I have a Dockerfile where I bring in some files and chmod some stuff. it's a node server that spawns an executable file.
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y --no-install-recommends curl sudo
RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
RUN apt-get install -y nodejs && \
apt-get install --yes build-essential
RUN apt-get install --yes npm
#VOLUME "/usr/local/app"
# Set up C++ dev env
RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install gcc-multilib g++-multilib cmake wget -y && \
apt-get clean autoclean && \
apt-get autoremove -y
#wget -O /tmp/conan.deb -L https://github.com/conan-io/conan/releases/download/0.25.1/conan-ubuntu-64_0_25_1.deb && \
#dpkg -i /tmp/conan.deb
#ADD ./scripts/cmake-build.sh /build.sh
#RUN chmod +x /build.sh
#RUN /build.sh
RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
RUN apt-get install -y nodejs sudo
RUN mkdir -p /usr/local/app
WORKDIR /usr/local/app
COPY package.json /usr/local/app
RUN ["npm", "install"]
COPY . .
RUN echo "/usr/local/app/dm" > /etc/ld.so.conf.d/mythrift.conf
RUN echo "/usr/lib/x86_64-linux-gnu" >> /etc/ld.so.conf.d/mythrift.conf
RUN echo "/usr/local/lib64" >> /etc/ld.so.conf.d/mythrift.conf
RUN ldconfig
EXPOSE 9090
RUN chmod +x dm/dm3
RUN ldd dm/dm3
RUN ["chmod", "+x", "dm/dm3"]
RUN ["chmod", "777", "policy"]
RUN ls -al .
CMD ["nodejs", "app.js"]
it works all fine but when I use docker-compose for the purpose of having an autoreload dev enviornment in docker, I get an EACCES error when spawning the executable process.
version: '3'
services:
web:
build: .
command: npm run start
volumes:
- .:/usr/local/app/
- /usr/app/node_modules
ports:
- "3000:3000"
I'm using nodemon to restart the server on changes, hence the volumes in the compose. woulds love to get that workflow up again.
I think that you problem is how you wrote the docker-compose.yml file.
I think that the line command doesn't necessary because you
especified how start the program in Dockerfile.
Could you try to run this lines?
version: '3'
services:
web:
build:
context: ./
dockerfile: Dockerfile
volumes:
- .:/usr/local/app/
- /usr/app/node_modules
ports:
- "3000:3000"
Otherwise, I think that the volumes property doesn't share /usr/app/node_modules. And I think that this is bad practice. You can run "npm install" in your Dockerfile
I hope that you could understand me =)
Related
ı am trying to use a container and I came across a problem. when I curl localhost:8000 inside the container it connects but when I try to go there it says unable to connect. I am providing a screenshot, my YAML file, and my dockerfile.devel in case that helps. Thanks already.
i curled inside the container and it connected to the port
my yaml file
version: "2"
services:
cuckoo:
privileged: true
image: cuckoo-docker:2.0.7
build:
context: ./
dockerfile: src/Dockerfile.devel
ports:
- "8888:8000"
- "2042:2042"
expose:
- "8000"
links:
- mongo
- postgres
networks:
- cuckoo
restart: always
cap_add:
- NET_ADMIN
extra_hosts:
- "libvirt.local:172.30.201.1"
mongo:
image: mongo
ports:
- 27017:27017
networks:
- cuckoo
restart: always
postgres:
image: postgres
ports:
- 5432:5432
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: cuckoo
networks:
- cuckoo
restart: always
networks:
cuckoo:
driver: bridge
my dockerfile.devel
FROM ubuntu:18.04
ENV container docker
ENV LC_ALL C
ENV DEBIAN_FRONTEND noninteractive
RUN sed -i 's/# deb/deb/g' /etc/apt/sources.list
RUN apt update \
&& apt full-upgrade -y \
&& apt install -y systemd systemd-sysv \
&& apt clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN cd /lib/systemd/system/sysinit.target.wants/ \
&& ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1
RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
/etc/systemd/system/*.wants/* \
/lib/systemd/system/local-fs.target.wants/* \
/lib/systemd/system/sockets.target.wants/*udev* \
/lib/systemd/system/sockets.target.wants/*initctl* \
/lib/systemd/system/basic.target.wants/* \
/lib/systemd/system/anaconda.target.wants/* \
/lib/systemd/system/plymouth* \
/lib/systemd/system/systemd-update-utmp*
RUN apt update \
&& apt install -y python2.7 python-pip python-dev libffi-dev libssl-dev python-virtualenv python-setuptools libjpeg-dev zlib1g-dev swig qemu-kvm libvirt-bin \
ubuntu-vm-builder bridge-utils python-libvirt tcpdump libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd pcregrep libpcre++-dev autoconf automake libtool \
build-essential libjansson-dev libmagic-dev supervisor mongodb postgresql postgresql-contrib libpq-dev nano bison byacc tor suricata flex\
&& apt clean
RUN set -x \
&& cd /tmp/ \
&& git clone --recursive --branch 'v3.11.0' https://github.com/VirusTotal/yara.git \
&& cd /tmp/yara \
&& ./bootstrap.sh * \
&& sync \
&& ./configure --with-crypto --enable-magic --enable-cuckoo --enable-dotnet \
&& make \
&& make install \
&& rm -rf /tmp/* \
&& cd /tmp \
&& git clone --recursive --branch '2.6.1' https://github.com/volatilityfoundation/volatility.git \
&& cd volatility \
&& python setup.py build install \
&& rm -rf /tmp/*
RUN pip install -U --no-cache-dir pyrsistent==0.16.1 MarkupSafe==1.1.1 itsdangerous==1.1.0 configparser==4.0.2 distorm3==3.4.4 setuptools pycrypto ujson cryptography psycopg2 jsonschema==3.2.0 werkzeug==0.16.0 Mako==1.1.0 python-editor==1.0.3 urllib3==1.25.7 tlslite==0.4.9 SFlock==0.3.3 tlslite-ng==0.7.6 pyOpenSSL==18.0.0
RUN apt update && apt install -y vim
COPY cuckoo /opt/cuckoo
WORKDIR /opt/cuckoo
RUN python stuff/monitor.py
RUN python setup.py sdist develop
RUN cuckoo init
RUN cuckoo community
COPY etc/conf /root/.cuckoo/conf
COPY etc/supervisord.conf /root/.cuckoo/
COPY etc/cuckoo.sh /opt/
RUN chmod +x /opt/cuckoo.sh
CMD ["/opt/cuckoo.sh"]
When you set
ports:
- "8888:8000"
this means that the port 8000 in the container is mapped to the port 8888 in the host machine
so if you curl from the host machine you have to curl port 8888
I am getting a permission error when I try to get the container up by using docker-compose up -d Running this on macOS worked fine, tried to build the application on a new machine (Ubuntu), but it didnt work.
Exiting
/usr/local/bundle/gems/rack-2.2.3/lib/rack/server.rb:433:in `initialize': Permission denied # rb_sysopen - /home/api/limpar/current/tmp/pids/server.pid (Errno::EACCES)
Dockerfile
FROM ruby:2.7.1
ENV LANG C.UTF-8
ENV NODE_VERSION 12
ENV NODE_ENV production
ENV INSTALL_PATH /home/api/limpar/current
RUN curl -sL https://deb.nodesource.com/setup_$NODE_VERSION.x | bash -
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update -qq
RUN apt-get install -y --no-install-recommends nodejs postgresql-client yarn build-essential vim
RUN mkdir -p $INSTALL_PATH
WORKDIR $INSTALL_PATH
COPY Gemfile Gemfile.lock ./
RUN gem install bundler
RUN bundle install
COPY . $INSTALL_PATH
RUN rm -rf tmp
RUN useradd -Ms /bin/bash api -u 1001
RUN chown -R api:api /home/api /usr/local/bundle
USER api
EXPOSE 3000
CMD rails server -p 3000 -b 0.0.0.0
docker build runs with no failures.
Any missing points on Dockerfile, regarding user permissions?
Thanks in advance
I have a Dockerfile where I bring in some files and change permissions.
I also have a docker-compose that creates a volume for nodemon to watch. I believe that these volumes are overwriting the permissions that I set. When I remove the volumes the app works but I don't get the server restarting. When the volumes are there the app crashes due to permissions. I've tried creating the volume first but perhaps I was doing that wrong.
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y --no-install-recommends curl sudo
RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
RUN apt-get install -y nodejs && \
apt-get install --yes build-essential
RUN apt-get install --yes npm
#VOLUME "/usr/local/app"
# Set up C++ dev env
RUN apt-get update && \
apt-get dist-upgrade -y && \
apt-get install gcc-multilib g++-multilib cmake wget -y && \
apt-get clean autoclean && \
apt-get autoremove -y
#wget -O /tmp/conan.deb -L https://github.com/conan-io/conan/releases/download/0.25.1/conan-ubuntu-64_0_25_1.deb && \
#dpkg -i /tmp/conan.deb
#ADD ./scripts/cmake-build.sh /build.sh
#RUN chmod +x /build.sh
#RUN /build.sh
RUN curl -sL https://deb.nodesource.com/setup_9.x | sudo -E bash -
RUN apt-get install -y nodejs sudo
RUN mkdir -p /usr/local/app
WORKDIR /usr/local/app
COPY package.json /usr/local/app
RUN ["npm", "install"]
RUN npm install --global nodemon
COPY . .
RUN echo "/usr/local/app/dm" > /etc/ld.so.conf.d/mythrift.conf
RUN echo "/usr/lib/x86_64-linux-gnu" >> /etc/ld.so.conf.d/mythrift.conf
RUN echo "/usr/local/lib64" >> /etc/ld.so.conf.d/mythrift.conf
RUN ldconfig
EXPOSE 9090
RUN ["chmod", "+x", "dm/dm3"]
RUN ["chmod", "777", "policy"]
RUN ls -al .
RUN npm -v
RUN node -v
notice at the end where i'm changing permissions.
version: '3'
services:
web:
build: .
volumes:
- .:/usr/local/app/
- /usr/app/node_modules
command: nodemon
ports:
- "3000:3000"
When you mount volumes into a docker container, the files inside are on a lower layer so they are hidden.
In your case, /usr/local/app from the Dockerfile is hidden. Its contents are the files from the host machine (the parent directory of docker-compose.yml). You should set the permissions in the host machine.
I am trying to setup a docker container that mounts a volume from the host. No matter what I try, it always says permission denied when I remote into the docker container. This is some of the commands I have tried adding to my docker file:
RUN su -c "setenforce 0"
and
chcon -Rt svirt_sandbox_file_t /app
Still I get the following error when I remote into my container:
Error: EACCES: permission denied, scandir '/app'
at Error (native)
Error: EACCES: permission denied, open 'npm-debug.log.578996924'
at Error (native)
And as you can see, the app directory is assigned to some user with uid 1000:
Here is my docker file:
FROM php:5.6-fpm
# Install modules
RUN apt-get update && apt-get install -y \
git \
unzip \
libmcrypt-dev \
libicu-dev \
mysql-client \
freetds-dev \
libxml2-dev
RUN apt-get install -y freetds-dev php5-sybase
# This symlink fixes the pdo_dblib install
RUN ln -s /usr/lib/x86_64-linux-gnu/libsybdb.a /usr/lib/
RUN docker-php-ext-install pdo \
&& docker-php-ext-install pdo_mysql \
&& docker-php-ext-install pdo_dblib \
&& docker-php-ext-install iconv \
&& docker-php-ext-install mcrypt \
&& docker-php-ext-install intl \
&& docker-php-ext-install opcache \
&& docker-php-ext-install mbstring
# Override the default php.ini with a custom one
COPY ./php.ini /usr/local/etc/php/
# replace shell with bash so we can source files
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
# nvm environment variables
ENV NVM_DIR /usr/local/nvm
ENV NODE_VERSION 4.4.7
# install nvm
RUN curl --silent -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.2/install.sh | bash
# install node and npm
RUN source $NVM_DIR/nvm.sh \
&& nvm install $NODE_VERSION \
&& nvm alias default $NODE_VERSION \
&& nvm use default
# add node and npm to path so the commands are available
ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
# confirm installation
RUN node -v
RUN npm -v
# Install Composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN composer --version
# Configure freetds
ADD ./freetds.conf /etc/freetds/freetds.conf
WORKDIR /app
# Gulp install
RUN npm install -g gulp
RUN npm install -g bower
CMD ["php-fpm"]
Here is my docker-compose:
nginx_dev:
container_name: nginx_dev
build: docker/nginx_dev
ports:
- "80:80"
depends_on:
- php_dev
links:
- php_dev
volumes:
- ./:/app
php_dev:
container_name: php_dev
build: docker/php-dev
volumes:
- ./:/app`
Is there any commands I can run to give the root user permissions to access the app directory? I am using docker-compose as well.
From the directory listing, it appears that you have selinux configured (that's the trailing dots on the permission bits). In Docker with selinux enabled, you need to mount volumes with an extra flag, :z. Docker describes this as a volume label but I believe this is an selinux term rather than a docker label on the volume.
Your resulting docker-compose.yml should look like:
version: '2'
services:
nginx_dev:
container_name: nginx_dev
build: docker/nginx_dev
ports:
- "80:80"
depends_on:
- php_dev
links:
- php_dev
volumes:
- ./:/app:z
php_dev:
container_name: php_dev
build: docker/php-dev
volumes:
- ./:/app:z
Note, I also updated the syntax to version 2. Version 1 of the docker-compose.yml is being phased out. Version 2 will result in the containers being run in their own network by default which is usually preferred but may cause issues if you have other containers trying to talk to these.
This is how I'm creating a docker image with nodeJS and meteorJS based on an ubuntu image. I'll use this image to do some testing.
Now I'm thinking of doing this via docker compose. But is this possible at all? Can I convert those commands into a docker compose yml file?
FROM ubuntu:16.04
COPY package.json ./
RUN apt-get update -y && \
apt-get install -yqq \
python \
build-essential \
apt-transport-https \
ca-certificates \
curl \
locales \
nodejs \
npm \
nodejs-legacy \
sudo \
git
## NodeJS and MeteorJS
RUN curl -sL https://deb.nodesource.com/setup_4.x | bash -
RUN curl https://install.meteor.com/ | sh
## Dependencies
RUN npm install -g eslint eslint-plugin-react
RUN npm install
## Locale
ENV OS_LOCALE="en_US.UTF-8"
RUN locale-gen ${OS_LOCALE}
ENV LANG=${OS_LOCALE} LANGUAGE=en_US:en LC_ALL=${OS_LOCALE}
## User
RUN useradd ubuntu && \
usermod -aG sudo ubuntu && \
mkdir -p /builds/core/.meteor /home/ubuntu && \
chown -Rh ubuntu:ubuntu /builds/core/.meteor && \
chown -Rh ubuntu:ubuntu /home/ubuntu
USER ubuntu
Docker Compose doesn't replace your Dockerfile, but you can use Docker Compose to build an image from your Dockerfile:
version: '3'
services:
myservice:
build:
context: /path/to/Dockerfile/dir
dockerfile: Dockerfile
image: result/latest
Now you can build it with:
docker-compose build
And start it with:
docker-compose up -d