Make images runnable in OpenShift #40
Conversation
…8 base Java image
|
Thanks for the improvements, @jpechane. Just to be completely clear, this won't affect how the usage of the images, right? If not, this looks great to me. |
|
The images are completely compatible with the previous versions. I made just the necessary changes to be runnable under default OpenShift security context. When run in standalone mode they work as before. |
|
Hey @jpechane, thanks a lot for this change! Out of curiosity, is the change of the base image strictly needed for the matter at hand? It seems a bit we're mixing two things here. Not that I'm against it, just trying to get a clearer picture :) Thanks! |
|
In terms of going for a more standard image, did you consider to use |
|
I thought its best to move to images that are regularly based in OpenShift, thus my changing of base images. Regarding choosing F8 image: it is again useful in OpenShift environment - as the Jolokia is (can be) configured it is easy then to access JMX browser (hawtio) from OpenShift console. |
| RUN chown -R kafka $KAFKA_HOME && \ | ||
| chgrp -R kafka $KAFKA_HOME | ||
| USER kafka | ||
| RUN chmod -R g+w,o+w $KAFKA_HOME |
There was a problem hiding this comment.
@jpechane I'm getting an error at this line:
Step 13/19 : RUN chmod -R g+w,o+w $KAFKA_HOME
chmod: changing permissions of '/kafka/config/log4j.properties': Operation not permitted
The command '/bin/sh -c chmod -R g+w,o+w $KAFKA_HOME' returned a non-zero code: 1
Seems like that file still has the wrong owner or something?
There was a problem hiding this comment.
So it's known behavior of Docker: the COPY above won't run in the context of the previously set user, causing log4j.properties to be owned by root, naturally causing chmod to fail here. So the user switch to kafka must happen later. Meh.
There was a problem hiding this comment.
Not sure if I follow you - my build log is
Step 11 : RUN echo "$MD5HASH /tmp/kafka.tgz" | md5sum -c - && tar -xzf /tmp/kafka.tgz -C $KAFKA_HOME --strip-components 1 && rm -f /tmp/kafka.tgz
---> Running in 7cf6a342c41b
/tmp/kafka.tgz: OK
---> 7dfbcc9a1e1d
Removing intermediate container 7cf6a342c41b
Step 12 : COPY ./log4j.properties $KAFKA_HOME/config/log4j.properties
---> 60bb8e30fcf2
Removing intermediate container 0fdeee4e5828
Step 13 : RUN chmod -R g+w,o+w $KAFKA_HOME
---> Running in 83fb5880dee9
---> 610ccc55fbec
Removing intermediate container 83fb5880dee9
Step 14 : WORKDIR $KAFKA_HOME
---> Running in d0e6230024a1
---> d6426465fcf6
Removing intermediate container d0e6230024a1
Step 15 : EXPOSE 9092
---> Running in f5b1d7cbb61a
---> 75c69c95bdaf
I do not see any issue with changing the privileges. Just in case, my Docker env is
docker version
Client:
Version: 1.12.6
API version: 1.24
Go version: go1.6.2
Git commit: 78d1802
Built: Tue Jan 31 23:35:14 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Go version: go1.6.2
Git commit: 78d1802
Built: Tue Jan 31 23:35:14 2017
OS/Arch: linux/amd64
There was a problem hiding this comment.
Hum, how odd. In my case the chown failed because the user was kafka but the file owned by root (which seems expected as per the issues linked above). I could make it work by moving the switch to kafka user behind the chown. Not sure why this issue only arises for me, but it seems the safest thing to do.
|
Added a commit to defer the user switch and attributed the commits to https://issues.jboss.org/browse/DBZ-240. Thanks, @jpechane! |
The images were modified so they can run in OpenShift under ranom UID.
Alos base image was changed to Fabric8 image. This is a preparation for a usage of future Red Hat's community Java image.