Thank you so much. It worked. I changed work directory in Dockerfile and just appended 'sudo' before chown in om_install.sh and om.sh. I was struggling for this since 1 week. Now I can move ahead. Although the application is still not working but I am happy that permission error is gone. I will now look into why application isn't working. I will post again in case further query. Thank you again.
Best Regards, Dhanashree Kulkarni brown-iposs GmbH Friedrich-Breuer-Straße 120 53225 Bonn Germany Fon +49 (0) 228 299 799 80 Fax +49 (0) 228 299 799 84 mailto:birgit.bachm...@brown-iposs.eu www.brown-iposs.eu www.facebook.com/browniposs www.facebook.com/wimap4g Directors: Dr. Bernd Schröder, Karsten Schmeling Trade register: 14385, Country court Bonn VAT-ID: DE814670174 Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -----Ursprüngliche Nachricht----- Von: Aleksandar Lazic [mailto:al...@me2digital.eu] Gesendet: Tuesday, August 07, 2018 6:06 PM An: dhanashree.kulka...@brown-iposs.eu; 'Anton Hughes' <anton.c.hug...@gmail.com> Cc: users@lists.openshift.redhat.com Betreff: Re: error running application using customized image stream Hi. Am 07.08.2018 um 16:23 schrieb dhanashree.kulka...@brown-iposs.eu: > > Hello thank you for taking a look. I checked the link you provided and > tried to change my Dockerfile accordingly but it didn’t seem to work. > > So, I changed the Dockerfile to use a user called “ubuntu” and added > this user to sudoers of container. Still I get the permission error. > > I added following lines in the Dockerfile: > > > > RUN apt-get install -y libreoffice --no-install-recommends > > > > > RUN apt-get install -y sudo && adduser ubuntu && echo "ubuntu > ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu && chmod 4755 > /etc/sudoers.d/ubuntu > > > RUN su - ubuntu > > > > Is it advisable to change default setting of openshift to use anyuser? > Not it's not a good Idea. The main problem is that the https://github.com/openmeetings/openmeetings-docker isn't prepared to run as non root user which is in general not a good idea. You can see this in this lines https://github.com/openmeetings/openmeetings-docker/blob/master/Dockerfile#L30 ENV work /root/work https://github.com/openmeetings/openmeetings-docker/blob/master/scripts/om.sh#L15-L17 I suggest to change the Dockerfile and the om.sh according to the suggestion from Anton in the keycloak dockerfile. https://github.com/jboss-dockerfiles/keycloak/blob/master/server-openshift/Dockerfile#L9-L16 As at Buildtime can you run some tasks as root like yum install but at runtime not. You can change the work to let's say /data/om and do all the work there. At runtime just call '${TOMCAT_PATH}/bin/catalina.sh run' Regards aleks > Best Regards, > > Dhanashree Kulkarni > > > > brown-iposs GmbH > > Friedrich-Breuer-Straße 120 > > 53225 Bonn > > Germany > > > > Fon +49 (0) 228 299 799 80 > > Fax +49 (0) 228 299 799 84 > > mailto:birgit.bachm...@brown-iposs.eu > > www.brown-iposs.eu <http://www.brown-iposs.eu/> > > www.facebook.com/browniposs <http://www.facebook.com/browniposs> > > www.facebook.com/wimap4g <http://www.facebook.com/wimap4g> > > > > Directors: Dr. Bernd Schröder, Karsten Schmeling > > Trade register: 14385, Country court Bonn > > VAT-ID: DE814670174 > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. > Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich > erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail ist nicht gestattet. > > > > This e-mail may contain confidential and/or privileged information. If > you are not the intended recipient (or have received this e-mail in > error) please notify the sender immediately and destroy this e-mail. > Any unauthorised copying, disclosure or distribution of the material > in this e-mail is strictly forbidden. > > > > *Von:*kurren...@gmail.com [mailto:kurren...@gmail.com] *Im Auftrag von > *Anton Hughes > *Gesendet:* Tuesday, August 07, 2018 1:12 PM > *An:* dhanashree.kulka...@brown-iposs.eu > *Cc:* users@lists.openshift.redhat.com > *Betreff:* Re: error running application using customized image stream > > > > By default OpenShift doesnt allow containers to run using root user. > > > > Take a look > at > https://github.com/jboss-dockerfiles/keycloak/blob/master/server-opens > hift/Dockerfile#L9-L16 for an example of giving the permissions and > setting a non-root user. > > > > On 7 August 2018 at 21:38, <dhanashree.kulka...@brown-iposs.eu > <mailto:dhanashree.kulka...@brown-iposs.eu>> wrote: > > Hello, > > My name is Dhanashree Kulkarni. I have installed OpenShift Origin all in > one in a Centos 7 VM running on Proxmox VE. > > I have built a Docker image using a Dockerfile, and created an image > stream using that Docker image and tagged and pushed it in the Docker > registry inside OpenShift. Now when I want to run the application using > this created image stream, it gives me permission error. > > I want to run Apache Openmeetings application inside OpenShift. For that I > have used the Dockerfile created by Maxim Solodovnik > (https://github.com/openmeetings/openmeetings-docker). The ENTRYPOINT in > the Dockerfile seems to create this error. > > **Steps Followed:** > > > > git clone https://github.com/dhanugithub/openmeetings-docker.git > > cd openmeetings-docker > > ls > > docker build -t om-server . > > docker images > > docker login -u openshift –p <TOKEN from web console> > docker-registry-default.apps.x.x.x.x.nip.io > <http://docker-registry-default.apps.x.x.x.x.nip.io> > > oc create is om-server -n mec > > docker tag om-server > docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest > > <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:late > st> > > docker push > docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:latest > > <http://docker-registry-default.apps.x.x.x.x.nip.io/mec/om-server:late > st> > > > > I am attaching the error log which I get after deploying the application. > > If anyone can suggest some corrections, that would be great. > > Thank you. > > > > > > Best Regards, > > Dhanashree Kulkarni > > > > brown-iposs GmbH > > Friedrich-Breuer-Straße 120 > > 53225 Bonn > > Germany > > > > Fon +49 (0) 228 299 799 80 > > Fax +49 (0) 228 299 799 84 > > mailto:birgit.bachm...@brown-iposs.eu > > www.brown-iposs.eu <http://www.brown-iposs.eu/> > > www.facebook.com/browniposs <http://www.facebook.com/browniposs> > > www.facebook.com/wimap4g <http://www.facebook.com/wimap4g> > > > > Directors: Dr. Bernd Schröder, Karsten Schmeling > > Trade register: 14385, Country court Bonn > > VAT-ID: DE814670174 > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail > irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und > vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte > Weitergabe dieser Mail ist nicht gestattet. > > > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and destroy this e-mail. Any > unauthorised copying, disclosure or distribution of the material in this > e-mail is strictly forbidden. > > > > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com <mailto:users@lists.openshift.redhat.com> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > > > > > _______________________________________________ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users