I was following this guide to run the container as non-root user. The user gpadmin
is already created in the image.
But, the container exits immediately if I run the below command:
root@dev01:~# docker run -i -d -v /tmp/$(mktemp -d):/run -p 5432:5432 -p 28080:28080 --user gpadmin --name gpcentos-dev --hostname mdw gpdb-postgres9.4/centos /usr/sbin/sshd -D
adcaf577c0a589987b556824a3413c74381dfe4d9347467891cf47ac18b91743
root@dev01:~# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
adcaf577c0a5 gpdb-postgres9.4/centos "/usr/sbin/sshd -D" 4 seconds ago Exited (1) 2 seconds ago gpcentos-dev
But, when I run the command by skipping --user gpadmin
, the container does not exit immediately.
root@dev01:~# docker run -i -d -v /tmp/$(mktemp -d):/run -p 5432:5432 -p 28080:28080 --name gpcentos-dev --hostname mdw gpdb-postgres9.4/centos /usr/sbin/sshd -D
24f00ec4e531168fb266e7f4616e5fa8f2829112132de211392a9040a0f52d5f
root@dev01:~# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
24f00ec4e531 gpdb-postgres9.4/centos "/usr/sbin/sshd -D" 8 seconds ago Up 7 seconds 22/tcp, 0.0.0.0:5432->5432/tcp, 80/tcp, 0.0.0.0:28080->28080/tcp gpcentos-dev
As I understand -i -t -d
should keep the container running in the background.
EDIT 1: Based on this link of docker best practices , the containers can be run as root. But, all the services should be run using a service user. So, I created a gpadmin
user to start the database.
docker run -i -d -v /tmp/$(mktemp -d):/run -p 5432:5432 -p 28080:28080 --name gpdb-centos --hostname mdw gpdb-postgres9.4/centos /usr/sbin/sshd -D
docker exec -it gpdb-centos sh -c "su - gpadmin -c 'echo 'y' | /home/gpadmin/greenplum_start.sh' && hostname -i"
The -i -t -d
options tell docker to configure a file descriptor for input, configure the input as a pseudo tty (a terminal), and detach that container from your current command prompt. It does not guarantee the container will continue to run, that is up to the command you are running inside the container.
From your output, the command you are running appears to be "/usr/sbin/sshd -D" which would need root access to bind to port 22, read configuration files in /etc, and write to files in /var.
To debug commands failing inside containers, you should review the logs and inspect the container to see what failed and why. Commands for that are:
docker logs $container_id
docker inspect $container_id
where $container_id
would be 24f00ec4e531
in your example.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.