Hi folks, I'm trying out OKD to install and manage a suite of microservices and running into a weird problem while trying to create a container from a docker image.
To provide some details about the docker image I'm using, this image
creates a user and a group in the beginning and does all operations as this
user instead of root. So something like:
FROM ubuntu:18.04
RUN groupadd shire && \
useradd --create-home -g shire frodo
...
USER frodo
RUN pip3 install -U --user --no-cache-dir Pyro4 supervisor==4.0.3
It then uses a utility called "supervisor" to start and maintain multiple
processes. So for the docker container the last few lines look like:
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["supervisord -c /etc/supervisor/conf.d/supervisord.conf"]
I've run this image manually on a cloud instance and it runs without
problems.
Now when I run it on OKD, the container is started with a user that is
different from the one defined by the docker image (as far as I can tell
because when I log into the pod, the user is reported as "1000280000"). The
"supervisor" process is started by this user and hence it is not able to
execute the "pyro4-ns" command which is installed in the path
"/home/frodo/.local/bin/". In the docker container logs I see the following
lines:
2020-01-31 17:00:06,883 INFO supervisord started with pid 1
2020-01-31 17:00:07,885 INFO spawnerr: no permission to run command
'/home/frodo/.local/bin/pyro4-ns'
2020-01-31 17:00:08,886 INFO spawnerr: no permission to run command
'/home/frodo/.local/bin/pyro4-ns'
2020-01-31 17:00:13,894 INFO gave up: pyro-ns entered FATAL state, too many
start retries too quickly
Is there a way to instruct OKD to start the container as a different user?
Or is my understanding incorrect. I'm running the image by pulling the
image through the deployment flow on OKD web console. I'm attaching the
full sample Dockerfile and the supervisord.conf with the message.
Appreciate any help on this issue.
Best,
--
Nishant.
Dockerfile
Description: Binary data
supervisord.conf
Description: Binary data
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
