Thanks Ben, I'll check this reference. our developers in the team will need to start a service once the container is up. But the systemd is only accessible for my image if it is run as root.
Maybe I can try adding this startup script into the docker file as well. I'll check both and let you know... Regards, AK On Fri, Dec 2, 2016 at 4:47 PM, Ben Parees <[email protected]> wrote: > > > On Fri, Dec 2, 2016 at 4:35 PM, Akshaya Khare <[email protected]> > wrote: > >> Hi again, >> >> I tried using the suggestions you guys gave but some how its still >> failing. >> On further analysis I understood that this is not actually the image >> which I created. >> >> Since I'm using source2image, the github source is being mapped on to my >> image which has root privileges. >> Now my image creates a build and then a new pod is spawned up using that >> build. >> >> Is there some other configuration within these steps which allows me to >> run the pod as a root user? >> Or these steps have nothing to do with the user issue i'm facing? >> > > you can control the user the pod runs as by setting the pod's security > context: > http://kubernetes.io/docs/api-reference/v1/definitions/#_v1_ > podsecuritycontext > > but it would be better to try to understand why your image needs to run as > root and change file/etc permissions so that it does not require that. > > > > >> >> Thanks, >> AK >> >> On Thu, Dec 1, 2016 at 6:31 PM, Srinivas Naga Kotaru (skotaru) < >> [email protected]> wrote: >> >>> I was thinking belwo are right steps as per my knowledge >>> >>> >>> >>> 1. Create a service account >>> >>> 2. Grant anyuid SCC to this service account >>> >>> 3. And add sercice account details to dc object >>> >>> >>> >>> >>> >>> I might be wrong but above steps in my mind. Even I would like to get >>> clarity on this topic what is the right approach to run a container using >>> anyuid priviligies >>> >>> >>> >>> >>> >>> -- >>> >>> *Srinivas Kotaru* >>> >>> >>> >>> *From: *<[email protected]> on behalf of Ben >>> Parees <[email protected]> >>> *Date: *Thursday, December 1, 2016 at 1:37 PM >>> *To: *Akshaya Khare <[email protected]>, Jordan Liggitt < >>> [email protected]> >>> *Cc: *users <[email protected]> >>> *Subject: *Re: oc new-app with root privileges >>> >>> >>> >>> >>> >>> >>> >>> On Thu, Dec 1, 2016 at 4:18 PM, Akshaya Khare <[email protected]> >>> wrote: >>> >>> Hi, >>> >>> >>> >>> I created my own image which can use s2i to use git urls for my internal >>> projects. >>> >>> >>> >>> The image has been created such that the systemd services will be >>> working, and in order to do that the image had to be created with root user. >>> >>> >>> >>> Now the container spawned from this image only works properly i spawn it >>> with the below command: >>> >>> >>> >>> *docker run -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -d my-image-name* >>> >>> >>> >>> The container works fine. >>> >>> >>> >>> Unfortunately, whenever I try to create the container from the openshift >>> ui, it creates the pod successfully but it doesn't have access to run it >>> since it doesn't run it as a root user. >>> >>> >>> >>> I tried to provide this command: >>> >>> >>> >>> *oadm policy add-scc-to-user anyuid -z project-name* >>> >>> >>> >>> But still the pod is created without the root user. >>> >>> >>> >>> Is there any way to run the pod with root user via both cli or ui? >>> >>> >>> >>> assuming your built image defaults to running as root, the adding >>> anyuid scc should be all you need to do for the image to run as that user, >>> as far as i know. >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> *Thanks & Regards,* >>> >>> *Akshaya Khare* >>> >>> *312-785-3508 <312-785-3508>* >>> >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >>> >>> >>> >>> -- >>> >>> Ben Parees | OpenShift >>> >> >> >> >> -- >> *Thanks & Regards,* >> *Akshaya Khare* >> *312-785-3508 <312-785-3508>* >> > > > > -- > Ben Parees | OpenShift > > -- *Thanks & Regards,* *Akshaya Khare* *312-785-3508*
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
