Open MaxiReglisse opened 3 years ago
MaxiReglisse
commented
3 years ago problem solved, or at least workaround: just assign the share folder to user 999:999, which is the user of the geonetwork container which provides the jetty service (replacing tomcat).
MaxiReglisse
commented
2 years ago 999 is used by systemd-coredump in Debian... would it be possible to consider a solution like that proposed by Unify? Unifi user fixed at UID=999
MaxiReglisse
commented
2 years ago Following Bdruemen's suggestion, jenkins-docker-uid-from-volume/Dockerfile I tried to change the uid and gid of user jenkins ...
I added the following lines in the Dockerfile of GeoNetwork, so that you can use docker user (1001,100) instead of user jetty (999,999).
USER root
RUN useradd -rm -d /home/docker -s /bin/bash -g users -u 1001 docker
# gosu installation
ADD https://github.com/tianon/gosu/releases/download/1.5/gosu-amd64 /usr/local/bin/gosu
# Change the group of the jetty user to users
# usermod -u 1001 jetty # does not work...
RUN chmod 755 /usr/local/bin/gosu
RUN usermod -g 100 jetty
RUN chown -R docker:users /var/lib/jetty /catalogue-data /tmp /usr/local/jetty
# tini installation
RUN apt-get update && apt-get install -y tini && apt-get clean && rm -rf /var/lib/apt/lists/*
COPY ./docker-entrypoint.sh /geonetwork-entrypoint.sh
ENTRYPOINT gosu docker /usr/bin/tini -- /geonetwork-entrypoint.sh
CMD ["java","-jar","/usr/local/jetty/start.jar"]
VOLUME [ "${DATA_DIR}" ]it deserves to work!
docker:~/docker-geonetwork/4.0.1 $ docker exec -it 401_geonetwork_1 grep docker /etc/passwd
docker:x:1001:100::/home/docker:/bin/bash
docker:~/docker-geonetwork/4.0.1 (mshe) $ docker exec -it 401_geonetwork_1 ls -l
total 36
drwxr-xr-x 2 docker users 4096 Jan 7 16:50 jcs_caching
-rw-r--r-- 1 docker users 2945 Jan 7 16:49 jetty.start
drwxr-xr-x 1 docker users 4096 Dec 22 14:13 lib
drwxr-xr-x 2 docker users 4096 Jan 7 16:50 logs
drwxr-xr-x 1 docker users 4096 Dec 22 14:13 resources
drwxr-xr-x 3 docker users 4096 Jan 7 16:50 src
drwxr-xr-x 1 docker users 4096 Dec 22 14:13 start.d
drwxr-xr-x 1 docker users 4096 Jan 7 16:44 webapps
docker:~/docker-geonetwork/4.0.1 (mshe) $ ls -ltr catalogue-data/
total 4
drwxr-xr-x 6 docker users 4096 janv. 7 17:50 resources/But this generates the following warnings
[WARN tini (8)] Tini is not running as PID 1 and isn't registered as a child subreaper.
Zombie processes will not be re-parented to Tini, so zombie reaping won't work.
To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.
********************************************************************
WARNING: User is docker
The user should be (re)set to 'jetty' in the Dockerfile
********************************************************************What do you think?
Another solution would have been to use fixuid but i couldn't ...
Thanks in advance.
kikislater
commented
2 years ago changing rights to jetty user and group works, so a chown in entrypoint is more appropriated IMO
In order to ensure data permanence, i am used to sharing data between containers and docker host. With version 3.10.3, I was sharing in particular /config, and the docker composition was working fine.
but with version 4.0.1 and 4.0.2, I encounter an error when I share /catalog-data ...
below is an extract from my docker-compose.yml:
The file pre.xsd does exist in the local folder, and it is fully read / write accessible.
any help would be appreciated.
Ernest.