Hi. Am 07.08.2018 um 16:23 schrieb [email protected]: > > Hello thank you for taking a look. I checked the link you provided and tried > to change my Dockerfile accordingly but it didn’t seem to work. > > So, I changed the Dockerfile to use a user called “ubuntu” and added this user > to sudoers of container. Still I get the permission error. > > I added following lines in the Dockerfile: > > > > RUN apt-get install -y libreoffice --no-install-recommends > > > > > RUN apt-get install -y sudo && adduser ubuntu && echo "ubuntu ALL=(root) > NOPASSWD:ALL" > /etc/sudoers.d/ubuntu && chmod 4755 /etc/sudoers.d/ubuntu > > > RUN su - ubuntu > > > > Is it advisable to change default setting of openshift to use anyuser? >
Not it's not a good Idea. The main problem is that the https://github.com/openmeetings/openmeetings-docker isn't prepared to run as non root user which is in general not a good idea. You can see this in this lines https://github.com/openmeetings/openmeetings-docker/blob/master/Dockerfile#L30 ENV work /root/work https://github.com/openmeetings/openmeetings-docker/blob/master/scripts/om.sh#L15-L17 I suggest to change the Dockerfile and the om.sh according to the suggestion from Anton in the keycloak dockerfile. https://github.com/jboss-dockerfiles/keycloak/blob/master/server-openshift/Dockerfile#L9-L16 As at Buildtime can you run some tasks as root like yum install but at runtime not. You can change the work to let's say /data/om and do all the work there. At runtime just call '${TOMCAT_PATH}/bin/catalina.sh run' Regards aleks > Best Regards, > > Dhanashree Kulkarni > > > > brown-iposs GmbH > > Friedrich-Breuer-Straße 120 > > 53225 Bonn > > Germany > > > > Fon +49 (0) 228 299 799 80 > > Fax +49 (0) 228 299 799 84 > > mailto:[email protected] > > www.brown-iposs.eu <http://www.brown-iposs.eu/> > > www.facebook.com/browniposs <http://www.facebook.com/browniposs> > > www.facebook.com/wimap4g <http://www.facebook.com/wimap4g> > > > > Directors: Dr. Bernd Schröder, Karsten Schmeling > > Trade register: 14385, Country court Bonn > > VAT-ID: DE814670174 > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. > Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich > erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie > diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail > ist nicht gestattet. > > > > This e-mail may contain confidential and/or privileged information. If you are > not the intended recipient (or have received this e-mail in error) please > notify the sender immediately and destroy this e-mail. Any unauthorised > copying, disclosure or distribution of the material in this e-mail is strictly > forbidden. > > > > *Von:*[email protected] [mailto:[email protected]] *Im Auftrag von *Anton > Hughes > *Gesendet:* Tuesday, August 07, 2018 1:12 PM > *An:* [email protected] > *Cc:* [email protected] > *Betreff:* Re: error running application using customized image stream > > > > By default OpenShift doesnt allow containers to run using root user. > > > > Take a look > at > https://github.com/jboss-dockerfiles/keycloak/blob/master/server-openshift/Dockerfile#L9-L16 > for an example of giving the permissions and setting a non-root user. > > > > On 7 August 2018 at 21:38, <[email protected] > <mailto:[email protected]>> wrote: > > Hello, > > My name is Dhanashree Kulkarni. I have installed OpenShift Origin all in > one in a Centos 7 VM running on Proxmox VE. > > I have built a Docker image using a Dockerfile, and created an image > stream using that Docker image and tagged and pushed it in the Docker > registry inside OpenShift. Now when I want to run the application using > this created image stream, it gives me permission error. > > I want to run Apache Openmeetings application inside OpenShift. For that I > have used the Dockerfile created by Maxim Solodovnik > (https://github.com/openmeetings/openmeetings-docker). The ENTRYPOINT in > the Dockerfile seems to create this error. > > **Steps Followed:** > > > > git clone https://github.com/dhanugithub/openmeetings-docker.git > > cd openmeetings-docker > > ls > > docker build -t om-server . > > docker images > > docker login -u openshift –p <TOKEN from web console> > docker-registry-default.apps.x.x.x.x.nip.io > <http://docker-registry-default.apps.x.x.x.x.nip.io> > > oc create is om-server -n mec > > docker tag om-server > docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest > <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest> > > docker push > docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest > <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest> > > > > I am attaching the error log which I get after deploying the application. > > If anyone can suggest some corrections, that would be great. > > Thank you. > > > > > > Best Regards, > > Dhanashree Kulkarni > > > > brown-iposs GmbH > > Friedrich-Breuer-Straße 120 > > 53225 Bonn > > Germany > > > > Fon +49 (0) 228 299 799 80 > > Fax +49 (0) 228 299 799 84 > > mailto:[email protected] > > www.brown-iposs.eu <http://www.brown-iposs.eu/> > > www.facebook.com/browniposs <http://www.facebook.com/browniposs> > > www.facebook.com/wimap4g <http://www.facebook.com/wimap4g> > > > > Directors: Dr. Bernd Schröder, Karsten Schmeling > > Trade register: 14385, Country court Bonn > > VAT-ID: DE814670174 > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail > irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail ist nicht gestattet. > > > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorised copying, disclosure or distribution of the material in this > e-mail is strictly forbidden. > > > > > _______________________________________________ > users mailing list > [email protected] <mailto:[email protected]> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
