leo191 commented 2 years ago

Pingfederate docker image https://hub.docker.com/r/pingidentity/pingfederate:latest or any tag till 10.3.4-edge

Command: docker run --name pingfederate --publish 9999:9999 --detach -v ping.lic:/opt/out/instance/server/default/conf/pingfederate.lic --env SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity-server-profiles.git --env SERVER_PROFILE_PATH=getting-started/pingfederate --env PING_IDENTITY_ACCEPT_EULA=YES --env PING_IDENTITY_DEVOPS_USER --env PING_IDENTITY_DEVOPS_KEY --tmpfs /run/secrets pingidentity/pingfederate:10.3.4-edge

logs:

----- Starting hook: ./bootstrap.sh

Bootstrap

Using the default container user and group

Container user and group

user : ping (id: 9031)

group: root (id: 0)

----- Starting hook: /opt/entrypoint.sh Command: start-server Processing secrets in SECRETS_DIR (if any)... ################################################################################

Ping Identity DevOps Docker Image

IMAGE_VERSION: pingfederate-alpine_3.15-al11-10.3.4-211222-cdb6

IMAGE_GIT_REV: cdb69b339077198bc4f8ad6bb8ec637f28b18a86

STARTED: Thu Dec 23 16:04:04 UTC 2021

HOST_NAME: ca18553214a3

DOMAIN_NAME:

################################################################################ no local IN_DIR files (/opt/in) found.

----- Starting hook: /opt/staging/hooks/01-start-server.sh

----- Starting hook: /opt/staging/hooks/02-get-remote-server-profile.sh INFO: SERVER_PROFILE_URL not set, skipping

No previous state to compare.

----- Starting hook: /opt/staging/hooks/03-build-run-plan.sh ################################################################################

Run Plan Information

################################################################################ RUN_PLAN : START ################################################################################

----- Starting hook: /opt/staging/hooks/04-check-variables.sh ################################################################################ ################################################################################ ###################### WARNING - DEPRECATED VARIABLES ##########################

The following deprecated variables were found. These variables may be removed

in a future release.

                        DOLLAR : $

################################################################################

Docker Image Information

################################################################################ IMAGE_VERSION : pingfederate-alpine_3.15-al11-10.3.4-211222-cdb6 IMAGE_GIT_REV : cdb69b339077198bc4f8ad6bb8ec637f28b18a86 HOST_NAME : ca18553214a3 DOMAIN_NAME : --- empty --- ################################################################################

Directory Variables

################################################################################ BASE : /opt IN_DIR : /opt/in OUT_DIR : /opt/out SERVER_ROOT_DIR : /opt/staging STAGING_DIR : /opt/staging HOOKS_DIR : /opt/staging/hooks SERVER_PROFILE_DIR : /tmp/server-profile BAK_DIR : /opt/backup LOGS_DIR : /opt/logs SECRETS_DIR : /run/secrets LICENSE_DIR : /server/default/conf ################################################################################

File Variables

################################################################################ TOPOLOGY_FILE : /opt/staging/topology.json TAIL_LOG_FILES : /opt/out/instance/log/server.log COLORIZE_LOGS : true ################################################################################

Server Profile

################################################################################ SERVER_PROFILE_URL : REDACTED SERVER_PROFILE_BRANCH : --- empty --- SERVER_PROFILE_PATH : --- empty --- SERVER_PROFILE_UPDATE : false ################################################################################

Security Checks

################################################################################ SECRUITY_CHECKS_STRICT : --- empty --- SECURITY_CHECKS_FILENAME : .jwk .pin ################################################################################

DevOps User/Key

################################################################################ PING_IDENTITY_DEVOPS_USER : --- empty --- PING_IDENTITY_DEVOPS_KEY : REDACTED ################################################################################

License Key Info

################################################################################ LICENSE_FILE_NAME : pingfederate.lic LICENSE_SHORT_NAME : PF LICENSE_VERSION : 10.3 MUTE_LICENSE_VERIFICATION : true ################################################################################

Product Startup

################################################################################ STARTUP_COMMAND : /opt/out/instance/bin/run.sh STARTUP_FOREGROUND_OPTS : --- empty --- STARTUP_BACKGROUND_OPTS : --- empty --- VERBOSE : false PING_DEBUG : false CLEAN_STAGING_DIR : true ################################################################################

Orchestration Info

################################################################################ ORCHESTRATION_TYPE : --- empty --- ################################################################################

Ping Product Info

################################################################################ PING_PRODUCT : PingFederate LOCATION : Docker LDAP_PORT : 1389 LDAPS_PORT : 1636 HTTPS_PORT : 1443 JMX_PORT : 1689 USER_BASE_DN : dc=example,dc=com PD_ENGINE_PUBLIC_HOSTNAME : localhost PF_ADMIN_PUBLIC_HOSTNAME : localhost PF_ENGINE_PUBLIC_HOSTNAME : localhost PA_ADMIN_PUBLIC_HOSTNAME : localhost PA_ENGINE_PUBLIC_HOSTNAME : localhost PF_ADMIN_PUBLIC_BASEURL : https://localhost:9999 ROOT_USER_DN : cn=administrator ADDITIONAL_SETUP_ARGS : --- empty --- ################################################################################

JVM Details

################################################################################ MAX_HEAP_SIZE : 384m JVM_TUNING : AGGRESSIVE ################################################################################

----- Starting hook: /opt/staging/hooks/05-expand-templates.sh.pre ----- Starting hook: /opt/staging/hooks/05-expand-templates.sh expanding files... Processing templates Processing defaults d - ./instance/server/default/conf/tcp.xml.subst.default .. expanded d - ./instance/server/default/conf/log4j2.xml.subst.default .. expanded d - ./instance/bin/jvm-memory.options.subst.default .. expanded d - ./instance/bin/oauth2.properties.subst.default .. expanded d - ./instance/bin/ldap.properties.subst.default .. expanded d - ./instance/bin/oidc.properties.subst.default .. expanded d - ./instance/bin/run.properties.subst.default .. expanded

----- Starting hook: /opt/staging/hooks/06-copy-product-bits.sh Copying SERVER_BITS_DIR (/opt/server) to SERVER_ROOT_DIR (/opt/staging)

----- Starting hook: /opt/staging/hooks/07-apply-server-profile.sh merging /opt/staging/instance to /opt/staging

----- Starting hook: /opt/staging/hooks/09-build-motd.sh Successfully downloaded MOTD from https://raw.githubusercontent.com/pingidentity/pingidentity-devops-getting-started/master/motd/motd.json Current /etc/motd

################################################################################
                Ping Identity DevOps Docker Image

       Version: pingfederate-alpine_3.15-al11-10.3.4-211222-cdb6
   DevOps User:
      Hostname: ca18553214a3
       Started: Thu Dec 23 16:04:06 UTC 2021
################################################################################

################################################################################

----- Starting hook: /opt/staging/hooks/10-start-sequence.sh Initializing server for the first time

----- Starting hook: /opt/staging/hooks/17-check-license.sh Opting out of license verification due to MUTE_LICENSE_VERIFICATION=true

----- Starting hook: /opt/staging/hooks/18-setup-sequence.sh

----- Starting hook: /opt/staging/hooks/50-before-post-start.sh

Tailing log files (/opt/out/instance/log/server.log)

Starting server in foreground: (/opt/out/instance/bin/run.sh ) /opt/entrypoint.sh: exec: line 106: /opt/out/instance/bin/run.sh: not found ubuntu@ip-172-31-86-128:~$ sudo docker rm pingfederate pingfederate ubuntu@ip-172-31-86-128:~$ sudo docker logs pingfederate^C ubuntu@ip-172-31-86-128:~$ ubuntu@ip-172-31-86-128:~$ sudo docker run --name pingfederate --publish 9999:9999 --detach -v ping.lic:/opt /out/instance/server/default/conf/pingfederate.lic --env SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity -server-profiles.git --env SERVER_PROFILE_PATH=getting-started/pingfederate --env PING_IDENTITY_ACCEPT_EULA=YES --env PING_IDENTITY_DEVOPS_USER --env PING_IDENTITY_DEVOPS_KEY --tmpfs /run/secrets pingidentity/pingfederate:10.3.4-edge fb77b50d03d16f91f8ba30a989f1be1c8acbe8137147fbfe3b2860c411f31463 ubuntu@ip-172-31-86-128:~$ sudo docker logs pingfederate ----- Starting hook: ./bootstrap.sh

Bootstrap

Using the default container user and group

Container user and group

user : ping (id: 9031)

group: root (id: 0)

----- Starting hook: /opt/entrypoint.sh Command: start-server Processing secrets in SECRETS_DIR (if any)... ################################################################################

Ping Identity DevOps Docker Image

IMAGE_VERSION: pingfederate-alpine_3.15-al11-10.3.4-211222-cdb6

IMAGE_GIT_REV: cdb69b339077198bc4f8ad6bb8ec637f28b18a86

STARTED: Thu Dec 23 16:06:27 UTC 2021

HOST_NAME: fb77b50d03d1

DOMAIN_NAME:

################################################################################ no local IN_DIR files (/opt/in) found.

----- Starting hook: /opt/staging/hooks/01-start-server.sh

----- Starting hook: /opt/staging/hooks/02-get-remote-server-profile.sh Getting SERVER_PROFILE git url: REDACTED path: getting-started/pingfederate Checking for security filename issues....jwk .pin SECURITY_CHECKS_FILENAME: 7 files found matching file pattern .jwk ./FIPS-integration/pingfederate/instance/server/default/data/pf.jwk ./FIPS-integration/pingaccess/instance/conf/pa.jwk ./pa-clustering/pingaccess/instance/conf/pa.jwk ./getting-started/pingfederate/instance/server/default/data/pf.jwk ./baseline/pingfederate/instance/server/default/data/pf.jwk ./ci-tests/pa-bad-import/instance/conf/pa.jwk ./ci-tests/pa-h2-2FedM0re/instance/conf/pa.jwk SECURITY_CHECKS_FILENAME: 4 files found matching file pattern .pin ./pingdataconsole-sso/pingdataconsole/.sec/.keystore.pin ./baseline/pingdataconsole/.sec/.keystore.pin ./baseline/pingdirectory/instance/config/keystore.pin ./baseline/pingdirectory/instance/config/truststore.pin Security Violations Allowed! (total=11) SECURITY_CHECKS_STRICT=false

No previous state to compare.

----- Starting hook: /opt/staging/hooks/03-build-run-plan.sh ################################################################################

Run Plan Information

################################################################################ RUN_PLAN : START ################################################################################

----- Starting hook: /opt/staging/hooks/04-check-variables.sh ################################################################################ ################################################################################ ###################### WARNING - DEPRECATED VARIABLES ##########################

The following deprecated variables were found. These variables may be removed

in a future release.

                        DOLLAR : $

################################################################################

Docker Image Information

################################################################################ IMAGE_VERSION : pingfederate-alpine_3.15-al11-10.3.4-211222-cdb6 IMAGE_GIT_REV : cdb69b339077198bc4f8ad6bb8ec637f28b18a86 HOST_NAME : fb77b50d03d1 DOMAIN_NAME : --- empty --- ################################################################################

Directory Variables

################################################################################ BASE : /opt IN_DIR : /opt/in OUT_DIR : /opt/out SERVER_ROOT_DIR : /opt/out/instance STAGING_DIR : /opt/staging HOOKS_DIR : /opt/staging/hooks SERVER_PROFILE_DIR : /tmp/server-profile BAK_DIR : /opt/backup LOGS_DIR : /opt/logs SECRETS_DIR : /run/secrets LICENSE_DIR : /opt/out/instance/server/default/conf ################################################################################

File Variables

################################################################################ TOPOLOGY_FILE : /opt/staging/topology.json TAIL_LOG_FILES : /opt/out/instance/log/server.log COLORIZE_LOGS : true ################################################################################

Server Profile

################################################################################ SERVER_PROFILE_URL : REDACTED SERVER_PROFILE_BRANCH : --- empty --- SERVER_PROFILE_PATH : getting-started/pingfederate SERVER_PROFILE_UPDATE : false ################################################################################

Security Checks

################################################################################ SECRUITY_CHECKS_STRICT : --- empty --- SECURITY_CHECKS_FILENAME : .jwk .pin ################################################################################

DevOps User/Key

################################################################################ PING_IDENTITY_DEVOPS_USER : --- empty --- PING_IDENTITY_DEVOPS_KEY : REDACTED ################################################################################

License Key Info

################################################################################ LICENSE_FILE_NAME : pingfederate.lic LICENSE_SHORT_NAME : PF LICENSE_VERSION : 10.3 MUTE_LICENSE_VERIFICATION : --- empty --- ################################################################################

Product Startup

################################################################################ STARTUP_COMMAND : /opt/out/instance/bin/run.sh STARTUP_FOREGROUND_OPTS : --- empty --- STARTUP_BACKGROUND_OPTS : --- empty --- VERBOSE : false PING_DEBUG : false CLEAN_STAGING_DIR : true ################################################################################

Orchestration Info

################################################################################ ORCHESTRATION_TYPE : --- empty --- ################################################################################

Ping Product Info

################################################################################ PING_PRODUCT : PingFederate LOCATION : Docker LDAP_PORT : 1389 LDAPS_PORT : 1636 HTTPS_PORT : 1443 JMX_PORT : 1689 USER_BASE_DN : dc=example,dc=com PD_ENGINE_PUBLIC_HOSTNAME : localhost PF_ADMIN_PUBLIC_HOSTNAME : localhost PF_ENGINE_PUBLIC_HOSTNAME : localhost PA_ADMIN_PUBLIC_HOSTNAME : localhost PA_ENGINE_PUBLIC_HOSTNAME : localhost PF_ADMIN_PUBLIC_BASEURL : https://localhost:9999 ROOT_USER_DN : cn=administrator ADDITIONAL_SETUP_ARGS : --- empty --- ################################################################################

JVM Details

################################################################################ MAX_HEAP_SIZE : 384m JVM_TUNING : AGGRESSIVE ################################################################################

----- Starting hook: /opt/staging/hooks/05-expand-templates.sh.pre ----- Starting hook: /opt/staging/hooks/05-expand-templates.sh expanding files... Processing templates t - ./instance/server/default/conf/log4j2.xml.subst t - ./instance/bulk-config/data.json.subst Processing defaults d - ./instance/server/default/conf/tcp.xml.subst.default .. expanded d - ./instance/server/default/conf/log4j2.xml.subst.default .. skipped d - ./instance/bin/jvm-memory.options.subst.default .. expanded d - ./instance/bin/oauth2.properties.subst.default .. expanded d - ./instance/bin/ldap.properties.subst.default .. expanded d - ./instance/bin/oidc.properties.subst.default .. expanded d - ./instance/bin/run.properties.subst.default .. expanded

----- Starting hook: /opt/staging/hooks/06-copy-product-bits.sh Copying SERVER_BITS_DIR (/opt/server) to SERVER_ROOT_DIR (/opt/out/instance) cp: can't create '/opt/out/instance/server/default/conf/scim-service-provider-configs.json': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-idp-session-registry.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-config-replication.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/tcp.xml': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/account-linking': Permission denied cp: can't create '/opt/out/instance/server/default/conf/jmx.remote.access': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/local-identity': Permission denied cp: can't create '/opt/out/instance/server/default/conf/jmx-remote-config.xml': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-assertion-replay-prevention.conf': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/template': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/language-packs': Permission denied cp: can't create '/opt/out/instance/server/default/conf/bonecp-config.xml': Permission denied cp: can't create '/opt/out/instance/server/default/conf/wsfed-claims-util.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/scim-resource-schema-representation-v1.json': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-account-locking.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/udp.xml': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/access-grant': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-artifact.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-session-revocation.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-adaptive.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-sp-session-registry.conf': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/collect-support-data': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/radius': Permission denied cp: can't create '/opt/out/instance/server/default/conf/log4j2.xml': Permission denied cp: can't create '/opt/out/instance/server/default/conf/log4j2.db.properties': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/authentication-session': Permission denied cp: can't create '/opt/out/instance/server/default/conf/size-limits.conf': Permission denied cp: can't create '/opt/out/instance/server/default/conf/cluster-inter-request-state.conf': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/oauth-client-management': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/log4j': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/provisioner': Permission denied cp: can't create '/opt/out/instance/server/default/conf/data-default.zip': Permission denied cp: can't create directory '/opt/out/instance/server/default/conf/META-INF': Permission denied CONTAINER FAILURE: Error running 06-copy-product-bits.sh

henryrecker-pingidentity commented 2 years ago

It looks like mounting a license file like that creates parent directories with root permissions, leading to those permissions errors during 06-copy-product-bits.sh. It may be possible to control the permissions of the mounted file in some way, though I'm not sure how that is done in docker. We'll work on a fix for this for the next release, so you don't have to mess with permissions to mount a license. For now if you just need to get things running you can use the devops user and key to pull a license on startup instead of mounting a license file.

henryrecker-pingidentity commented 2 years ago

The 2112 release is out and includes a fix for this issue. You can use the 2112 tag to get the new image.

thinzaung commented 1 year ago

Hello, I tried to used pingidentity/pingfederate:2112 or 2112-11.0.0, still having the same issue. any thoughts? Is the right tag? This is the log out put of the pod :


### Bootstrap
### Using the default container user and group
### Container user and group
###     user : ping (id: 9031)
###     group: root (id: 0)
----- Starting hook: /opt/entrypoint.sh
Command: start-server
Processing secrets in SECRETS_DIR (if any)...
################################################################################
#    Ping Identity DevOps Docker Image
#     IMAGE_VERSION: pingfederate-alpine_3.15-al11-11.0.0-220105-dafe
#     IMAGE_GIT_REV: dafeb51f53c3ea76eef580d7a5a9c4d8c1bf8e3c
#           STARTED: Wed Nov 30 22:23:16 UTC 2022
#          HOST_NAME: xxx-pingfed-c9bb6c5d8-65jrj
#        DOMAIN_NAME:
################################################################################
copying local IN_DIR files (/opt/in) to STAGING_DIR (/opt/staging)

----- Starting hook: /opt/staging/hooks/01-start-server.sh

----- Starting hook: /opt/staging/hooks/02-get-remote-server-profile.sh
INFO: SERVER_PROFILE_URL not set, skipping

No previous state to compare.

----- Starting hook: /opt/staging/hooks/03-build-run-plan.sh
################################################################################
#    Run Plan Information
################################################################################
                          RUN_PLAN : START
################################################################################

----- Starting hook: /opt/staging/hooks/04-check-variables.sh
################################################################################
################################################################################
###################### WARNING - DEPRECATED VARIABLES ##########################
#  The following deprecated variables were found. These variables may be removed
#  in a future release.

                            DOLLAR : $

################################################################################

################################################################################
#    Docker Image Information
################################################################################
                     IMAGE_VERSION : pingfederate-alpine_3.15-al11-11.0.0-220105-dafe
                     IMAGE_GIT_REV : dafeb51f53c3ea76eef580d7a5a9c4d8c1bf8e3c
                         HOST_NAME : xxx-pingfed-c9bb6c5d8-65jrj
                       DOMAIN_NAME : --- empty ---
################################################################################
#    Directory Variables
################################################################################
                              BASE : /opt
                            IN_DIR : /opt/in
                           OUT_DIR : /opt/out
                   SERVER_ROOT_DIR : /opt/out/instance
                       STAGING_DIR : /opt/staging
                         HOOKS_DIR : /opt/staging/hooks
                SERVER_PROFILE_DIR : /tmp/server-profile
                           BAK_DIR : /opt/backup
                          LOGS_DIR : /opt/logs
                       SECRETS_DIR : /run/secrets
                       LICENSE_DIR : /opt/out/instance/server/default/conf
################################################################################
#    File Variables
################################################################################
                     TOPOLOGY_FILE : /opt/staging/topology.json
                    TAIL_LOG_FILES : /opt/out/instance/log/server.log
                     COLORIZE_LOGS : true
################################################################################
#    Server Profile
################################################################################
                SERVER_PROFILE_URL : *** REDACTED ***
             SERVER_PROFILE_BRANCH : --- empty ---
               SERVER_PROFILE_PATH : --- empty ---
             SERVER_PROFILE_UPDATE : false
################################################################################
#    Security Checks
################################################################################
            SECRUITY_CHECKS_STRICT : --- empty ---
          SECURITY_CHECKS_FILENAME : *.jwk *.pin
################################################################################
#    DevOps User/Key
################################################################################
         PING_IDENTITY_DEVOPS_USER : --- empty ---
          PING_IDENTITY_DEVOPS_KEY : *** REDACTED ***
################################################################################
#    License Key Info
################################################################################
                 LICENSE_FILE_NAME : pingfederate.lic
                LICENSE_SHORT_NAME : PF
                   LICENSE_VERSION : 11.0
         MUTE_LICENSE_VERIFICATION : --- empty ---
################################################################################
#    Product Startup
################################################################################
                   STARTUP_COMMAND : /opt/out/instance/bin/run.sh
           STARTUP_FOREGROUND_OPTS : --- empty ---
           STARTUP_BACKGROUND_OPTS : --- empty ---
                           VERBOSE : false
                        PING_DEBUG : false
                 CLEAN_STAGING_DIR : false
################################################################################
#    Orchestration Info
################################################################################
                ORCHESTRATION_TYPE : --- empty ---
################################################################################
#    Ping Product Info
################################################################################
                      PING_PRODUCT : PingFederate
                          LOCATION : Docker
                         LDAP_PORT : 1389
                        LDAPS_PORT : 1636
                        HTTPS_PORT : 1443
                          JMX_PORT : 1689
                      USER_BASE_DN : dc=example,dc=com
         PD_ENGINE_PUBLIC_HOSTNAME : localhost
          PF_ADMIN_PUBLIC_HOSTNAME : localhost
         PF_ENGINE_PUBLIC_HOSTNAME : localhost
          PA_ADMIN_PUBLIC_HOSTNAME : localhost
         PA_ENGINE_PUBLIC_HOSTNAME : localhost
           PF_ADMIN_PUBLIC_BASEURL : https://localhost:9999
                      ROOT_USER_DN : cn=administrator
             ADDITIONAL_SETUP_ARGS : --- empty ---
################################################################################
#    JVM Details
################################################################################
                     MAX_HEAP_SIZE : 384m
                        JVM_TUNING : AGGRESSIVE
################################################################################

----- Starting hook: /opt/staging/hooks/05-expand-templates.sh.pre
----- Starting hook: /opt/staging/hooks/05-expand-templates.sh
expanding files...
  Processing templates
  Processing defaults
    d - ./instance/bin/jvm-memory.options.subst.default .. expanded
    d - ./instance/bin/ldap.properties.subst.default .. expanded
    d - ./instance/bin/oauth2.properties.subst.default .. expanded
    d - ./instance/bin/oidc.properties.subst.default .. expanded
    d - ./instance/bin/run.properties.subst.default .. skipped
    d - ./instance/server/default/conf/log4j2.xml.subst.default .. skipped
    d - ./instance/server/default/conf/tcp.xml.subst.default .. expanded

----- Starting hook: /opt/staging/hooks/06-copy-product-bits.sh
Copying SERVER_BITS_DIR (/opt/server) to SERVER_ROOT_DIR (/opt/out/instance)
cp: can't create '/opt/out/instance/server/default/conf/template/AbstractPasswordIdpAuthnAdapter.form.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/LocalIdPasswordLookup.form.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/TerminateAccountLinks.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/account-unlock.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/alt-authn-source.template.html': Permission denied
cp: can't create directory '/opt/out/instance/server/default/conf/template/assets': Permission denied
cp: can't create directory '/opt/out/instance/server/default/conf/template/connections': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/consent-form-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/forgot-password-error.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/forgot-password-resume.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/forgot-password-success.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/forgot-password.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/form.autopost.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/general.error.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/generic.error.msg.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/heartbeat.admin.page.template': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/heartbeat.page.template': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/html.form.change.password.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/html.form.login.challenge.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/html.form.message.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/html.form.password.expiring.notification.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/http.error.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/identifier.first.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/idp.logout.success.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/idp.slo.confirm.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/idp.slo.error.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/idp.slo.success.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/idp.sso.error.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/kerberos.error.template.html': Permission denied
cp: can't create directory '/opt/out/instance/server/default/conf/template/ldap-templates': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.connection.error.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.email.verification.error.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.email.verification.otp.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.email.verification.required.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.email.verification.sent.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.email.verification.success.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.profile.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.registration.fragment.error.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/local.identity.registration.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-cert-deactivation.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-cert-expire.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-cert-rotation.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-cert-warning.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-email-ownership-verification.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-grace.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-group-grace.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-group-warn.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-metadata-out-of-sync.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-metadata-updated-out-of-sync.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-metadata-updated.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-metadata-url-entity-id-missing.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-metadata-url-notification.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-notifications.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-shutdown.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/mail-notifications/message-template-test.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/meta.refresh.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/oauth.access.grants.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/oauth.approval.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/oauth.device.messages.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/oauth.device.user-code-confirm.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/oauth.device.user-code.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/openid-configuration.template.json': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pf-ws.authn.api.explorer.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingid.offline.auth.login.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-assertion-required.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-completed.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-device-selection.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-failed.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-otp-required.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-push-confirmation-rejected.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-push-confirmation-timed-out.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-mfa-push-confirmation-waiting.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/pingone-risk-management-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sourceid-choose-idp-adapter-form-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sourceid-saml2-idp-selection-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sourceid-wsfed-http-post-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sourceid-wsfed-idp-exception-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sourceid-wsfed-idp-signout-cleanup-invisible-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sourceid-wsfed-idp-signout-cleanup-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sourceid-wsfed-sp-signout-cleanup-template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sp.slo.error.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sp.slo.success.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sp.sso.error.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/sp.sso.success.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/speed.bump.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/state.not.found.error.page.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/username.recovery.info.template.html': Permission denied
cp: can't create '/opt/out/instance/server/default/conf/template/username.recovery.template.html': Permission denied
cp: can't create directory '/opt/out/instance/server/default/conf/template/ws-policy': Permission denied
cp: can't create directory '/opt/out/instance/server/default/conf/template/wsdl': Permission denied
cp: can't create directory '/opt/out/instance/server/default/conf/template/xsd': Permission denied```

PingDavidR commented 1 year ago

Thanks @thinzaung for using our product images! One question for clarification:

Where and how are you mounting the license file? If you are attempting to mount it (or anything else) under /opt/out, you are not following the prescribed method of providing this license file. Ping product containers are atypical from many Docker images in file system handling in order to support the server profile methodology that allows our historically on-prem software to run in a containerized model. Refer to this page for the name and location in which the license should be mounted in order for the hook scripts to process the license and other files properly

In additioin, I would highly recommend you watch this video for more on the file system and how files, product bits, and user-defined parameters are injected into the containers. There is another video on the hook scripts, linked on our portal, with more details on the hook scripts.

thinzaung commented 1 year ago

Thank you for your response David, yes I realized yesterday that I mounted license file to /opt/out/instance/server/default/conf/pingfederate.lic and having this issue. We have several customized icons and html files we would like to use as templates. Can you suggest if we have that requirement where are these files should mount to ?

I will also check the links you mentioned in the comment too. Thanks Thin

henryrecker-pingidentity commented 1 year ago

The image creates everything up to "/opt/out/instance/server/default/conf", which is where the license is expected, but does not create the "template" folder, so mounting there causes "template" to have root ownership. You can include any files that belong in the server root in a server profile in the "instance/" directory (so "instance/server/default/conf/template" in your case), or mount them to /opt/in. The video David shared should help explain this.

thinzaung commented 1 year ago

Thank you henry and David, after i changed my files to /opt/in , i am able to start the service.

pingidentity / pingidentity-devops-getting-started

pingfederate docker image fails to run CONTAINER FAILURE: Error running 06-copy-product-bits.sh #300

Bootstrap

Using the default container user and group

Container user and group

user : ping (id: 9031)

group: root (id: 0)

Ping Identity DevOps Docker Image

IMAGE_VERSION: pingfederate-alpine_3.15-al11-10.3.4-211222-cdb6

IMAGE_GIT_REV: cdb69b339077198bc4f8ad6bb8ec637f28b18a86

STARTED: Thu Dec 23 16:04:04 UTC 2021

HOST_NAME: ca18553214a3

DOMAIN_NAME:

Run Plan Information

The following deprecated variables were found. These variables may be removed

in a future release.

Docker Image Information

Directory Variables

File Variables

Server Profile

Security Checks

DevOps User/Key

License Key Info

Product Startup

Orchestration Info

Ping Product Info

JVM Details

Bootstrap

Using the default container user and group

Container user and group

user : ping (id: 9031)

group: root (id: 0)

Ping Identity DevOps Docker Image

IMAGE_VERSION: pingfederate-alpine_3.15-al11-10.3.4-211222-cdb6

IMAGE_GIT_REV: cdb69b339077198bc4f8ad6bb8ec637f28b18a86

STARTED: Thu Dec 23 16:06:27 UTC 2021

HOST_NAME: fb77b50d03d1

DOMAIN_NAME:

Run Plan Information

The following deprecated variables were found. These variables may be removed

in a future release.

Docker Image Information

Directory Variables

File Variables

Server Profile

Security Checks

DevOps User/Key

License Key Info

Product Startup

Orchestration Info

Ping Product Info

JVM Details