Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/13451 )
Change subject: IMPALA-8491: Non-root user in container ...................................................................... IMPALA-8491: Non-root user in container Set a default USER in the Dockerfile per best practices so that consumers of the container don't accidentally run as root. The default user is "impala" if the container is run in docker without specifying a user. Various frameworks, including kubernetes, will run the container with an arbitrary user and group ID set. This causes issues with some Hadoop libraries, which depend on the user having a name. This is generally not the case because inside the container usernames are resolved with the container's /etc/passwd. To work around this, the entrypoint script checks if the current user has a name and if not, assigns it one (either dummyuser or $HADOOP_USER_NAME). Remove the umask setting that was required to make logs modifiable by the host user - this is not needed for our tests since the host host and container users now match up. Also run apt-get clean in Dockerfile to reduce cruft in the image. Change-Id: I0bea9f44a8199851ed04fbef8caf4a2350ae2c0e Reviewed-on: http://gerrit.cloudera.org:8080/13451 Reviewed-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Tested-by: Impala Public Jenkins <impala-public-jenk...@cloudera.com> --- M bin/start-impala-cluster.py M docker/daemon_entrypoint.sh M docker/impala_base/Dockerfile 3 files changed, 21 insertions(+), 6 deletions(-) Approvals: Impala Public Jenkins: Looks good to me, approved; Verified -- To view, visit http://gerrit.cloudera.org:8080/13451 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I0bea9f44a8199851ed04fbef8caf4a2350ae2c0e Gerrit-Change-Number: 13451 Gerrit-PatchSet: 6 Gerrit-Owner: Tim Armstrong <tarmstr...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Joe McDonnell <joemcdonn...@cloudera.com> Gerrit-Reviewer: Tim Armstrong <tarmstr...@cloudera.com>