freeznet commented on a change in pull request #13376:
URL: https://github.com/apache/pulsar/pull/13376#discussion_r773544439
##########
File path: tests/docker-images/latest-version-image/Dockerfile
##########
@@ -55,6 +56,16 @@ FROM apachepulsar/pulsar-all:latest as pulsar-all
########################################
FROM apachepulsar/pulsar:latest
+# Switch to run as the root user to simplify building container and then
running
+# supervisord. Each of the pulsar components are spawned by supervisord and
their
+# process configuration files specify that the process will be run with UID
10000.
+# However, any processes exec'ing into the containers will run as root, by
default.
+USER root
+
+# We need to define the user in order for supervisord to work correctly
+# We don't need a user defined in the public docker image, though.
Review comment:
Could you please show more context about why we don't need a user
defined for the public image? Since the test image here is from pulsar image,
and they both using UID 10000 here, why not add the user in the public image?
##########
File path: docker/pulsar/Dockerfile
##########
@@ -69,4 +83,8 @@ ENV PULSAR_ROOT_LOGGER=INFO,CONSOLE
COPY --from=pulsar /pulsar /pulsar
WORKDIR /pulsar
-RUN /pulsar/bin/install-pulsar-client.sh
\ No newline at end of file
+# This script is intentionally run as the root user to make the dependencies
available for all UIDs.
+RUN /pulsar/bin/install-pulsar-client.sh
+
+# The UID must be non-zero. Otherwise, it is arbitrary. No logic should rely
on its specific value.
+USER 10000
Review comment:
What is the best practices to debug the system when the container is in
non-root mode?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
