search

ibm-messaging / mq-dev-badge-sample

Sample code of the MQ developer essentials badge
Apache License 2.0
13 stars 37 forks source link

Unable to build docker image #5

Closed mircomarahrens closed 5 years ago

mircomarahrens commented 5 years ago

Running docker build . -t mqbadge:latest from the command prompt on Windows 10 EE leads to the output

[...]/mq-dev-badge-sample\DockerFiles>docker build . -t mqbadge:latest Sending build context to Docker daemon 19.97kB Step 1/7 : FROM ibmcom/mq:latest ---> 53bef00f4486 Step 2/7 : COPY GenerateEvents.jar /data/GenerateEvents.jar ---> Using cache ---> 57ac5d370261 Step 3/7 : COPY startApp.sh /data/startApp.sh ---> Using cache ---> 63ea67f54eda Step 4/7 : COPY 20-config.mqsc /etc/mqm/ ---> Using cache ---> fe0f7eb67f0e Step 5/7 : RUN echo app:passw0rd | chpasswd ---> Running in ed924a8c6cc2 chpasswd: (user app) pam_chauthtok() failed, error: Authentication token manipulation error chpasswd: (line 1, user app) password not changed Changing password for app. The command '/bin/sh -c echo app:passw0rd | chpasswd' returned a non-zero code: 1

Any workarounds?

chughts commented 5 years ago

This is odd as the command is running in the Docker image, but try modifying line 19 of the DockerFile from

echo 'user:passw0rd' | chpasswd

to

echo 'user:passw0rd' | sudo chpasswd
mircomarahrens commented 5 years ago

This leads to

[...] Step 5/7 : RUN echo app:passw0rd | sudo chpasswd ---> Running in a8b9ed50a9a2 Removing intermediate container a8b9ed50a9a2 ---> 91014e41df40 Step 6/7 : RUN chmod a+x /data/startApp.sh ---> Running in 99f84729bb75 chmod: changing permissions of '/data/startApp.sh': Operation not permitted The command '/bin/sh -c chmod a+x /data/startApp.sh' returned a non-zero code: 1

chughts commented 5 years ago

I am thinking that the base linux image has been updated to be more locked down.

Try changing that line to 

RUN sudo chmod a+x /data/startApp.sh
mircomarahrens commented 5 years ago

This was also my next guess:

[...] Step 5/7 : RUN echo app:passw0rd | sudo chpasswd ---> Using cache ---> 91014e41df40 Step 6/7 : RUN sudo chmod a+x /data/startApp.sh ---> Running in 31317010cbdf sudo: no tty present and no askpass program specified The command '/bin/sh -c sudo chmod a+x /data/startApp.sh' returned a non-zero code: 1

Switching to an older version by changing

FROM ibmcom/mq:latest

to

FROM ibmcom/mq:9.0.5.0

solved the issue. I am not sure if this will work for the followup tasks but for now its working.

mircomarahrens commented 5 years ago

Doing so is leading to 

docker run -e LICENSE=accept -e MQ_QMGR_NAME=QM1 -e LOG_FORMAT=json -p 1414:1414 -p 9443:9443 mqbadge:latest
standard_init_linux.go:207: exec user process caused "no such file or directory"

in the next step. Here also the output of docker version in my command prompt:

Client: Docker Engine - Community
 Version:           18.09.2
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        6247962
 Built:             Sun Feb 10 04:12:31 2019
 OS/Arch:           windows/amd64
 Experimental:      false

 Server: Docker Engine - Community
 Engine:
  Version:          18.09.2
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       6247962
  Built:            Sun Feb 10 04:13:06 2019
  OS/Arch:          linux/amd64
  Experimental:     false

I will try to adapt the ibmcom/mq by changing the base linux image.

mircomarahrens commented 5 years ago

I switched to version 9.1.1.0 and could build the image. Before building I had to run dos2unix startApp.sh since I worked under the debian wsl. Starting the container then led to the expected result.

KalemaEdgar commented 4 years ago

Using version 9.1.1.0 instead of the latest totally fixes all the issues relating to users missing in the container or rights to change permissions

chughts commented 4 years ago

From 9.1.5 the container does not use OS based users or groups. Instead a file based system is being used. This is so that when you roll-out the container into production you can switch to an LDAP based system.

The 9.1.5 container uses htpasswd, with the relevant file in /etc/mqm/

For development, if you are not going to create new users, then you can use the 9.1.5 container. If you want to create new users, then you can use 9.1.4 or earlier, or use htpasswd with bcrypt to create the users or wait until there is documentation on how to create news users in the container with htpasswd and bcrypt.