When building a dockerfile based on python:3.7-buster and adding a non-root user for enabling VSCode to Attach to the Container, the docker build process get stuck when adding the non-root user at the following position:
Step 9/10 : RUN groupadd --gid $USER_GID $USERNAME && useradd --uid $USER_UID --gid
$USER_GID -m $USERNAME && apt-get update && apt-get install -y sudo && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME && chmod 0440 /etc/sudoers.d/$USERNAME
---> Running in dc359488e628
Get:1 http://deb.debian.org/debian buster InRelease [121 kB]
Get:2 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://security.debian.org/debian-security buster/updates/main amd64 Packages [286 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [10.9 kB]
Fetched 8442 kB in 2s (5238 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
sudo
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 1244 kB of archives.
After this operation, 3882 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 sudo amd64 1.8.27-1+deb10u3 [1244 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 1244 kB in 0s (6119 kB/s)
Selecting previously unselected package sudo.
(Reading database ... 24611 files and directories currently installed.)
Preparing to unpack .../sudo_1.8.27-1+deb10u3_amd64.deb ...
Unpacking sudo (1.8.27-1+deb10u3) ...
Setting up sudo (1.8.27-1+deb10u3) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
The same dockerfile works on a Linux with Docker and on Windows with Docker and WSL2. It did build a few days ago on MacOS, but now it gets stuck and uses up all disk space for Containers and the docker.raw file grows until the maximum defined disk image size in Docker Desktop.
% docker system df
TYPE TOTAL ACTIVE SIZE RECLAIMABLE
Images 2 1 876.7MB 876.7MB (100%)
Containers 1 0 422.3GB 422.3GB (100%)
Local Volumes 0 0 0B 0B
Build Cache 0 0 0B 0B
Creating non-root user instructions were taken from: https://code.visualstudio.com/docs/remote/containers-advanced#_creating-a-nonroot-user
Dockerfile sample:
FROM python:3.7-buster
ARG USERNAME=user-name-goes-here
ARG USER_UID=1000
ARG USER_GID=$USER_UID
RUN mkdir -p /workspace
# Create the user
RUN groupadd --gid $USER_GID $USERNAME \
&& useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \
#
# [Optional] Add sudo support. Omit if you don't need to install software after connecting.
&& apt-get update \
&& apt-get install -y sudo \
&& echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
&& chmod 0440 /etc/sudoers.d/$USERNAME
# ********************************************************
# * Anything else you want to do like clean up goes here *
# ********************************************************
# [Optional] Set the default user. Omit if you want to keep the default as root.
USER $USERNAME
Docker build command:
tag=imagetag
docker build \
--build-arg USERNAME=$USER \
--build-arg USER_UID=$(id -u) \
--build-arg USER_GID=$(id -g) \
--file ./dockerfile \
--tag $tag .
Docker run command:
containername=some-container
imagename=imagetag
workdir=/workspace
command="bash"
docker run \
--rm \
--tty \
--name ${containername} \
--workdir=${workdir} \
--volume $(realpath ../):${workdir}/ \
--user $(id -u):$(id -g) \
${imagename} ${command}
Does someone know what could be done differently to make it work again on MacOS? And how to solve the disk space problem?
At the moment the only solution that works freeing the space is docker system prune and selecting the option "Clean / Purge data" from Docker Desktop Troubleshooting.
Related
I'm trying to run a puppeteer instance with headless: false inside a VM, so I need an interface, that's why I'm using xvfb.
But after trying to run the command: xvfb-run --auto-servernum I get: xvfb-run: usage error: need a command to run even running the command directly on the docket image
this is the docker file I'm using:
FROM node:latest
ENV CHROME_BIN="/usr/bin/chromium"
RUN apt-get update && apt-get install -yq gconf-service libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation
RUN apt-get install -yq libappindicator1; exit 0
RUN apt-get -f install
RUN apt-get install -yq libnss3 lsb-release xdg-utils wget xvfb x11vnc x11-xkb-utils xfonts-100dpi xfonts-75dpi xfonts-scalable xfonts-cyrillic x11-apps chromium
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
ADD package.json /usr/app/package.json
COPY ./index.js /usr/app/index.js
WORKDIR /usr/app
RUN npm install
RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser && mkdir -p /home/pptruser/Downloads && chown -R pptruser:pptruser /home/pptruser && chown -R pptruser:pptruser /usr/app
ENV DISPLAY :99
RUN chmod 777 /usr/app/index.js
USER pptruser
#CMD ["xvfb-run", "--server-args=\"-screen 0 1024x768x24\""]
#docker run -p 3000:3000 --cap-add=SYS_ADMIN pupet
Then I'm building locally:
docker build --tag=testinterface .
Then I'm runnin the docker image on interative mode to running from there:
docker run -it testinterface /bin/bash
Then I run the command:
xvfb-run --auto-servernum
That's when I get:
Which makes not sense because I'm already passing the parameter to run
You are passing the option -a, not a command.
I'm running the following in a Docker container (in a Gitlab CI/CD pipeline) with the python:3 image. I installed git using the following command:
apt-get update
apt-get install -y git
Based on the output, this wasn't even necessary because git was already installed. Unfortunately, I got the following output that states that the "git" command was not found even though the "git" command was used earlier in the script. Does anyone have any idea what's going on here?
$ apt-get update
Get:1 http://security.debian.org/debian-security bullseye-security InRelease [44.1 kB]
Get:2 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [39.4 kB]
Get:4 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [109 kB]
Get:5 http://deb.debian.org/debian bullseye/main amd64 Packages [8183 kB]
Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [2592 B]
Fetched 8494 kB in 1s (6639 kB/s)
Reading package lists...
$ apt-get install -y git
Reading package lists...
Building dependency tree...
Reading state information...
git is already the newest version (1:2.30.2-1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
$ git --version
git version 2.30.2
$ git config --global user.email "${GIT_USER_EMAIL:-$GITLAB_USER_EMAIL}"
$ git config --global user.name "${GIT_USER_NAME:-$GITLAB_USER_NAME}"
$ regex="^report\/[^\/]*\/([^\/]*)\/(.*)"
$ [[ $CI_COMMIT_BRANCH =~ $regex ]]
$ CUSTOMER="${BASH_REMATCH[1]}"
$ PATH="${BASH_REMATCH[2]}"
$ RELPATH=$(.ci/scripts/find_relative.py "${CI_PROJECT_PATH}" "${PATH}")
$ git submodule add ${RELPATH} ${CUSTOMER}
/scripts-530-146123/step_script: line 151: git: command not found
ERROR: Job failed: command terminated with exit code 1
In this line:
PATH="${BASH_REMATCH[2]}"
you alter the PATH variable. I suspect it no longer has /usr/bin (or wherever git is) in the new path.
Some of my GitHub Actions workflows started recently to return this error when installing Chromedriver:
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [122 kB]
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Reading package lists...
E: Repository 'http://security.debian.org/debian-security buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
E: Repository 'http://deb.debian.org/debian buster-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates'
Error: Process completed with exit code 100.
Here is my step implementation:
jobs:
build:
runs-on: ubuntu-latest
container:
image: docker://guillaumefalourd/ritchiecli:py-3.8
steps:
- name: Install Chrome Driver
run: |
sudo apt-get update
sudo apt-get install -y unzip xvfb libxi6 libgconf-2-4 gnupg2
sudo curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add
sudo echo "deb https://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list
sudo apt-get -y update
sudo apt-get -y install google-chrome-stable
wget -N https://chromedriver.storage.googleapis.com/89.0.4389.23/chromedriver_linux64.zip -P ~/
unzip ~/chromedriver_linux64.zip -d ~/
rm ~/chromedriver_linux64.zip
sudo mv -f ~/chromedriver /usr/local/bin/chromedriver
sudo chown root:root /usr/local/bin/chromedriver
sudo chmod 0755 /usr/local/bin/chromedriver
Docker Image Implementation: docker://guillaumefalourd/ritchiecli:py-3.8
What I tried
I read from here and here that adding sudo apt-get --allow-releaseinfo-change update or sudo apt-get dist-upgrade could resolve the problem, but even adding those to my workflow didn't resolve it.
I tried using this action setup-chromedriver but it returned the same error when following the documentation:
steps:
- uses: actions/checkout#v2
- uses: nanasess/setup-chromedriver#master
with:
# Optional: do not specify to match Chrome's version
chromedriver-version: '88.0.4324.96'
- run: |
export DISPLAY=:99
chromedriver --url-base=/wd/hub &
sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 & # optional
As it seems to be related to Debian 10 (Buster) (?) I also tried to use another Ubuntu runner version as a runner (ubuntu-18.04 instead of ubuntu-latest), but nothing changed, same error.
How can I resolve this issue?
Answer
I observed afterwards that the problem was happening at the first command : sudo apt-get update (and I was adding the other command after...).
Substituting it for sudo apt-get --allow-releaseinfo-change update resolved my problem.
Therefore the answer was not to add the sudo apt-get --allow-releaseinfo-change update to the step executed commands, but substituting the sudo apt-get update command for it.
jobs:
build:
runs-on: ubuntu-latest
container:
image: docker://guillaumefalourd/ritchiecli:py-3.8
steps:
- name: Install Chrome Driver
run: |
sudo apt-get --allow-releaseinfo-change update
sudo apt-get install -y unzip xvfb libxi6 libgconf-2-4 gnupg2
sudo curl -sS -o - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add
sudo echo "deb https://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list
sudo apt-get -y update
sudo apt-get -y install google-chrome-stable
wget -N https://chromedriver.storage.googleapis.com/89.0.4389.23/chromedriver_linux64.zip -P ~/
unzip ~/chromedriver_linux64.zip -d ~/
rm ~/chromedriver_linux64.zip
sudo mv -f ~/chromedriver /usr/local/bin/chromedriver
sudo chown root:root /usr/local/bin/chromedriver
sudo chmod 0755 /usr/local/bin/chromedriver
I know you tried it with
apt-get --allow-releaseinfo-change update
but it worked for me.
This is my command in the dockerfile:
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
&& sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
&& apt-get --allow-releaseinfo-change update \
&& apt-get install -y google-chrome-unstable \
--no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
not required: rm -rf /var/lib/apt/lists/*
FWIW, you may reduce your risk in using this option (--allow-releaseinfo-change) by adding specialist options to limit the fields you permit to bypass apt-secure. From man apt-get:
Specialist options (--allow-releaseinfo-change-field) exist to allow changes only for certain fields like origin, label, codename, suite, version and defaultpin. See also apt_preferences(5).
For example, in the current bugaboo created by the delayed release of bullseye between the Debian and its derivative RPi OS, the specialist option would be suite. This due to the fact that the suite label in buster has been changed from stable to oldstable:
$ sudo apt-get --allow-releaseinfo-change-suite update
Jenkins docker.sock is not working.
I've already tried everything.
But i still get my error.
01:22:44 + docker ps
01:22:44 Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied
This error disappears only when i run jenkins container as ROOT.
THIS IS WORKS FINE:
USER root
# prerequisites for docker
RUN apt-get update \
&& apt-get -y install \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
# docker repos
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
&& echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable" >> /etc/apt/sources.list.d/additional-repositories.list \
&& echo "deb http://ftp-stud.hs-esslingen.de/ubuntu xenial main restricted universe multiverse" >> /etc/apt/sources.list.d/official-package-repositories.list \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 437D05B5 \
&& apt-get update
# docker
RUN apt-get -y install docker-ce
# docker-compose
RUN curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose \
&& chmod +x /usr/local/bin/docker-compose
# give jenkins docker rights
RUN usermod -aG docker jenkins
but when i add this to Dockerfile (using jenkins user instead of root)
# give jenkins docker rights
RUN usermod -aG docker jenkins
USER jenkins
i get permission denied error.
I already tried this too:
newgrp docker
Not working
What i'm doing wrong?
My host OS is MacOS
It's okay to run jenkins as root or not?
I'm using this guide to web development and I'm required to install some CLIs. I'm coding on a raspi v2 running stretch. When I try to install Heroku CLI I get an error:
Input:
wget -qO- https://cli-assets.heroku.com/install-ubuntu.sh | sh
Output:
+ SUDO=
+ id -u
+ [ 1000 != 0 ]
+ SUDO=sudo
+ echo This script requires superuser access to install apt packages.
This script requires superuser access to install apt packages.
+ echo You will be prompted for your password by sudo.
You will be prompted for your password by sudo.
+ sudo -k
+ sudo sh
+ dpkg -s apt-transport-https
+ echo deb https://cli-assets.heroku.com/branches/stable/apt ./
+ dpkg -s heroku-toolbelt
+ true
+ + apt-key add -
wget -qO- https://cli-assets.heroku.com/apt/release.key
OK
+ apt-get update
Hit:1 http://archive.raspberrypi.org/debian stretch InRelease
Hit:2 http://mirrordirector.raspbian.org/raspbian stretch InRelease
Hit:3 https://cli-assets.heroku.com/branches/stable/apt ./ InRelease
Hit:4 https://deb.nodesource.com/node_6.x stretch InRelease
Hit:5 https://packagecloud.io/AtomEditor/atom/any any InRelease
Reading package lists... Done
+ apt-get install -y heroku
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package heroku
What am I doing wrong? Is Heroku compatible with Raspbian? Is there a work-around? Thanks in advance.
Your question:
Is Heroku compatible with Raspbian?
Answer: Yes it is.
They currently working on a cross-platform install method for the CLI with snap. But folks have gotten the CLI to install on arm via npm but they don't officially support it. Snap should be a great solution for arm users when it's ready. But at the moment, you could install the standalone heroku toolbelt for linux arm like it is described in Standalone installation
# Run this from your terminal.
# Replace OS with one of “linux”, “darwin”, “windows”, “freebsd”, “openbsd”
# Replace ARCH with one of “amd64”, “386” or “arm”
wget https://cli-assets.heroku.com/branches/stable/heroku-OS-ARCH.tar.gz
mkdir -p /usr/local/lib /usr/local/bin
tar -xvzf heroku-OS-ARCH.tar.gz -C /usr/local/lib
ln -s /usr/local/lib/heroku/bin/heroku /usr/local/bin/heroku
# ensure that /usr/local/bin is in the PATH environment variable