I was trying to write a Docker log file on Ubuntu 20.04 by
sudo docker logs CONTAINER_ID >output.log
But it returned
-bash: output.log: Permission denied
How to solve the permission problem to save the logs? Is the problem inside the container or outside of it?
P.S. I had this container by docker run -d -v ~/desktop/usercode/Docker:/code -p 5000:5000 flask_app:1.0, and the Dockerfile is as below:
## Base Python Image for App
FROM python:3.9-rc-buster
# Setting up Docker environment
# Setting Work directory for RUN CMD commands
WORKDIR /code
# Export env variables.
ENV FLASK_APP app.py
ENV FLASK_RUN_HOST 0.0.0.0
###
#Copy requirements file from current directory to file in
#containers code directory we have just created.
COPY requirements.txt requirements.txt
#Run and install all required modules in container
RUN pip3 install -r requirements.txt
#Copy current directory files to containers code directory
COPY . .
#RUN app.
CMD ["flask", "run"]
And, the images are:
REPOSITORY TAG IMAGE ID CREATED SIZE
flask_app 1.0 90b2840f4d5d 29 minutes ago 895MB
python 3.9-rc-buster 50625b35cf42 9 months ago 884MB
The command you entered first creates output.log file in the same direction as you are, then drops the logs in that file; It seems that the problem is solved if you use the following command.
docker logs CONTAINER_ID > ~/output.log
This command creates a log file in the root path of the user you are. for example if your username is USER1 that file create at /home/USER1
Related
Below is the Dockerfile for linux images. I get file path access denied error in Ubuntu VM
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_Kestrel__Certificates__Default__Password=password123
- ASPNETCORE_Kestrel__Certificates__Default__Path=/abc/https/localhost.pfx
volumes:
- ./devops/https/localhost.pfx:/abc/https/localhost.pfx:ro
The path in the image and dockerfile was the same at that time. Attempted to run on ubuntu. ubuntu user is added to docker group.
Docker file content is provided for reference.
FROM mcr.microsoft.com/dotnet/aspnet:6.0
COPY . App/
WORKDIR /App
ENV ASPNETCORE_ENVIRONMENT="Production"
ENV ASPNETCORE_URLS="https://+:44123;"
ENV ABC_WORKDIR /App
ENV ABC_FILE_STORE /abc/source
EXPOSE 44123
RUN mkdir -p $ABC_FILE_STORE
RUN mkdir -p /abc/https
RUN chown abcuser /abc/https
RUN chown abcuser $ABC_FILE_STORE
RUN chown abcuser /App
USER abcuser
VOLUME /abc/https
VOLUME $ABC_FILE_STORE
WORKDIR $ABC_FILE_STORE
# sanity check: try to write a file
RUN echo "Hello from ABC" > hello.txt
WORKDIR $ABC_WORKDIR
ENTRYPOINT ["dotnet", "ABCService.dll"]
Should all the volume paths used by app, need to be mentioned and change the permission in Dockerfile
Should a docker file need to create a user and use it in dockerfile.
Above seems, both windows and linux need separate dockerfile for image creation
I just started with the docker and I am creating docker image from my code. Here is the dir structure
project
/deployment
/Dockerfile.project1
/services
/ui
/project1
and Here is the code in Dockerfile.project1
FROM node:14
# arguments
ARG BUILD_COMMIT
ARG BUILD_BRANCH
ARG BUILD_TAG
# port number for app
ARG PORT=3000
ARG APP=adam_website_ui
LABEL build.tag=${BUILD_TAG}
LABEL app=${APP}
# set the env
ENV BUILD_BRANCH=${BUILD_BRANCH}
ENV BUILD_COMMIT=${BUILD_COMMIT}
WORKDIR /app
# Assiging user
USER root
RUN echo "$(date '+%Y-%m-%d %H:%M:%S'): ======> Setup Appusr" \
&& groupadd -g 1001 appusr \
&& useradd -r -u 1001 -g appusr appusr \
&& mkdir /home/appusr/ \
&& chown -R appusr:appusr /home/appusr/\
&& chown -R appusr:appusr /app
# copy the relavant code
COPY ../services/ui/project1 /app/
# installing deps
RUN npm install
RUN npm run build
RUN SET PORT=${PORT} && npm start
USER appusr:appusr
but this is showing
=> ERROR [4/7] COPY ../services/ui/project1 /app/ 0.0s
------
> [4/7] COPY ../services/ui/project1 /app/:
------
failed to compute cache key: "/services/ui/project1" not found: not found
and I am building using this command from deployment folder
docker build -t website_ui -f Dockerfile.project1 .
what can be the issue?
If you run docker build within the directory project/deployment with build context ., then docker is not able to find the files in project/services.
Try to run docker build -t website_ui -f deployment/Dockerfile.project1 . (the last argument is the build context)
From the docs:
The docker build command builds Docker images from a Dockerfile and a "context". A build's context is the set of files located in the specified PATH or URL.
When you build a Docker image you must specify a path to a directory which will be the build context, this is the dot at the end of your docker build command.
The content of this directory will then be copied by Docker (probably into an internal Docker directory), which is why you can't COPY paths outside the context.
You should see a message like "Uploading context of X bytes" when running docker build.
Change your COPY instruction to COPY services/ui/project1 /app/ and build your image from the project's root directory:
docker build -t website_ui -f deployment/Dockerfile.project1 .
Read more about the build context on the docker build documentation
I am new to Docker and created following files in a large Node project folder:
Dockerfile
# syntax=docker/dockerfile:1
FROM node:16
# Update npm
RUN npm install --global npm
# WORKDIR automatically creates missing folders
WORKDIR /opt/app
# https://stackoverflow.com/a/42019654/15443125
VOLUME /opt/app
RUN useradd --create-home --shell /bin/bash app
COPY . .
RUN chown -R app /opt/app
USER app
ENV NODE_ENV=production
RUN npm install
# RUN npx webpack
CMD [ "sleep", "180" ]
docker-compose.yml
version: "3.9"
services:
app:
build:
context: .
ports:
- "3000:3000"
volumes:
- ./dist/dockerVolume/app:/opt/app
And I run this command:
docker compose up --force-recreate --build
It builds the image, starts a container and I added a sleep to make sure the container stays up for at least 3 minutes. When I open a console for that container and run cd /opt/app && ls, I can verify that there are a lot of files. project/dist/dockerVolume/app gets created by Docker, but nothing is written to it at any point.
There are no errors or warnings or other indications that something isn't set up correctly.
What am I missing?
First you should move the VOLUME declaration to the end of the Dockerfile, because:
If any build steps change the data within the volume after it has been declared, those changes will be discarded. (Documentation)
After this you will face the issue of how bind mounts and docker volumes work. Unfortunately if you use a bind mount, the contents of the host directory will always replace the files that are already in the container. Files will only appear in the host directory, if they were created during runtime by the container.
Also see:
Docker docs: bind mounts
Docker docs: volumes
To solve the issue, you could use any of these workarounds, depending on your usecase:
Use volumes in your docker-compose.yml file instead of bind mounts (Documentation)
Create the files you want to run on the host instead of in the image, and bind mount them into the container.
Use a bash script in the container that creates the neccessary files (if they are missing) when the container is starting (so the bind mount is already initialized, and the changes will persist) and after that, it starts your processes.
Summary
docker run doesn't seem to build a container (but it also doesn't throw an error) despite docker build successfully building the container image.
Input and Output
1. Successful docker image creation..
$ docker build -t minitwitter:latest .
...
Successfully built da191988e0db
Successfully tagged minitwitter:latest
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
minitwitter latest da191988e0db 6 seconds ago 173MB
python 3.7-alpine b11d2a09763f 9 days ago 98.8MB
2. ..and docker run completes without error..
$ docker run --name minitwitter -d -p 8000:5000 --rm minitwitter:latest
e8835f1b4c72c8e1a8736589c74d56ee2d12ec7bcfb4695531759fb1c2cf0e48
3. ..but docker container doesn't seem to exist.
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
And navigating to the port where the app should be exposed, http://localhost:8000, returns the connection error ERR_CONNECTION_REFUSED.
Docker file, boot.sh
The Dockerfile and boot.sh files are pretty simple I think:
Dockerfile
FROM python:3.7-alpine
RUN adduser -D minitwitter
WORKDIR /home/minitwitter
COPY requirements.txt requirements.txt
RUN python -m venv env
RUN env/bin/pip install -r requirements.txt
RUN env/bin/pip install gunicorn
COPY app app
COPY migrations migrations
COPY minitwitter.py config.py boot.sh ./
RUN chmod a+x boot.sh
ENV FLASK_APP minitwitter.py
RUN chown -R minitwitter:minitwitter ./
USER minitwitter
EXPOSE 5000
ENTRYPOINT ["./boot.sh"]
boot.sh
# BOOTS A DOCKER CONTAINER
#!/bin/sh
source env/bin/activate
flask db upgrade
exec gunicorn -b :5000 --access-logfile - --error-logfile - minitwitter:app
Place the 'shebang' -- #!/bin/sh -- on the first line of the boot.sh shell script.
How I found this answer: This blog post which refers to this Stackoverflow post.
The problem: the original script has a comment on the first line and the shebang on the second line.
Note: The title of the 'Question' is misleading: a docker container was built. The container, however, was short-lived and given I used the -rm option in the docker run command, the container was deleted after it terminated within 2 seconds; this is why it didn't appear in the docker images -a command.
root#centdev01$ grep -e CMD -e RUN Dockerfile
RUN apt-get update
RUN apt-get -y install ruby ruby-dev build-essential redis-tools
RUN gem install --no-rdoc --no-ri sinatra json redis
RUN mkdir -p /opt/webapp
RUN chmod 777 /opt/webapp
CMD ["/opt/webapp/bin/webapp"]
root#centdev01$ docker build -t "alok87/sinatra" .
root#centdev01$ docker run -d -p 80 --name ubunsin10 -v $PWD/webapp:/opt/webapp alok87/sinatra
25ekgjalgjal25rkg
root#centdev01$ docker logs ubunsin10
/opt/webapp/bin/webapp: Permission Denied - /opt/webapp/bin/webapp ( Errno:EACCESS)
The issue is the volume is being mounted to the container but from the container it is not having any acces to the mounted volume. I can cd to /opt/webapp/bin but i can not ls /opt/webapp/bin.
Please suggest how it can be fixed. The host mount has all files having 777 permission.
Docker processes have the svirt_lxc_net_t default type. By default these processes are not allowed to access your content in /var, /root and /home.
You have specify a suitable type label for your host folder, to allow the container processes to access the content. You can do this by giving the $PWD/webapp folder the type label svirt_sandbox_file_t.
chcon -Rt svirt_sandbox_file_t $PWD/webapp
After this, you can access the folder from within the container. Read more about it in Dan Walsh's article - Bringing new security features to Docker