openshift/node docker container fails with HOST_ETC: unbound variable - openshift-origin

After downloading openshift/node Docker container the container fails to run:
$ docker logs 64e3eeb60cbc
/usr/local/bin/origin-node-run.sh: line 15: HOST_ETC: unbound variable
This is on Windows 7 with Docker Quickstart Terminal. I ran it with
docker run -d openshift/node
Probably I need to set HOST_ETC in the command line or elsewhere, but I can find no documentation on using this Docker image, so would like some guidance on what to fix here, and any other additional settings that might be required but undocumented.
Thanks for any expert advice here.

The official documentation is telling to start the container this way:
$ sudo docker run -d --name "origin" \
--privileged --pid=host --net=host \
-v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys -v /var/lib/docker:/var/lib/docker:rw \
-v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes \
openshift/origin start

Related

GraphDB Docker Container Fails to Run: adoptopenjdk/openjdk12:alpine

When using the standard DockerFile available here, GraphDB fails to start with the following output:
Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME
Looking into it, the DockerFile uses adoptopenjdk/openjdk11:alpine which was recently updated to Alpine 3.14.
If I switch to an older Docker image (or use adoptopenjdk/openjdk12:alpine) then GraphDB starts without a problem.
How can I fix this while still using the latest version of adoptopenjdk/openjdk11:alpine?
Below is the DockerFile:
FROM adoptopenjdk/openjdk11:alpine
# Build time arguments
ARG version=9.1.1
ARG edition=ee
ENV GRAPHDB_PARENT_DIR=/opt/graphdb
ENV GRAPHDB_HOME=${GRAPHDB_PARENT_DIR}/home
ENV GRAPHDB_INSTALL_DIR=${GRAPHDB_PARENT_DIR}/dist
WORKDIR /tmp
RUN apk add --no-cache bash curl util-linux procps net-tools busybox-extras wget less && \
curl -fsSL "http://maven.ontotext.com/content/groups/all-onto/com/ontotext/graphdb/graphdb-${edition}/${version}/graphdb-${edition}-${version}-dist.zip" > \
graphdb-${edition}-${version}.zip && \
bash -c 'md5sum -c - <<<"$(curl -fsSL http://maven.ontotext.com/content/groups/all-onto/com/ontotext/graphdb/graphdb-${edition}/${version}/graphdb-${edition}-${version}-dist.zip.md5) graphdb-${edition}-${version}.zip"' && \
mkdir -p ${GRAPHDB_PARENT_DIR} && \
cd ${GRAPHDB_PARENT_DIR} && \
unzip /tmp/graphdb-${edition}-${version}.zip && \
rm /tmp/graphdb-${edition}-${version}.zip && \
mv graphdb-${edition}-${version} dist && \
mkdir -p ${GRAPHDB_HOME}
ENV PATH=${GRAPHDB_INSTALL_DIR}/bin:$PATH
CMD ["-Dgraphdb.home=/opt/graphdb/home"]
ENTRYPOINT ["/opt/graphdb/dist/bin/graphdb"]
EXPOSE 7200
The issue comes from an update in the base image. From a few weeks adopt switched to alpine 3.14 which has some issues with older container runtime (runc). The issue can be seen in the release notes: https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0
Updating your Docker will fix the issue. However, if you don't wish to update your Docker, there's a workaround.
Some additional info:
The cause of the issue is that for some reason containers running in older docker versions and alpine 3.14 seem to have issues with the test flag "-x" so an if [ -x /opt/java/openjdk/bin/java ] returns false, although java is there and is executable.
You can workaround this for now by
Pull the GraphDB distribution
Unzip it
Open "setvars.in.sh" in the bin folder
Find and remove the if block around line 32
if [ ! -x "$JAVA" ]; then
echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME"
exit 1
fi
Zip it again and provide it in the Dockerfile without pulling it from maven.ontotext.com
Passing it to the Dockerfile is done with 'ADD'
You can check the GraphDB free version's Dockerfile for a reference on how to pass the zip file to the Dockerfile https://github.com/Ontotext-AD/graphdb-docker/blob/master/free-edition/Dockerfile

How to make tensorflow-serving example work

I am trying out the tensorflow example from the tutorial page
at the third step
# Start TensorFlow Serving container and open the REST API port
docker run -t --rm -p 8501:8501 \
-v "$TESTDATA/saved_model_half_plus_two_cpu:/models/half_plus_two" \
-e MODEL_NAME=half_plus_two \
tensorflow/serving &
I get the following error message
2020-07-19 11:54:52.858203: E tensorflow_serving/sources/storage_path/file_system_storage_path_source.cc:362] FileSystemStoragePathSource encountered a filesystem access error: /models/half_plus_two; Permission denied
This is continuously repeated. I have installed the demo model as mentioned in the tutorial.
git clone https://github.com/tensorflow/serving
TESTDATA="$(pwd)/serving/tensorflow_serving/servables/tensorflow/testdata"
Can someone please help what am i missing? I am just starting off on the serving part.
Thanks
Krishnan
The problem could be with your -v parameter where you are binding the path.
Try (Change the source parameter):
docker run -p 8501:8501 --mount type=bind,\
source=/path/to/yourmodels/,\
target=/models/half_plus_two/1 \
-e MODEL_NAME=half_plus_two -t tensorflow/serving

docker-selenium on customized /etc/hosts file ?

I have an docker image that contains a maven selenium project, and it is to test on host "dev-mock.abc.com". Following is my docker command to trigger the selenium tests to be executed.
docker run --rm --privileged \
--add-host="dev-mock.abc.com:123.45.67.89" \
${selenium-image}
What I have found is, during the runtime, the /etc/hosts of that container has been updated with this entry: "123.45.67.89 dev-mock.abc.com", but during the selenium execution, it still can not solve this "dev-mock.abc.com" name.
Does anyone know if selenium gets the customized entries in the /etc/hosts file, when it is being executed ? Thanks.
Maybe /etc/nsswitch.conf with correct content in your container is missing, so selenium "skips" /etc/hosts and is trying to use DNS. Try:
echo "hosts: files dns" > /tmp/nsswitch.conf
docker run --rm --privileged \
--volume /tmp/nsswitch.conf:/etc/nsswitch.conf \
--add-host="dev-mock.abc.com:123.45.67.89" \
${selenium-image}
Another option will be to edit /etc/hosts on your host OS and then use host OS networking for selenium container:
docker run --rm --privileged \
--net=host \
${selenium-image}

Error while running docker container

I am running a docker image using the following command.
docker run -it -p 8080:8080 -p 29418:29418 --rm \
-e AUTH_TYPE='DEVELOPMENT_BECOME_ANY_ACCOUNT' \
-v /home/gerrit-site:/home/gerrit/site \
-v /home/nidhi/.ssh/id_rsa.pub:/root/.ssh/id_admin_rsa.pub \
-v /home/nidhi/.ssh/id_rsa:/root/.ssh/id_admin_rsa \
-e GERRIT_ADMIN_USER='admin' \
-e GERRIT_ADMIN_EMAIL='admin#fabric8.io' \
-e GERRIT_ADMIN_FULLNAME='Administrator' \
-e GERRIT_ADMIN_PWD='mysecret' \
-e GERRIT_ADMIN_PRIVATE_KEY='/home/gerrit/ssh-keys/id_admin_rsa' \
-e GERRIT_PUBLIC_KEYS_PATH='/home/gerrit/ssh-keys' \
-v /home/nidhi/.ssh:/home/gerrit/ssh-keys \
--name gerrit admin_gerrit
I know the command is right cause I had used this command before and it worked perfectly fine. But now, when I run this command I get the following error,
Error response from daemon: Cannot start container 2c9514c3b0d953344e66525d083c7ec3921cb9cde2185f43ec3bec2579597485: stat /home/nidhi/.ssh/id_rsa: permission denied
I checked the permission for the ssh public and private keys. The permission is 700 and is owned by nidhi. Please can someone point out what my error is.
When docker runs, the uid in your container will likely not match the uid on the host. So with a host volume containing files with 700 permissions, that will not be readable by the uid inside the container. Three options come to mind:
To keep the 700 permissions and same image, you'd need to chown the file on the host to match the uid inside the container.
You can use a named volume instead of a host volume, add your credentials to that named volume, and then set permissions inside there to match the containers where you'll use the volume.
Or you can use a different image that's been rebuilt to change the uid to match your own on the host.

Docker HTTPS access - ONLYOFFICE3

I'm following the ONLYOFFICE Docker documentation
(GITHUB ONLYOFFICE docker HTTPS access) to get ONLYOFFICE
documentserver and communityserver running with HTTPS.
What I've tried:
1.
I've created the cert files (.crt, .key, .pem) like mentioned in the documentation. After that I created a file named env.list in my home dir /home/jw/data/ with the following content:
SSL_CERTIFICATE_PATH=/opt/onlyoffice/Data/certs/onlyoffice.crt
SSL_KEY_PATH=/opt/onlyoffice/Data/certs/onlyoffice.key
SSL_DHPARAM_PATH=/opt/onlyoffice/Data/certs/dhparam.pem
SSL_VERIFY_CLIENT=true
2.
After that I added the directory /home/jw/data/ to my $PATH environment
variable:
PATH=$PATH:/home/jw/data/; export PATH
3.
On the same shell I started the docker container like this:
sudo docker run -i -t -d --name onlyoffice-document-server -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file /home/jw/data/env.list onlyoffice/documentserver
4.
The documentserver is running fine. After that I've started the
communityserver with:
sudo docker run -i -t -d --link onlyoffice-document-server:document_server --env-file /home/jw/data/env.list onlyoffice/communityserver
5.
With the command docker ps -a I see booth docker containers running fine:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4f573111f2e5 onlyoffice/communityserver "/bin/sh -c 'bash -C " 29 seconds ago Up 28 seconds 80/tcp, 443/tcp, 5222/tcp lonely_mcnulty
23543300fa51 onlyoffice/documentserver "/bin/sh -c 'bash -C " 42 seconds ago Up 41 seconds 80/tcp, 0.0.0.0:443->443/tcp onlyoffice-document-server
But when I'm trying to access https://localhost there is an error "Secure
Connection Failed" in Firefox.
Did I miss something?
Okay got it:
I've changed the environment variables in env.list to:
SSL_CERTIFICATE_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.crt
SSL_KEY_PATH=/var/www/onlyoffice/Data/certs/onlyoffice.key
SSL_DHPARAM_PATH=/var/www/onlyoffice/Data/certs/dhparam.pem
After that used the following command to run ONLY the documentserver:
sudo docker run -i -t -d --name onlyoffice-document-server -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file /home/jw/data/env.list onlyoffice/documentserver
The ONLYOFFICE OnlineEditor API is now available over HTTPS:
https://localhost/OfficeWeb/apps/api/documents/api.js
If you want to use CommunityServer with HTTPS just change the run command above to:
sudo docker run -i -t -d --name onlyoffice-community-server -p 443:443 -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data --env-file /home/<username>/env.list onlyoffice/communityserver
Thank you anyway!