michaeljmarshall commented on a change in pull request #13376:
URL: https://github.com/apache/pulsar/pull/13376#discussion_r773579601
##########
File path: tests/docker-images/latest-version-image/Dockerfile
##########
@@ -55,6 +56,16 @@ FROM apachepulsar/pulsar-all:latest as pulsar-all
########################################
FROM apachepulsar/pulsar:latest
+# Switch to run as the root user to simplify building container and then
running
+# supervisord. Each of the pulsar components are spawned by supervisord and
their
+# process configuration files specify that the process will be run with UID
10000.
+# However, any processes exec'ing into the containers will run as root, by
default.
+USER root
+
+# We need to define the user in order for supervisord to work correctly
+# We don't need a user defined in the public docker image, though.
Review comment:
The UID needs to be a defined user in order to work with supervisord.
Before I defined the user, the tests failed with this error:
```
Error: Invalid user id 10000 in section 'program:bookie' (file:
'/etc/supervisord/conf.d/bookie.conf')
```
The public docker image does not need the user defined because we don't use
supervisord to run the different pulsar processes. Further, when the docker
image is used in OpenShift, it will receive a random UID that is guaranteed to
be a member of the root group. My design here is similar. I don't think we
should name the pulsar user because we don't want any logic tied to the UID.
For reference, all bitnami docker images behave this way. They are well known
for making non-root docker images. Here is one of their blogs that I consulted
while preparing this change:
https://engineering.bitnami.com/articles/running-non-root-containers-on-openshift.html.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
