search

hobbit-project / platform

HOBBIT benchmarking platform
GNU General Public License v2.0
23 stars 9 forks source link

New jetty image causes user permission error #129

Closed MichaelRoeder closed 6 years ago

MichaelRoeder commented 7 years ago

Problem

When building the GUI Docker container, the latest Docker image jetty:9.3-jre8 causes the build to fail with

Building gui
Step 1/3 : FROM jetty:9.3-jre8
9.3-jre8: Pulling from library/jetty
219d2e45b4af: Already exists
ef9ce992ffe4: Already exists
d0df8518230c: Already exists
63678957352b: Pull complete
929e9da71fa4: Pull complete
96ef2abace74: Pull complete
ee465bb23abd: Pull complete
7389ed23519a: Pull complete
a4d3f36522be: Pull complete
607d0c7d995e: Pull complete
4acb86e187cd: Pull complete
88030cd922e7: Pull complete
35994b010068: Pull complete
31d143566132: Pull complete
7c28fd11d85e: Pull complete
Digest: sha256:7c5e6c84bb74d796d19f2ab2238a0774e79c12d4c3f980e9fff170c248f2f7dc
Status: Downloaded newer image for jetty:9.3-jre8
 ---> 152998bc3f47
Step 2/3 : RUN cd $JETTY_HOME &&  curl -O http://hobbitdata.informatik.uni-leipzig.de/hobbit/keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip &&  unzip keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip  &&  rm -f keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip  &&  cd $JETTY_BASE &&  java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak
 ---> Running in e4b2d8e91604
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Warning: Failed to create the file 
Warning: keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip: Permission 
Warning: denied
  0 5866k    0 10136    0     0   101k      0  0:00:57 --:--:--  0:00:57  103k
curl: (23) Failed writing body (0 != 10136)
ERROR: Service 'gui' failed to build: The command '/bin/sh -c cd $JETTY_HOME &&  curl -O http://hobbitdata.informatik.uni-leipzig.de/hobbit/keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip &&  unzip keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip  &&  rm -f keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip  &&  cd $JETTY_BASE &&  java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak' returned a non-zero code: 23

Reproduction

The problem can be easily reproduced. Start a jetty container using

docker run -it jetty:9.3-jre8

(docker run -d jetty:9.3-jre8 might also be possible)

Start a bash inside the newly created container and attach to it (a7f has to be replaced with the container hash)

sudo docker exec -it a7f bash

Navigate to the directory to which the data should have been downloaded and try to download it manually

jetty@a7fc13937ab8:/var/lib/jetty$ cd $JETTY_HOME
jetty@a7fc13937ab8:/usr/local/jetty$ curl -O http://hobbitdata.informatik.uni-leipzig.de/hobbit/keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Warning: Failed to create the file 
Warning: keycloak-jetty93-adapter-for-hobbit-dist-2.4.0.Final.zip: Permission 
Warning: denied

The user jetty does not have the rights to create a file in the /usr/local/jetty directory. Checking the ownership of the directory supports this observation.

jetty@a7fc13937ab8:/usr/local$ ls -lh
total 36K
drwxrwsr-x 1 root staff 4.0K Sep 14 04:21 bin
drwxrwsr-x 2 root staff 4.0K Sep  7 00:00 etc
drwxrwsr-x 2 root staff 4.0K Sep  7 00:00 games
drwxrwsr-x 2 root staff 4.0K Sep  7 00:00 include
drwxr-sr-x 1 root staff 4.0K Sep 29 18:32 jetty
drwxrwsr-x 2 root staff 4.0K Sep  7 00:00 lib
lrwxrwxrwx 1 root staff    9 Sep  7 00:00 man -> share/man
drwxrwsr-x 2 root staff 4.0K Sep  7 00:00 sbin
drwxrwsr-x 1 root staff 4.0K Sep 14 04:22 share
drwxrwsr-x 2 root staff 4.0K Sep  7 00:00 src

It can be seen that the root user owns the directory and only the root user is allowed to write to it.

MichaelRoeder commented 7 years ago

Workaround

docker pull jetty:9.3.20-jre8
docker tag jetty:9.3.20-jre8 jetty:9.3-jre8

solves the problem by using an older version.

Lowered the priority of the bug since a workaround is known.

yamalight commented 7 years ago

@MichaelRoeder why are you using $JETTY_HOME? according to docker image docs, all apps should be added to /var/lib/jetty/webapps - have you tried that? might be that all but that folder is restricted in new versions

MichaelRoeder commented 7 years ago

I haven't created that image :smile: @romankorf @Ennosigaeon So it sounds like our usage of the base image is simply wrong and can be fixed easily.

Thanks @yamalight

denkv commented 6 years ago

Looks like it works if we just use $JETTY_BASE instead: https://github.com/hobbit-project/platform/compare/develop...feature/jetty9.x

MichaelRoeder commented 6 years ago

The solution of @denkv is working. Merged it into develop.

smirnp commented 6 years ago

Could you please describe the solution again?

denkv commented 6 years ago

That was it: https://github.com/hobbit-project/platform/commit/aeafa83f7662e91a036cec1c83c08c45facef08a

smirnp commented 6 years ago

It works. Thank you!