[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Issue with running a docker container in OKD

Hi folks,

I'm trying out OKD to install and manage a suite of microservices and running into a weird problem while trying to create a container from a docker image.

To provide some details about the docker image I'm using, this image creates a user and a group in the beginning and does all operations as this user instead of root. So something like:

FROM ubuntu:18.04
RUN groupadd shire && \
      useradd --create-home -g shire frodo
USER frodo
RUN pip3 install -U --user --no-cache-dir Pyro4 supervisor==4.0.3

It then uses a utility called "supervisor" to start and maintain multiple processes. So for the docker container the last few lines look like:

COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["supervisord -c /etc/supervisor/conf.d/supervisord.conf"]

I've run this image manually on a cloud instance and it runs without problems.

Now when I run it on OKD, the container is started with a user that is different from the one defined by the docker image (as far as I can tell because when I log into the pod, the user is reported as "1000280000"). The "supervisor" process is started by this user and hence it is not able to execute the "pyro4-ns" command which is installed in the path "/home/frodo/.local/bin/". In the docker container logs I see the following lines:
2020-01-31 17:00:06,883 INFO supervisord started with pid 1
2020-01-31 17:00:07,885 INFO spawnerr: no permission to run command '/home/frodo/.local/bin/pyro4-ns'
2020-01-31 17:00:08,886 INFO spawnerr: no permission to run command '/home/frodo/.local/bin/pyro4-ns'
2020-01-31 17:00:13,894 INFO gave up: pyro-ns entered FATAL state, too many start retries too quickly

Is there a way to instruct OKD to start the container as a different user? Or is my understanding incorrect. I'm running the image by pulling the image through the deployment flow on OKD web console. I'm attaching the full sample Dockerfile and the supervisord.conf with the message.

Appreciate any help on this issue.


Attachment: Dockerfile
Description: Binary data

Attachment: supervisord.conf
Description: Binary data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]