cannot login to Controller when running as host's root

[markusweigelt]

When i run make stack (prepare, build and start) with root user, I run into following problem when i execute the script_ocr.sh over action:runscript in Kitodo.Production

today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: ocr_init initialize variables and directory structure
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: running with 3 26 /data/3 deu Fraktur true /data/3/ocr-workflow.sh CONTROLLER=ocrd-controller:22
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: using workflow '/data/3/ocr-workflow.sh':
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: "tesserocr-recognize -P segmentation_level region -P model frak2021 -I OCR-D-IMG -O OCR-D-OCR" "fileformat-transform -P from-to \"page alto\" -P script-args \"--no-check-border --dummy-word\" -I OCR-D-OCR -O FULLTEXT" 
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: ocr_exit in async mode - immediate termination of the script
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: '/data/3/images' -> 'ocr-d//data/3'
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: '/data/3/images/FILE_0010_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0010_ORIGINAL.jpg'
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: '/data/3/images/FILE_0011_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0011_ORIGINAL.jpg'
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: '/data/3/images/FILE_0012_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0012_ORIGINAL.jpg'
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: '/data/3/images/FILE_0013_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0013_ORIGINAL.jpg'
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: '/data/3/images/FILE_0014_ORIGINAL.jpg' -> 'ocr-d//data/3/FILE_0014_ORIGINAL.jpg'
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: Permission denied, please try again.#015
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: Permission denied, please try again.#015
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: ocrd@ocrd-controller: Permission denied (publickey,password).#015
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: rsync: connection unexpectedly closed (0 bytes received so far) [sender]
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: rsync error: unexplained error (code 255) at io.c(235) [sender=3.1.2]
today at 17:07:28Sep 22 15:07:28 ocrd-manager for_production.sh: terminating with error $?=255 from rsync -av -e "ssh -p $CONTROLLERPORT -l ocrd" "$WORKDIR/" $CONTROLLERHOST:/data/$REMOTEDIR

[markusweigelt]

Problem seem to be that SSH commands are not executed as pseudo ocrd user but as root user. I think that happend cause the local root user has same UID and GID like the root user in the Container and than the default id_rsa file location is expected under /root/.ssh/id_rsa which not exist. So we must add -i /.ssh/id_rsa for all SSH commands for that case.

[bertsky]

I think that happend cause the local root user has same UID and GID like the root user in the Container and than the default id_rsa file location is expected under /root/.ssh/id_rsa which not exist. So we must add -i /.ssh/id_rsa for all SSH commands for that case.

I doubt that. We set HOME=/ in the Dockerfile and again add a line to /etc/passwd for the UID of the ocrd user, which also sets / as home directory. The default in OpenSSH is ~/.ssh/id_*. So it should look for /.ssh/id_rsa.

But (as speculated here), it might be that the tilde expansion does not work for us.

At any rate, let's just add that option to the ssh calls and be done with the problem (whatever the actual cause might be).

[markusweigelt]

On my local system the UID and GID of root is 0. So these ids setted as UID and GID for pseudo user with env variable. But this is UID is already used by root user. So the pseudo user is root.

Here I think is the proof for my assumption:

root@LDV163:/home/weigelt/Work/OCR-D/kitodo_production_ocrd# docker exec -it kitodo_production_ocrd_kitodo-app_1 bash
root@f71d05217d79:/usr/local/tomcat# ssh -i /.ssh/id_rsa -Tn -p 22 ocrd@ocrd-manager whoami
root