Hi John, Thanks for the fast reply.
"Running a container with an arbitrary user ID also has the benefit of ensuring that a process which is able to escape the container due to a vulnerability in the container framework will not have specific user permissions on the host system." The permissions on the server.xml in the container are: -rw-------. 1 root root. Here is a permission error in OpenShift. How would you change these permissions to make it "world writable"? Isn't it unsave to make it "world writable"? Thanks From: [email protected] To: [email protected]; [email protected] Subject: Re: Errors: container "x" in pod/x-1-8vhpi is crash-looping Date: Thu, 25 Feb 2016 10:58:13 +0000 Lorenz, The issue is not that the image is coming from a specific repo, but rather the image itself is not fine tuned for use within openshift. CrashLoop indicates the container was able to start, but then crashed, and subsequent restarts are resulting in the same. In general your permissions are not set properly for this container to run inside of openshift. I suggest modifying those permissions to being world writable. For additional information take a look at Support Arbitrary User ID's portion of this documentation -- John Skarbek On February 25, 2016 at 05:22:21, Lorenz Vanthillo ([email protected]) wrote: I'm on Origin 1.1.3 I've pulled an image from a private registry (insecure: self-signed certs + basic authentication). docker pull ec2-xxx:5000/image:2.3 The image is on my node. I create a project where a will run an instance of this image: $ oc new-project image $ oc new-app --insecure-registry ec2-xxx:5000/image:2.3 W0225 09:55:55.322035 6777 pipeline.go:154] Could not find an image stream match for "ec2xxx:5000/image:2.3". Make sure that a Docker image with that tag is available on the node for the deployment to succeed. --> Found Docker image 51e260c (20 hours old) from ec2-xxx:5000 for "ec2-xxx:5000/image:2.3" * This image will be deployed in deployment config "image" * Port 8080/tcp will be load balanced by service "image" * Other containers can access this service through the hostname "image" * WARNING: Image "image" runs as the 'root' user which may not be permitted by your cluster administrator --> Creating resources with label app=image ... deploymentconfig "image" created service "image" created --> Success Run 'oc status' to view your app. oc status shows me: Errors: * container "image" in pod/image-1-3J24 is crash-looping Is it because there is no image-stream for this image at the moment? I've did already the same steps with another image from the same registry and it did not went in a loop. The logs of the container show: $ docker logs 457deef27b1 Feb 25, 2016 9:57:27 AM org.apache.catalina.startup. Catalina load WARNING: Unable to load server configuration from [/usr/local/tomcat/conf/server.xml] Feb 25, 2016 9:57:27 AM org.apache.catalina.startup.Catalina load WARNING: Permissions incorrect, read permission is not allowed on the file. Feb 25, 2016 9:57:27 AM org.apache.catalina.startup.Catalina load WARNING: Unable to load server configuration from [/usr/local/tomcat/conf/server.xml] Feb 25, 2016 9:57:27 AM org.apache.catalina.startup.Catalina load WARNING: Permissions incorrect, read permission is not allowed on the file. Feb 25, 2016 9:57:27 AM org.apache.catalina.startup.Catalina start SEVERE: Cannot start server. Server instance is not configured. But when I just perform an 'docker run ec2-xxx:image:2.3' the container is running fine. So it's no issue with the container. 25-Feb-2016 10:16:44.047 INFO [localhost-startStop-1] xxx has finished in 41 ms 25-Feb-2016 10:16:44.056 INFO [main] xxx 25-Feb-2016 10:16:44.062 INFO [main] xxx 25-Feb-2016 10:16:44.064 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 13824 ms _______________________________________________ users mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openshift.redhat.com_openshiftmm_listinfo_users&d=CwICAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=8IlWeJZqFtf8Tvx1PDV9NsLfM_M0oNfzEXXNp-tpx74&m=HHhWXrx0bumM_yqZ6f4wecTofvnXLn09S6iTTCb1wEE&s=dZNG1Ur0Iu7DWNi8m2O91SdIGxsW96hU1SCIuacY4O0&e=
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
