[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: error running application using customized image stream



Hi.

Am 07.08.2018 um 16:23 schrieb dhanashree kulkarni brown-iposs eu:
>
> Hello thank you for taking a look. I checked the link you provided and tried
> to change my Dockerfile accordingly but it didn’t seem to work.
>
> So, I changed the Dockerfile to use a user called “ubuntu” and added this user
> to sudoers of container. Still I get the permission error.
>
> I added following lines in the Dockerfile:
>
>  
>
> RUN apt-get install -y libreoffice --no-install-recommends
>
>
>  
>
> RUN apt-get install -y sudo && adduser ubuntu && echo "ubuntu ALL=(root)
> NOPASSWD:ALL" > /etc/sudoers.d/ubuntu && chmod 4755 /etc/sudoers.d/ubuntu
>
>
> RUN su - ubuntu
>
>  
>
> Is it advisable to change default setting of openshift to use anyuser?
>

Not it's not a good Idea.
The main problem is that the https://github.com/openmeetings/openmeetings-docker
isn't prepared to run as non root user which is in general not a good idea.

You can see this in this lines
https://github.com/openmeetings/openmeetings-docker/blob/master/Dockerfile#L30
ENV work /root/work

https://github.com/openmeetings/openmeetings-docker/blob/master/scripts/om.sh#L15-L17

I suggest to change the Dockerfile and the om.sh according to the suggestion
from Anton in the keycloak dockerfile.

https://github.com/jboss-dockerfiles/keycloak/blob/master/server-openshift/Dockerfile#L9-L16

As at Buildtime can you run some tasks as root like yum install but at runtime not.

You can change the work to let's say /data/om and do all the work there.
At runtime just call '${TOMCAT_PATH}/bin/catalina.sh run'

Regards
aleks

> Best Regards,
>
> Dhanashree Kulkarni
>
>  
>
> brown-iposs GmbH
>
> Friedrich-Breuer-Straße 120
>
> 53225 Bonn
>
> Germany
>
>  
>
> Fon   +49 (0) 228 299 799 80
>
> Fax   +49 (0) 228 299 799 84
>
> mailto:birgit bachmann brown-iposs eu
>
> www.brown-iposs.eu <http://www.brown-iposs.eu/>
>
> www.facebook.com/browniposs <http://www.facebook.com/browniposs>
>
> www.facebook.com/wimap4g <http://www.facebook.com/wimap4g>
>
>  
>
> Directors: Dr. Bernd Schröder, Karsten Schmeling
>
> Trade register: 14385, Country court Bonn
>
> VAT-ID: DE814670174
>
>  
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
> Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
> erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie
> diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail
> ist nicht gestattet.
>
>  
>
> This e-mail may contain confidential and/or privileged information. If you are
> not the intended recipient (or have received this e-mail in error) please
> notify the sender immediately and destroy this e-mail. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is strictly
> forbidden.
>
>  
>
> *Von:*kurrent93 gmail com [mailto:kurrent93 gmail com] *Im Auftrag von *Anton
> Hughes
> *Gesendet:* Tuesday, August 07, 2018 1:12 PM
> *An:* dhanashree kulkarni brown-iposs eu
> *Cc:* users lists openshift redhat com
> *Betreff:* Re: error running application using customized image stream
>
>  
>
> By default OpenShift doesnt allow containers to run using root user.
>
>  
>
> Take a look
> at https://github.com/jboss-dockerfiles/keycloak/blob/master/server-openshift/Dockerfile#L9-L16
> for an example of giving the permissions and setting a non-root user.
>
>  
>
> On 7 August 2018 at 21:38, <dhanashree kulkarni brown-iposs eu
> <mailto:dhanashree kulkarni brown-iposs eu>> wrote:
>
>     Hello,
>
>     My name is Dhanashree Kulkarni. I have installed OpenShift Origin all in
>     one in a Centos 7 VM running on Proxmox VE.
>
>     I have built a Docker image using a Dockerfile, and created an image
>     stream using that Docker image and tagged and pushed it in the Docker
>     registry inside OpenShift. Now when I want to run the application using
>     this created image stream, it gives me permission error.
>
>     I want to run Apache Openmeetings application inside OpenShift. For that I
>     have used the Dockerfile created by Maxim Solodovnik
>     (https://github.com/openmeetings/openmeetings-docker). The ENTRYPOINT in
>     the Dockerfile seems to create this error.
>
>     **Steps Followed:**
>
>      
>
>     git clone https://github.com/dhanugithub/openmeetings-docker.git
>
>     cd openmeetings-docker
>
>     ls
>
>     docker build -t om-server .
>
>     docker images
>
>     docker login -u openshift –p <TOKEN from web console>
>     docker-registry-default.apps.x.x.x.x.nip.io
>     <http://docker-registry-default.apps.x.x.x.x.nip.io>
>
>     oc create is om-server -n mec
>
>     docker tag om-server
>     docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest
>     <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest>
>
>     docker push
>     docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest
>     <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest>
>
>      
>
>     I am attaching the error log which I get after deploying the application.
>
>     If anyone can suggest some corrections, that would be great.
>
>     Thank you.
>
>      
>
>      
>
>     Best Regards,
>
>     Dhanashree Kulkarni
>
>      
>
>     brown-iposs GmbH
>
>     Friedrich-Breuer-Straße 120
>
>     53225 Bonn
>
>     Germany
>
>      
>
>     Fon   +49 (0) 228 299 799 80
>
>     Fax   +49 (0) 228 299 799 84
>
>     mailto:birgit bachmann brown-iposs eu
>
>     www.brown-iposs.eu <http://www.brown-iposs.eu/>
>
>     www.facebook.com/browniposs <http://www.facebook.com/browniposs>
>
>     www.facebook.com/wimap4g <http://www.facebook.com/wimap4g>
>
>      
>
>     Directors: Dr. Bernd Schröder, Karsten Schmeling
>
>     Trade register: 14385, Country court Bonn
>
>     VAT-ID: DE814670174
>
>      
>
>     Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
>     Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
>     irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
>     vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
>     Weitergabe dieser Mail ist nicht gestattet.
>
>      
>
>     This e-mail may contain confidential and/or privileged information. If you
>     are not the intended recipient (or have received this e-mail in error)
>     please notify the sender immediately and destroy this e-mail. Any
>     unauthorised copying, disclosure or distribution of the material in this
>     e-mail is strictly forbidden.
>
>      
>
>
>     _______________________________________________
>     users mailing list
>     users lists openshift redhat com <mailto:users lists openshift redhat com>
>     http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
>  
>
>
>
> _______________________________________________
> users mailing list
> users lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]