Thank you so much. It worked. I changed work directory in Dockerfile and just appended 'sudo' before chown in om_install.sh and om.sh. I was struggling for this since 1 week. Now I can move ahead. Although the application is still not working but I am happy that permission error is gone. I will now look into why application isn't working. I will post again in case further query. Thank you again.
Best Regards, Dhanashree Kulkarni brown-iposs GmbH Friedrich-Breuer-Straße 120 53225 Bonn Germany Fon +49 (0) 228 299 799 80 Fax +49 (0) 228 299 799 84 mailto:[email protected] www.brown-iposs.eu www.facebook.com/browniposs www.facebook.com/wimap4g Directors: Dr. Bernd Schröder, Karsten Schmeling Trade register: 14385, Country court Bonn VAT-ID: DE814670174 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -----Ursprüngliche Nachricht----- Von: Aleksandar Lazic [mailto:[email protected]] Gesendet: Tuesday, August 07, 2018 6:06 PM An: [email protected]; 'Anton Hughes' <[email protected]> Cc: [email protected] Betreff: Re: error running application using customized image stream Hi. Am 07.08.2018 um 16:23 schrieb [email protected]: > > Hello thank you for taking a look. I checked the link you provided and > tried to change my Dockerfile accordingly but it didn’t seem to work. > > So, I changed the Dockerfile to use a user called “ubuntu” and added > this user to sudoers of container. Still I get the permission error. > > I added following lines in the Dockerfile: > > > > RUN apt-get install -y libreoffice --no-install-recommends > > > > > RUN apt-get install -y sudo && adduser ubuntu && echo "ubuntu > ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu && chmod 4755 > /etc/sudoers.d/ubuntu > > > RUN su - ubuntu > > > > Is it advisable to change default setting of openshift to use anyuser? > Not it's not a good Idea. The main problem is that the https://github.com/openmeetings/openmeetings-docker isn't prepared to run as non root user which is in general not a good idea. You can see this in this lines https://github.com/openmeetings/openmeetings-docker/blob/master/Dockerfile#L30 ENV work /root/work https://github.com/openmeetings/openmeetings-docker/blob/master/scripts/om.sh#L15-L17 I suggest to change the Dockerfile and the om.sh according to the suggestion from Anton in the keycloak dockerfile. https://github.com/jboss-dockerfiles/keycloak/blob/master/server-openshift/Dockerfile#L9-L16 As at Buildtime can you run some tasks as root like yum install but at runtime not. You can change the work to let's say /data/om and do all the work there. At runtime just call '${TOMCAT_PATH}/bin/catalina.sh run' Regards aleks > Best Regards, > > Dhanashree Kulkarni > > > > brown-iposs GmbH > > Friedrich-Breuer-Straße 120 > > 53225 Bonn > > Germany > > > > Fon +49 (0) 228 299 799 80 > > Fax +49 (0) 228 299 799 84 > > mailto:[email protected] > > www.brown-iposs.eu <http://www.brown-iposs.eu/> > > www.facebook.com/browniposs <http://www.facebook.com/browniposs> > > www.facebook.com/wimap4g <http://www.facebook.com/wimap4g> > > > > Directors: Dr. Bernd Schröder, Karsten Schmeling > > Trade register: 14385, Country court Bonn > > VAT-ID: DE814670174 > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. > Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich > erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail ist nicht gestattet. > > > > This e-mail may contain confidential and/or privileged information. If > you are not the intended recipient (or have received this e-mail in > error) please notify the sender immediately and destroy this e-mail. > Any unauthorised copying, disclosure or distribution of the material > in this e-mail is strictly forbidden. > > > > *Von:*[email protected] [mailto:[email protected]] *Im Auftrag von > *Anton Hughes > *Gesendet:* Tuesday, August 07, 2018 1:12 PM > *An:* [email protected] > *Cc:* [email protected] > *Betreff:* Re: error running application using customized image stream > > > > By default OpenShift doesnt allow containers to run using root user. > > > > Take a look > at > https://github.com/jboss-dockerfiles/keycloak/blob/master/server-opens > hift/Dockerfile#L9-L16 for an example of giving the permissions and > setting a non-root user. > > > > On 7 August 2018 at 21:38, <[email protected] > <mailto:[email protected]>> wrote: > > Hello, > > My name is Dhanashree Kulkarni. I have installed OpenShift Origin all in > one in a Centos 7 VM running on Proxmox VE. > > I have built a Docker image using a Dockerfile, and created an image > stream using that Docker image and tagged and pushed it in the Docker > registry inside OpenShift. Now when I want to run the application using > this created image stream, it gives me permission error. > > I want to run Apache Openmeetings application inside OpenShift. For that I > have used the Dockerfile created by Maxim Solodovnik > (https://github.com/openmeetings/openmeetings-docker). The ENTRYPOINT in > the Dockerfile seems to create this error. > > **Steps Followed:** > > > > git clone https://github.com/dhanugithub/openmeetings-docker.git > > cd openmeetings-docker > > ls > > docker build -t om-server . > > docker images > > docker login -u openshift –p <TOKEN from web console> > docker-registry-default.apps.x.x.x.x.nip.io > <http://docker-registry-default.apps.x.x.x.x.nip.io> > > oc create is om-server -n mec > > docker tag om-server > docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest > > <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:late > st> > > docker push > docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest > > <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:late > st> > > > > I am attaching the error log which I get after deploying the application. > > If anyone can suggest some corrections, that would be great. > > Thank you. > > > > > > Best Regards, > > Dhanashree Kulkarni > > > > brown-iposs GmbH > > Friedrich-Breuer-Straße 120 > > 53225 Bonn > > Germany > > > > Fon +49 (0) 228 299 799 80 > > Fax +49 (0) 228 299 799 84 > > mailto:[email protected] > > www.brown-iposs.eu <http://www.brown-iposs.eu/> > > www.facebook.com/browniposs <http://www.facebook.com/browniposs> > > www.facebook.com/wimap4g <http://www.facebook.com/wimap4g> > > > > Directors: Dr. Bernd Schröder, Karsten Schmeling > > Trade register: 14385, Country court Bonn > > VAT-ID: DE814670174 > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail > irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail ist nicht gestattet. > > > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorised copying, disclosure or distribution of the material in this > e-mail is strictly forbidden. > > > > > _______________________________________________ > users mailing list > [email protected] <mailto:[email protected]> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
