no-cache python3 py3-pip
pip3 install --no-cache-dir -r /etc/services.d/01_instabot/requirements.txt
mv /etc/services.d/01_instabot/settings_docker.py /etc/services.d/01_instabot/settings.py
echo "Cleanup"
rm -rf /tmp/*
If i take a look inside the docker container with the docker run command i see the binary present.
/etc/services.d/00_filebeat # ls
LICENSE.txt README.md filebeat filebeat.yml module run
NOTICE.txt fields.yml filebeat.reference.yml kibana modules.d
But when i execute it using ./filebeat i get the not found error.
/etc/services.d/00_filebeat # ./filebeat
sh: ./filebeat: not found
Why is this? And how do i fix it? Is it because of busybox or something?
libc6-compat was missing from my alpine image.
i just started to learn docker...
and i faced this issue, of building image from dockerfile, run a container and trying to access to it!
so when i try to login localhost via ssh -p 12000 root#localhost,
it keeps saying permission denied even when i put abcd for password
FROM ubuntu:20.04
RUN apt update && apt -y upgrade
RUN apt install -y openssh-server
RUN apt-get install -y gcc
RUN mkdir /var/run/sshd
RUN echo 'root:abcd' | chpasswd
RUN sed -i 's/#*PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
RUN sed -i 's#session\s*s*required\s*pam_loginuid.so#session optional pam_loginuid.so#g' /etc/pam.d/sshd
ENV NOTVISIBLE="in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
COPY hw.c /root
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
WORKDIR /root
RUN gcc -o root hw.c
The best way to ssh to a container is by running this commands (this is for your ubuntu container)
docker exec -ti <container_id> bash
the container_id you can get it running docker ps if you didn't setup a fix name
Then you can remove all this lines
RUN mkdir /var/run/sshd
RUN echo 'root:abcd' | chpasswd
RUN sed -i 's/#*PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
RUN sed -i 's#session\s*s*required\s*pam_loginuid.so#session optional pam_loginuid.so#g' /etc/pam.d/sshd
ENV NOTVISIBLE="in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
COPY hw.c /root
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
Remember also that everything you do by ssh on the container will be lost after the container is killed, so always better to add everything on the Dockerfile
i fixed it by deleting all remaining containers!
I made ssh service docker from this Dockerfile.
FROM ubuntu:19.04
RUN apt-get update && apt-get install -y openssh-server \
postgresql-client \
language-pack-ja
RUN update-locale LANG=ja_JP.UTF-8
RUN mkdir /var/run/sshd
ARG ROOT_PASSWORD
RUN echo root:${ROOT_PASSWORD} | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's#session\s*required\s*pam_loginuid.so#session optional pam_loginuid.so#g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
I followed this page.
https://docs.docker.com/engine/examples/running_ssh_service/
It is differently that only changed ubuntu image version to 19.04.
However, I couldn't ssh as happened permission denid.
docker build --build-arg ROOT_PASSWORD=$ROOT_PASSWORD -t eg_sshd .
docker run -d -P --name test_sshd eg_sshd
docker port test_sshd 22
0.0.0.0:32770
ssh root#localhost -p 32770
root#localhost's password:
Permission denied, please try again.
Why did It happen permission denied?
The PermitRootLogin line was not comment out when it was 16.04, however comment out when it was 18.04, so I set it to #\? in order to accommodate both.
It could execut from following Dockerfile.
FROM ubuntu:19.10
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:root' | chpasswd
RUN sed -i 's/#\?PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's#session\s*required\s*pam_loginuid.so#session optional pam_loginuid.so#g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
I tryed to add crontab inside docker image "jenkinsci/blueocean" but after it, jenkins does not start. Where could be the problem?
Many thanks in advance for any help.
<Dockerfile>
FROM jenkinsci/blueocean:1.17.0
USER root
ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.9/supercronic-linux-amd64 \
SUPERCRONIC=supercronic-linux-amd64 \
SUPERCRONIC_SHA1SUM=5ddf8ea26b56d4a7ff6faecdd8966610d5cb9d85
RUN curl -fsSLO "$SUPERCRONIC_URL" \
&& echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
&& chmod +x "$SUPERCRONIC" \
&& mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
&& ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
ADD crontab /etc/crontab
CMD ["supercronic", "/etc/crontab"]
<crontab>
# Run every minute
*/1 * * * * echo "hello world"
commands:
$docker build -t jenkins_test .
$docker run -it -p 8080:8080 --name=container_jenkins jenkins_test
If use docker inspect jenkinsci/blueocean:1.17.0 you will it's entrypoint is:
"Entrypoint": [
"/sbin/tini",
"--",
"/usr/local/bin/jenkins.sh"
],
So, when start the container it will first execute next script.
/usr/local/bin/jenkins.sh:
#! /bin/bash -e
: "${JENKINS_WAR:="/usr/share/jenkins/jenkins.war"}"
: "${JENKINS_HOME:="/var/jenkins_home"}"
touch "${COPY_REFERENCE_FILE_LOG}" || { echo "Can not write to ${COPY_REFERENCE_FILE_LOG}. Wrong volume permissions?"; exit 1; }
echo "--- Copying files at $(date)" >> "$COPY_REFERENCE_FILE_LOG"
find /usr/share/jenkins/ref/ \( -type f -o -type l \) -exec bash -c '. /usr/local/bin/jenkins-support; for arg; do copy_reference_file "$arg"; done' _ {} +
# if `docker run` first argument start with `--` the user is passing jenkins launcher arguments
if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then
# read JAVA_OPTS and JENKINS_OPTS into arrays to avoid need for eval (and associated vulnerabilities)
java_opts_array=()
while IFS= read -r -d '' item; do
java_opts_array+=( "$item" )
done < <([[ $JAVA_OPTS ]] && xargs printf '%s\0' <<<"$JAVA_OPTS")
readonly agent_port_property='jenkins.model.Jenkins.slaveAgentPort'
if [ -n "${JENKINS_SLAVE_AGENT_PORT:-}" ] && [[ "${JAVA_OPTS:-}" != *"${agent_port_property}"* ]]; then
java_opts_array+=( "-D${agent_port_property}=${JENKINS_SLAVE_AGENT_PORT}" )
fi
if [[ "$DEBUG" ]] ; then
java_opts_array+=( \
'-Xdebug' \
'-Xrunjdwp:server=y,transport=dt_socket,address=5005,suspend=y' \
)
fi
jenkins_opts_array=( )
while IFS= read -r -d '' item; do
jenkins_opts_array+=( "$item" )
done < <([[ $JENKINS_OPTS ]] && xargs printf '%s\0' <<<"$JENKINS_OPTS")
exec java -Duser.home="$JENKINS_HOME" "${java_opts_array[#]}" -jar ${JENKINS_WAR} "${jenkins_opts_array[#]}" "$#"
fi
# As argument is not jenkins, assume user want to run his own process, for example a `bash` shell to explore this image
exec "$#"
From above script, you can see, if you add CMD ["supercronic", "/etc/crontab"] to your own dockerfile, then when your container starts, it equals to execute next:
/usr/local/bin/jenkins.sh "supercronic" "/etc/crontab"
As if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then not match, it will directly execute the exec "$# at the last line, which results in the jenkins start code never execute.
To fix it, you had to use your own docker-entrypoint.sh to override its default entrypoint:
docker-entrypoint.sh:
#!/bin/bash
supercronic /etc/crontab &
/usr/local/bin/jenkins.sh
Dockerfile:
FROM jenkinsci/blueocean:1.17.0
USER root
ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.9/supercronic-linux-amd64 \
SUPERCRONIC=supercronic-linux-amd64 \
SUPERCRONIC_SHA1SUM=5ddf8ea26b56d4a7ff6faecdd8966610d5cb9d85
RUN curl -fsSLO "$SUPERCRONIC_URL" \
&& echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
&& chmod +x "$SUPERCRONIC" \
&& mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
&& ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
ADD crontab /etc/crontab
COPY docker-entrypoint.sh /
RUN chmod +x /docker-entrypoint.sh
ENTRYPOINT ["/sbin/tini", "--", "/docker-entrypoint.sh"]