The USER directive in dockerfile are just the hint for the runtime. Even with a local docker daemon, you can start your image with
$ docker run -it --rm -u 100001:0 busybox
and then in the container, you will see
/ $ id
uid=100001 gid=0(root)
The USER 10001 directive we add at the end of all dockerfiles are just to inform the user that those image are made to not run as root.
Now, regarding Openshift, in the background it does something like this:
$ docker run -it --rm -u 100010000:0 yourrepo/yourimage
So what matters is to be ready to run as non root.
If you still face issue, feel free to paste your dockerfile here.
Cheers,
Mikaël Barbero
Team Lead - Release Engineering | Eclipse Foundation 📱 (+33) 642 028 039 | 🐦 @mikbarbero
Thanks Frederic, indeed it worked for the jnlp agent :)
Is that correct?
Hi,
In "sshagent ( ['project-storage.eclipse.org-bot-ssh'])" you have to use
the ID (a sequence of numbers). You can use the pipeline syntax
generator to select the right credential and see the corresponding ID.
Obviously the wiki was misleading in that regard. I will improve the
section covering that topic.
Regards,
Fred
On 20.03.19 11:39, Olivier Delcroix wrote:
> Hi folks,
>
> I've been struggling with the ssh agent yersterday with my custom
> container. I can't get rid of the 100010000 user error. I have modified
> my container based on the
> example https://github.com/eclipse-cbi/dockerfiles to run the
> appropriate script in ENTRYPOINT, but I must have missed something.
>
> By the way, in the previous examples, the user is 10001 whereas in the
> openshift it is 100010000, am I understanding it right?
>
> --
>
> So today, I'm trying something much simpler, I execute the following
> basic pipeline within the default container, but I'm getting the error
> "genie.keyple@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> <mailto:genie.keyple@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>: Permission denied
> (publickey,keyboard-interactive)."
>
> pipeline {
> agent any
> stages {
> stage('Test SSH') {
> steps {
> sshagent ( ['project-storage.eclipse.org-bot-ssh']) {
> sh '''
> ssh genie.keyple@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> <mailto:genie.keyple@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> mkdir -p
> /home/data/httpd/download.eclipse.org/keyple/snapshots
> <http://download.eclipse.org/keyple/snapshots>
> '''
> }
> }
> }
> }
> }
>
> --
>
> I've been through all the wiki and docs, I think I have reached the
> limits of my capabilities in terms of k8/docker/openshift/devops...
> could I get a hand from someone on my pipelines? I am a bit desperate :)
> do I sound like it?
>
> If you want to have a quick look :
> First pipeline is here
> : https://jenkins.eclipse.org/keyple/job/test_ssh_pipeline/
> Second is here : https://jenkins.eclipse.org/keyple/job/test_jnlp_ssh/
>
> my custom container is attached
>
> Thanks in advance!
> Olivier
>
> _______________________________________________
> cbi-dev mailing list
> cbi-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/cbi-dev
>
--
Frederic Gurr
Release Engineer | Eclipse Foundation Europe GmbH
Annastr. 46, D-64673 Zwingenberg
Handelsregister: Darmstadt HRB 92821
Managing Directors: Ralph Mueller, Mike Milinkovich, Chris Laroque
_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/cbi-dev
_______________________________________________ cbi-dev mailing list cbi-dev@xxxxxxxxxxxTo change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cbi-dev
|