Permission issues with own built Docker container with Elasticsearch 2.1 - elasticsearch

When I pull an image from public elasticsearch repo, spawning container with that pulled image is working fine for me with no permission issues.
docker pull elasticsearch
docker run -d elasticsearch
But when I spawn a container with the Dockerfile which is available there with the public repo gives me permission issues. I do have a same directory structure as public repo.
myfolder/Dockerfile
myfolder/docker-entrypoint.sh
myfolder/config/elasticsearch.yml
myfolder/config/logging.yml
https://github.com/docker-library/elasticsearch/tree/0d393d9a0a2e24fca022a89ad10c7050b2925292/2.1
Commands:-
1) To build an image with the Dockerfile
sudo docker build -t testuser/testelastic:v1 .
2) Spawn container out of the built image
sudo docker run -d --name elastic -v ./config:/config testuser/testelastic:v1
But it gives me following error everytime when I tried to spawn any container out of the above custom build image.
Error response from daemon: Cannot start container 8e72f3c33d054f5883b2de9e7673bc032333e633e3f43905d7d22a12ea76ad04: [8] System error: exec: "/docker-entrypoint.sh": permission denied

chmod +x docker-entrypoint.sh
You need the script to be executable. Then build and run.

Related

Gradle as non root

Could you please let me know how to run a gradle image (pulled from docker repository), with jib plugin and running as non-root user in Kubernetes pod?
I have build a gradle image using Gradle 4.6.
I’m using this image in my Kubernetes pod.
When I run the image as user - root, the gradle build is successful.
When I run the image as non-root user (because of pod RBAC enablement), the build fails as gradle is unable to create /.gradle directory and there are no sufficient privileges and getting the below error.
Failed to load native library 'libnative-platform.so' for Linux amd64.
Is there any way to grant the non-root user passed via securityContext to perform the build successfully using the gradle image?
Is there a better way to resolve the issue without changing the directory permission to 777 .
Thanks in advance!!
Check if /.gradle directory is already created by root
E.g. using stat command. You might see that current user doesn't have enough permissions to work with it:
$ stat ~/.gradle | grep Uid
> Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
If so, change owner of the directory:
$ sudo chown -R $USER ~/.gradle
Where
sudo chown -R does recursive owner update
$USER contains current username
I believe you are talking about the official Gradle image on Docker Hub.
The gradle:4.6 image is designed and meant to be run as user gradle (UID 1000).
$ docker inspect gradle:4.6 --format '{{.Config.User}}'
gradle
$ docker run --rm --entrypoint id gradle:4.6
uid=1000(gradle) gid=1000(gradle) groups=1000(gradle)
Therefore, it only works when running the image as user root (UID 0) or gradle (UID 1000).
# These all work.
$ docker run --rm --user 0 gradle:4.6
$ docker run --rm --user root gradle:4.6
$ docker run --rm --user 1000 gradle:4.6
$ docker run --rm --user gradle gradle:4.6
# However, this doesn't work.
$ docker run --rm --user 1234 gradle:4.6
FAILURE: Build failed with an exception.
* What went wrong:
Failed to load native library 'libnative-platform.so' for Linux amd64.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Therefore, you just need to make sure that you run the container as user 1000 or gradle (on whatever container runtime environment you use). And because the image gradle:4.6 is configured to run as 1000, when you build a new image based on gradle:4.6, it should run OK on almost all container runtime platforms (unless you override the configured user at the platform level).
(Now, the following assumes that you are using Jib to build another Gradle-like image based on gradle:4.6 and that you are using this new Gradle-like image on Kubernetes. That is, the following doesn't apply if you are using Jib to containerize a normal application image inside gradle:4.6.)
However, there is a bug in Jib that does not inherit the configured user from the base image. The bug will be fixed in the next 2.3.0 release. In the meantime, you can explicitly tell Jib to configure the user in the built image. In build.gradle, set
jib.container.user = 'gradle:gradle'
or if you prefer numeric UID and GID,
jib.container.user = '1000:1000'
. Or you can set the system property on the command-line:
./gradlew -Djib.container.user='gradle:gradle' ... jib
Another option is to set the correct user on the Kubernetes side. For example, within securityContext, you can set runAsUser: 1000 and runAsGroup: 1000.
Finally, although gradle:4.6 is built to run as user gradle (UID 1000), I see that recently they have reverted this decision. Now gradle:latest is configured to run as root.
$ docker run --rm --entrypoint id gradle
uid=0(root) gid=0(root) groups=0(root)

How can we send aws address in my local machine to jenkins image run in docker container?

I am trying to send the path of aws in my host machine to jenkins that will be run in a docker container. So I downloaded jenkins image and I am trying to use aws cli command in jenkins pipeline in order to build nodejs application and then deploy it to s3 bucket. For the I need aws cli in jenkins image that I am running through docker. As far as I know, once you run any image in docker container, then it will be a seprate environemnt in itself so jenkins will not know that I have aws installed in my mac unless I send it address of aws in my mac which is what I am trying to do with
-v $(which aws): $(which aws)
command.
docker run -d -p 8080:8080 -p 50000:50000 -v ~/jenkins_directory:/var/jenkins_home -v $(which aws):$(which aws) jenkins/jenkins:2.190.2
However after I run this container in command line, it shows the following error response
docker: Error response from daemon: Mounts denied:
The path /usr/local/bin/aws
is not shared from OS X and is not known to Docker.
According to some of the answers I found in stackoverflow I then tried to add the address of aws in Docker file sharing panel. When I added the address of aws in docker, it again shows that
The path /usr is reserved by Docker however it may be possible to export specific subdirectories.
I have been able to get around this. I tried adding the whole
usr/local/bin/aws
in docker file sharing panel but still it shows the same problem. Does anyone have any idea what other things we can do in order to send the address of aws in my local container to jenkins image that I am trying to run in docker container?
You need to install aws-cli in your docker image, and then you will able to use aws-cli inside your container.
FROM jenkins/jenkins:2.190.2
USER root
RUN apt-get update && \
apt-get install awscli -y
USER jenkins
-v or volumes are not designed to bind the host executable, but they are designed for files and folders for persistent storage. If you need executable you need to add in your docker image.
To be able to save (persist) data and also to share data
between containers, Docker came up with the concept of volumes. Quite
simply, volumes are directories (or files) that are outside of the
default Union File System and exist as normal directories and files on
the host filesystem.
understanding-volumes-docker
For this question
I am trying to use aws CLI command in jenkins pipeline in order to
build nodejs application and then deploy it to s3 bucket.
If you are inside AWS, you can assign the IAM role to Jenkins server and you will not be required to bind host keys.
Or if you are outside AWS, then you just need bind host aws config and credentials ,
docker run -d -p 8080:8080 -p 50000:50000 -v ~/jenkins_directory:/var/jenkins_home -v $HOME/.aws/:/var/jenkins_home/.aws/ jenkins/jenkins:2.190.2

Unable to find docker image locally

I was following this post - the reference code is on GitHub. I have cloned the repository on my local.
The project has got a react app inside it. I'm trying to run it on my local following step 7 on the same post:
docker run -p 8080:80 shakyshane/cra-docker
This returns:
Unable to find image 'shakyshane/cra-docker:latest' locally
docker: Error response from daemon: pull access denied for shakyshane/cra-docker, repository does not exist or may require 'docker login'.
See 'docker run --help'.
I tried login to docker again but looks like since it belongs to #shakyShane I cannot access it.
I idiotically tried npm start too but it's not a simple react app running on node - it's in the container and containers are not controlled by npm
Looks like docker pull shakyshane/cra-docker:latest throws this:
Error response from daemon: pull access denied for shakyshane/cra-docker, repository does not exist or may require 'docker login'
So the question is how do I run this docker image on my local mac machine?
Well this is illogical but still sharing so future people like me don't get stuck.
The problem was that I was trying to run a docker image which doesn't exist.
I needed to build the image:
docker build . -t xameeramir/cra-docker
And then run it:
docker run -p 8080:80 xameeramir/cra-docker
In my case, my image had TAG specified with it and I was not using it.
REPOSITORY TAG IMAGE ID CREATED SIZE
testimage testtag 189b7354c60a 13 hours ago 88.3MB
Unable to find image 'testimage:latest' locally for this command docker run testimage
So specifying tag like this - docker run testimage:testtag worked for me
Posting my solution since non of the above worked.
Working on macbook M1 pro.
The issue I had is that the image was built as arm/64. And I was running the command:
docker run --platform=linux/amd64 ...
So I had to build the image for amd/64 platform in order to run it.
Command below:
docker buildx build --platform=linux/amd64 ...
In conclusion your docker image platform and docker run platform needs to be the same from what I experienced.
In my case, the docker image did exist on the system and still I couldn't run the container locally, so I used the exact image ID instead of image name and tag, like this:
docker run myContainer c29150c8588e
I received this error message when I typed the name/character wrong. That is, "name1\name2" instead of "name1/name2" (wrong slash).
In my case, I saw this error when I had logged in to the dockerhub in my docker desktop. The repo I was pulling was local to my enterprise. Once i logged out of dockerhub, the pull worked.
This just happened to me because my local docker vm on macos ran out of disk space.
I just deleted some old images using docker image prune and it started working correctly again.
shakyshane/cra-docker Does not exist in that user's repo https://hub.docker.com/u/shakyshane/
The problem is you are trying to run an imagen that does not exists. If you are executing a Dockerfile, the image was not created until Dockerfile pass with no errors; so when Dockerfile tries to run the image, it can't find it. Be sure you have no errors in the execution of your scripts.
The simplest answer can be the correct one!.. make sure you have permissions to execute the command, use:
sudo docker run -p 8080:80 shakyshane/cra-docker
In my case, I didn't realise there was a difference between docker run and docker start, and I kept using the run command when I should've been using the start command.
FYI, run is for building and creating the docker container, start is to just start a stopped container
Use -d
sudo docker run -d -p 8000:8000 rasa/duckling
learn about -d here
sudo docker run --help
At first, i build image on mac-m1-pro with this command docker build -t hello_k8s_world:0.0.1 ., when is run this image the issue appear.
After read Master Yi's answer, i realize the crux of the matter and rebuild my images like this docker build --platform=arm64 -t hello_k8s_world:0.0.1 .
Finally,it worked.

Error in running Spring-Boot Application on Docker

I tried to run my simple Spring Web application jar on docker but I always get the following error. ubuntu & openjdk images exist and their state is UP. I could not run my jar file on docker? How can I get rid of this error?
ubuntu#ip-172-31-16-5:~/jar$ **docker run -d -p 8080:8080 spring-docker tail -f /dev/null**
c8eb92e5315adbaccfd894ed9e74b8e0d0eed88a81eaa07037cf8ada133c81fd
docker: **Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "exec: \"java\": executable file not found in $PATH": unknown.**
Related DockerFile:
FROM ubuntu
FROM openjdk
VOLUME /tmp
ADD /spring-boot-web-0.0.1-SNAPSHOT.jar myapp.jar
RUN sh -c 'touch /myapp.jar'
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/myapp.jar"]
Check with below sequence which works for me.
Build image using below command.
docker build -t demo-img .
DockerFile
FROM openjdk:8-jdk-alpine
VOLUME /tmp
COPY demo-0.0.1-SNAPSHOT.jar app.jar
ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
then run like below.
docker run --name demo-container -d -p 8080:8080 demo-img
Make sure you are running all these command from the directory in which DockerFile and jar is present.

How can I use a docker image for ATS?

I have some knowledge of using docker images. I found one for ATS at:
https://hub.docker.com/r/dockerhwxi/ats2/
But I do not know how to use it (as there is current no documentation). Could someone kindly help?
You can follow below Steps :
Install Docker (Ref : https://docs.docker.com/install/ )
docker pull dockerhwxi/ats2:v0.3.9
docker run -ti -v dockerhwxi/ats2:v0.3.9
Optionally, after docker installation you can clone below repository and run install.sh file
https://github.com/steinwaywhw/docker-ats
Step 1: Download the image:
docker pull dockerhwxi/ats2:v0.3.9
Step 2: Run the image (to produce a container of the name myproject):
docker run --name myproject -ti -v /path/to/myproject:/MyRoot/myproject dockerhwxi/ats2:v0.3.9
You can exit the container and restart it later:
docker start -ai myproject

Resources