default user inside container?
by Honza Horak
Hey,
having in mind docker images for e.g. python, ruby, nodejs and some
application written in those languages/frameworks already inside the
docker (basically those where there is no specific user to be used like
for daemons for example) -- the application may either run as root or
non-root user (non-root should be preferred way, right?)
For cases we need such a user, this user must have expected HOME, UID
and GID to be possible to match on host, so after inspiring in the
openshift base image (but not copied everything), what about:
ENV HOME /home/default
RUN mkdir -p ${HOME} && \
groupadd -r default -f -g 333 && \
useradd -u 333 -r -g default -d ${HOME} -s /sbin/nologin \
-c "Default Application User" default
Home directory is first problem. May it be something in /home? Or rather
take that user similar to users for daemons and use something like
/var/lib/container-home?
Then, what the UID and GID should be?
Picking one from <1000 would disable this user from some operations,
that check MIN_UID explicitly to behave differently, but maybe it makes
sense -- we can take that user as a special one, not ordinary one;
personally the preferred way.
Picking one from >1000 could provide conflicts on host in case the same
already exists there.
Any ideas?
Honza
8 years, 11 months
Definition of word "ring"
by Petr Hracek
Hi folks,
who are part of Env&Stack group.
Today in the morning I discussed with Honza Horak a bit about rings
and I think that the word ring should be defined.
Can anyone describe what word "ring" means?
If we have another words which should be described I would be glad to
mention it.
On the last meeting I was a bit confused what rings mean
and sometimes I knitted rings with Fedora releases (Workstation, Cloud,
Server). I know :)
Matthew already mentioned some things on the mail last time.
Let's say that I have installed Fedora XY with Fedora Workstation
and I have installed 2 or 3 docker container.
Does it mean that docker container are in ring 3?
Fedora Workstation as image based is in ring 2?
rpmostree is ring1?
And if I develop application based on 2 docker containers like (http
container and database container)
then my application is on ring 4?
Sorry for my misunderstanding but I would like to be sure what rings mean.
--
Petr Hracek
Software Engineer
Developer Experience
Red Hat, Inc
Mob: +420777056169
email: phracek(a)redhat.com
8 years, 11 months
Few updates about Playground repo
by Honza Horak
I've talked to msuchy few days back and this is a short summary what is
the current status of Playground repo in Fedora (*).
Packages that are built in copr are signed. That was a blocker for
playground feature, so thanks Mirek, Adam, Valentin and whole copr crew!
There is also a feature already in copr that allows to set flag for
particular copr, that says the copr is part of playground. This flag may
be set by copr admin, so it will be necessary to have someone (probably
from env-and-stacks) become a copr admin. Actually more members would be
better to cover potential unavailability.
So the process could look like this:
1. copr user asks for being included in the Playground, e.g. via
https://fedorahosted.org/env-and-stacks/report
2. the user describes in the ticket what are the reasons why the package
should be part of playground (what benefit for fedora users it brings)
and what quality can we expect from the package
3. automatic tests are run on all packages from the copr, like:
- no serious issues are found by rpmgrill
- check that all packages from playground have all dependencies
satisfied (because of depended coprs)
- check that no packages from playground conflict with fedora base
4. one of the env-and-stacks members (copr admin) sets the flag in copr
5. (now one of the bellow is done)
5a. yum repo file is created and includes all coprs that have the flat set
5b. yum repo file is updated on users' side
open question, related to 5th step:
We spoke about some common repository, but it may also be just one repo
file with many coprs enabled. The question is where do we want to
refresh the content -- either on copr server or on client computers.
Personally, I'd prefer the first way -- create one repository on copr
server side, so clients just install one repo file once and just
repodata will be updated. That prevents possible issues with copr repo
file updating, we don't have to check if user disabled the repo to not
enable it by mistake etc.
(*) hopefully I haven't forgot or significantly changed the ideas from
last week (Mirku, please, correct if you'll see some nonsense)
Honza
8 years, 11 months
Re: dockerfile lint ui
by Petr Hracek
Hi Phiri,
as Langdon said I am interesting to incorporate a web ui to Fedora.
The plan is to create the web ui in e.g
{docker,containers}.fedoraproject.org page
where users can create their own docker file and of course check the
docker file.
I think that the web ui could be either part of dockerfile_lint directly
or subproject on projectatomic
github like https://github.com/projectatomic/dockerfile_webui/
Would you be able to send me a reference to your code which is used on
the portal?
@Langdon: thanks for introduction.
Greetings
Petr
On 04/09/2015 03:05 PM, Langdon White wrote:
> Petr, meet Lindani; Lindani meet Petr :)
>
> Petr is interested in working on a web ui for dockerfile-lint to stand
> it up in fedora. Could you point him at any of the open source UI work
> that was done for the portal?
>
> Can Petr work with you to get a better understanding of the code to be
> able to do a new UI?
>
> thanks!
>
> langdon
--
Petr Hracek
Software Engineer
Developer Experience
Red Hat, Inc
Mob: +420777056169
email: phracek(a)redhat.com
8 years, 11 months
Agenda for Env-and-Stacks WG meeting (2015-04-16)
by Honza Horak
WG meeting will be at 17:00 UTC (13:00 EST, 19:00 Brno, 13:00 Boston,
2:00+1d Tokyo, 3:00+1d Brisbane) in #fedora-meeting-2 on Freenode.
= Topics =
* Fedora Rings -- how to make Fedora more modular
* Open Floor
8 years, 11 months
Testing Docker containers
by Václav Pavlín
Hello,
We talked to Marek Goldmann from JBoss about their Jenkins CI a bit and
I wanted to share a link with you as testing containers is big topic for
all of us.
https://bitbucket.org/jboss-dockerfiles/tools/src/249621d851f5c1028d4bcea...
Maybe it would be good have a look if it has potential to become a
"standard" way to test containers. (For example with addition of Behave
to make tests more verbose for other users.)
Cheers,
Vašek
--
Lead Infrastructure Engineer
Developer Experience
Brno, Czech Republic
8 years, 11 months
Re: Fwd: Re: Roadmap for Mono packages in Fedora ?
by Honza Horak
Haven't we agreed two weeks ago that playground packages shouldn't
conflict with base system? that means new versions won't be in
playground, for those pure copr should be enough.. the playground is
supposed to be more for packages that cannot be in fedora due packaging
guidelines issues (bundling is great example). At least this what I got
from the meeting two weeks ago..
Honza
On 04/10/2015 02:46 PM, White, Langdon wrote:
> Seems like a great oppty for a playground example... think envs and
> stacks could follow up on this and help these guys get the existing mono
> build they have in to playground while pkg reviews and the like take place?
>
> langdon
>
> ---------- Forwarded message ----------
> From: "Timotheus Pokorra" <timotheus.pokorra(a)solidcharity.com
> <mailto:timotheus.pokorra@solidcharity.com>>
> Date: Apr 10, 2015 2:38 AM
> Subject: Re: Roadmap for Mono packages in Fedora ?
> To: "Development discussions related to Fedora"
> <devel(a)lists.fedoraproject.org <mailto:devel@lists.fedoraproject.org>>
> Cc:
>
> Hello,
>
> this is my first post to this list. My name is Timotheus Pokorra, I am
> from Germany, and I am also interested to get an uptodate version of
> Mono into Fedora and later into CentOS or Epel.
> I am developing and deploying OpenPetra, an administration software
> under GPL for charities and mission organisations, on CentOS.
> https://www.openpetra.org
> I am maintaining Mono packages on OBS for various linux distributions:
> https://build.opensuse.org/project/monitor/home:tpokorra:mono
> Obviously it is quite easy because there are no rules to follow.
> I understand that a distribution like Fedora needs packaging rules,
> and the rules have a good reason.
>
> > I am not working on this currently. Some one should inform upstream
> > that it doesn't build for GCC 5 / C++ 11.
> It seems that Mono 4.0 Alpha1 builds fine on Rawhide:
> https://copr.fedoraproject.org/coprs/elsupergomez/mono-4/build/85185/
>
> I have added a comment to:
> https://bugzilla.redhat.com/show_bug.cgi?id=1089426
>
> IMHO I think we should focus on getting Mono 4.0 into Fedora
> (according to the "First" foundation of Fedora...)
>
> All the best,
> Timotheus
> --
> devel mailing list
> devel(a)lists.fedoraproject.org <mailto:devel@lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
8 years, 11 months
Agenda for Env-and-Stacks WG meeting (2015-04-09)
by Honza Horak
WG meeting will be at 12:00 UTC (9:00 EST, 14:00 Brno, 8:00 Boston,
21:00 Tokyo, 22:00 Brisbane) in #fedora-meeting-2 on Freenode.
= Topics =
* Follow-ups Dockah
* Dockerfiles recommended tips
* Dockerfile lint
* Dockerfiles revisiting
* Open Floor
8 years, 11 months
Dockerlint on Openshift
by Petr Hracek
Hi folks,
I have tried to clone dockerlint
(https://github.com/projectatomic/dockerfile_lint) to OpenShift
http://docker-phracek.rhcloud.com/
But it still returns HTTP 503.
Do you have anybody experience with NodeJS.
I don't have an idea what's going wrong.
At least logs would be good for my analysation.
Tomas Hrcka helps me a lot and it should work but no change now.
dockerfile_lint command works fine with pretty simple DockerFile. I have
checked a DockerFile and it passed.
[docker-phracek.rhcloud.com 54f987584382ec3f840000f5]\> cat
nodejs/conf/DockerFiles
FROM fedora:21
RUN yum install httpd -y
CMD ["ps -ef | grep http"]
[docker-phracek.rhcloud.com 54f987584382ec3f840000f5]\> dockerfile_lint
-f nodejs/conf/DockerFiles
Check passed!
[docker-phracek.rhcloud.com 54f987584382ec3f840000f5]\>
I have assigned myself to Dockerfiles recommended tips. Only for
information and organization.
I am going to update and check when we are able to deliver an updated
DockerFiles (https://github.com/fedora-cloud/Fedora-Dockerfiles) for
Fedora 22 before Fedora F22 GA.
Pull request is going to be available soon.
--
Petr Hracek
Software Engineer
Developer Experience
Red Hat, Inc
Mob: +420777056169
email: phracek(a)redhat.com
8 years, 11 months