I have the following in my dockerfile. (There is much more. but I have pasted the relevant part here)
RUN useradd jenkins
USER jenkins
# Maven settings
RUN mkdir ~/.m2
COPY settings.xml ~/.m2/settings.xml
The docker build goes through fine and when I run docker image, I see NO errors.
but I do not see .m2 directory created at /home/jenkins/.m2 in the host filesystem.
I also tried replacing ~ with /home/jenkins and still I do not see .m2 being created.
what am I doing wrong?
Thanks
I tried something similar and got
Step 4 : RUN mkdir ~/.m2
---> Running in 9216915b2463
mkdir: cannot create directory '/home/jenkins/.m2': No such file or directory
your useradd is not enough to create /home/jenkins
I do for my user gg
RUN useradd -d /home/gg -m -s /bin/bash gg
RUN echo gg:gg | chpasswd
RUN echo 'gg ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/gg
RUN chmod 0440 /etc/sudoers.d/gg
USER gg
ENV HOME /home/gg
WORKDIR /home/gg
This creates the directory of the user gg
`
Related
I am trying to add non-root user to my docker container. Thanks to some great previous posts, I think I was able to make a valid non-root user by using docker file attached below.
Then I attempted to create a .bashrc in that user's home directory through the same dockerfile. Building the image was successful without any problems. However, I could not create the .bashrc to under $HOME_DIR by running the created image. As a note, the creation of the user and the home directory works fine.
Could you please tell me why it doesn't work?
FROM ubuntu:20.04
ENV TZ=Asia/Tokyo
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
ENV DEBCONF_NOWARNINGS=yes
ARG USERNAME=test
ARG GROUPNAME=test
ARG UID=1004
ARG GID=1004
ARG PASSWORD=test
ARG HOME_DIR=/home/$USERNAME/
RUN groupadd -g $GID $GROUPNAME && \
useradd -m -s /bin/bash -u $UID -g $GID -G sudo $USERNAME && \
echo $USERNAME:$PASSWORD | chpasswd
USER $USERNAME
WORKDIR $HOME_DIR
####
## The following lines do not work for me
####
RUN echo test >> $HOME_DIR/.bashrc
EDIT: adding command used to run the image:
sudo docker run --name [container name] \
-v /home/test/Work:/home/test -i -t --shm-size 30G [image name]
When you build the image, you create a file called .bashrc in /home/test.
However, when you run the image, you map a directory on the host to /home/test.
When you do that, all the files in the image that are in /home/test become 'hidden' and replaced with the directory you map into the image.
You can verify that the file is in the image by running it without mapping the directory to /home/test. Then you will be able to see the .bashrc file in /home/test.
A solution could be to have the .bashrc file in the /home/test/Work directory on the host machine.
I have built a local uaa docker image and tried to run in local.
But I am getting this error when I am trying to start the docker image.
I built the docker image via this below command and the build is successful too.
docker build -t uaa-local --build-arg uaa_yml_name=local.yml .
when I am trying to run the local uaa docker image, I am getting this below error. What I am doing wrong
Content of DockerFile
FROM openjdk:11-jre
ARG uaa_yml_name=local.yml
ENV UAA_CONFIG_PATH /uaa
ENV CATALINA_HOME /tomcat
ADD run.sh /tmp/
ADD conf/$uaa_yml_name /uaa/uaa.yml
RUN chmod +x /tmp/run.sh
RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.57/bin/apache-tomcat-8.5.57.tar.gz
RUN tar zxf apache-tomcat-8.5.57.tar.gz
RUN rm apache-tomcat-8.5.57.tar.gz
RUN mkdir /tomcat
RUN mv apache-tomcat-8.5.57/* /tomcat
RUN rm -rf /tomcat/webapps/*
ADD dist/cloudfoundry-identity-uaa-74.22.0.war /tomcat/webapps/
RUN mv /tomcat/webapps/cloudfoundry-identity-uaa-74.22.0.war /tomcat/webapps/ROOT.war
RUN mkdir -p /tomcat/webapps/ROOT && cd /tomcat/webapps/ROOT && unzip ../ROOT.war
ADD conf/log4j2.properties /tomcat/webapps/ROOT/WEB-INF/classes/log4j2.properties
RUN rm -rf /tomcat/webapps/ROOT.war
EXPOSE 8080
CMD ["/tmp/run.sh"]
On further investigation I think it is looking for run.sh file in the /tmp/ folder which is added on line 5 in Dockerfile..but when I checked for the file in /tmp/ folder it is not there..Is it because of that?And how to resolve that? I already have the run.sh in my current folder.
RUN adduser -D appUser
RUN mkdir /usr/share/app
RUN mkdir /logs
ADD Function/target/foo.jar /usr/share/app
WORKDIR /usr/share/app
RUN chown -R appUser /usr/share/app
RUN chown -R appUser /logs
USER appUser
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "foo.jar"]`
I've got this weird issue I can't seem to work my head around.
My root folder contains two directories, (both with subdirectories) 'Demo/Dockerfile' and 'Function/target/foo.jar'
I have a copy command in my Dockerfile that reads
COPY Function/target/foo.bar /usr/share/app
but when I run docker build -f Demo/Dockerfile from the root folder, I get an error
stat /var/lib/docker/tmp/docker-builder238823934/Function/target/foo.jar: no such file or directory
I find this a bit strange because when I edit the copy command to read COPY /target/foo.bar /usr/share/app and then I cd into the Function directory and run
docker build -f ../Demo/Dockerfile
it builds successfully, or if I edit the Dockerfile to read COPY foo.bar /usr/share/app and then cd into the target directory and run docker build -f ../../Demo/Dockerfile, this also works.
Is there an explanation for this sort of behavior?
This is what my dockerignore file looks like
!**/Dockerfile
!DockerServiceDescription/**
!Function/target/*.war
!server.xml
!tomcat-users.xml
Docker uses context directory and children only and does not allow using any files outside for security reasons.
You should show context directory to docker using '.' or so:
cd myproject
docker build -f Demo/Dockerfile .
I'm trying to build a docker image for jenkins that automates the configuration of the server. I'd like to use yaml for my config files. For that I need to make snakeyaml available to the groovy grapes. Here is my docker file
FROM jenkins/jenkins:2.107.3
ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false"
USER root
RUN mkdir -p /var/jenkins_home/files
RUN mkdir -p /var/jenkins_home/.groovy/grapes/org.yaml/snakeyaml/jars
RUN chown -R jenkins:jenkins /var/jenkins_home/files
RUN chown -R jenkins:jenkins /var/jenkins_home/.groovy/grapes/org.yaml/snakeyaml/jars
USER jenkins
COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
COPY 03security.groovy /usr/share/jenkins/ref/init.groovy.d/03security.groovy
COPY ivy-1.21.xml /var/jenkins_home/.groovy/grapes/org.yaml/snakeyaml/ivy-1.21.xml
COPY snakeyaml-1.21.jar /var/jenkins_home/.groovy/grapes/org.yaml/snakeyaml/jars/snakeyaml-1.21.jar
COPY mainConfig.yml /var/jenkins_home/files/mainConfig.yml
COPY 03mainConfig.groovy /usr/share/jenkins/ref/init.groovy.d/03mainConfig.groovy
I don't why I'm having this problem, but when I run the build I'm getting this error:
chown: cannot access '/var/jenkins_home/files': No such file or directory
I've run similar commands in other images and not had this issue, but it won't let me create or access that file and I get the same error when I exclude it and try with only the .groovy/grapes path.
Any help in this is appreciated. Also, if you know a working solution to get snakeyaml(or another library) loaded into a jenkins docker image then I'd like to see that too.
I guess it's because /var/jenkins_home/ is volume. If you run command docker history jenkins/jenkins you will see it.
<missing> 2 months ago /bin/sh -c #(nop) VOLUME [/var/jenkins_home] 0B
You can add your files you want to copy to /var/jenkins_home, to direcotry /usr/share/jenkins/ref
COPY *.xml /usr/share/jenkins/ref/
It means that all you xml files will be copied into /var/jenkins_home after container starts.
I'm trying to create a multi-stage build in docker which simply run a non root crontab which write to volume accessible from outside the container. I have two problem with permissions, with volume external access and with cron:
the first build in dockerfile create a non-root user image with entry-point and su-exec useful to fix permission with volume!
the second build in the same dockerfile used the first image to run a crond process which normally write to /backup folder.
The docker-compose.yml file to build the dockerfile:
version: '3.4'
services:
scrap_service:
build: .
container_name: "flight_scrap"
volumes:
- /home/rey/Volumes/mongo/backup:/backup
In the first step of DockerFile (1), I try to adapt the answer given by denis bertovic to Alpine image
############################################################
# STAGE 1
############################################################
# Create first stage image
FROM gliderlabs/alpine:edge as baseStage
RUN echo http://nl.alpinelinux.org/alpine/edge/testing >> /etc/apk/repositories
RUN apk add --update && apk add -f gnupg ca-certificates curl dpkg su-exec shadow
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
# ADD NON ROOT USER, i hard fix value to 1000, my current id
RUN addgroup scrapy \
&& adduser -h /home/scrapy -u 1000 -S -G scrapy scrapy
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
My docker-entrypoint.sh to fix permission is:
#!/usr/bin/env bash
chown -R scrapy .
exec su-exec scrapy "$#"
The second stage (2) run the cron service to write into /backup folder mounted as volume
############################################################
# STAGE 2
############################################################
FROM baseStage
MAINTAINER rey
ENV TZ=UTC
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN apk add busybox-suid
RUN apk add -f tini bash build-base curl
# CREATE FUTURE VOLUME FOLDER WRITEABLE BY SCRAPY USER
RUN mkdir /backup && chown scrapy:scrapy /backup
# INIT NON ROOT USER CRON CRONTAB
COPY crontab /var/spool/cron/crontabs/scrapy
RUN chmod 0600 /var/spool/cron/crontabs/scrapy
RUN chown scrapy:scrapy /var/spool/cron/crontabs/scrapy
RUN touch /var/log/cron.log
RUN chown scrapy:scrapy /var/log/cron.log
# Switch to user SCRAPY already created in stage 1
WORKDIR /home/scrapy
USER scrapy
# SET TIMEZONE https://serverfault.com/questions/683605/docker-container-time-timezone-will-not-reflect-changes
VOLUME /backup
ENTRYPOINT ["/sbin/tini"]
CMD ["crond", "-f", "-l", "8", "-L", "/var/log/cron.log"]
The crontab file which normally create a test file into /backup volume folder:
* * * * * touch /backup/testCRON
DEBUG phase :
Login into my image with bash, it seems image correctly run the scrapy user :
uid=1000(scrapy) gid=1000(scrapy) groups=1000(scrapy)
The crontab -e command also gives the correct information
But first error, cron don't run correctly, when i cat /var/log/cron.log i have a permission denied error
crond: crond (busybox 1.27.2) started, log level 8
crond: root: Permission denied
crond: root: Permission denied
I have also a second error when I try to write directly into the /backup folder using the command touch /backup/testFile. The /backup volume folder continue to be only accessible using root permission, don't know why.
crond or cron should be used as root, as described in this answer.
Check out instead aptible/supercronic, a crontab-compatible job runner, designed specifically to run in containers. It will accomodate any user you have created.