Comments (12)
The main thing would be adding
RUN groupadd -g 999 appuser && \
useradd -r -u 999 -g appuser appuser
USER appuser
to your dockerfile, but that's just the start. Then you need to chown the appropriate files and directories. I am not sure how big of an impact that would have on your codebase
from allure-docker-service.
@nicodevries let me find a solution for this.
from allure-docker-service.
@nicodevries I will release a beta version in a few mins to be checked for you.
from allure-docker-service.
@nicodevries can you check the beta version and please let me know if the fix works. Thank you
image: "frankescobar/allure-docker-service:beta"
from allure-docker-service.
I tried it out and unfortunately it still didn't work. I investigated some more and found out that the platform always runs containers as a random, low-privileged user (overriding any USER command from Dockerfile). In order to have this user be able to run the app, the necessary directories would have to be in the group root. So my guess would be that using --chown=allure:root
should work, but I'm not a hundred percent sure since user management is not really my expertise.
It seems to me that this policy on the platform is mainly designed to protect from containers escalating privileges to the host, and not so much to protect the insides of the container from being changed at runtime.
from allure-docker-service.
@nicodevries can you attach the full log and specify what commands are you using to run the container?
And tell me what is your platform and what public containers work in that platform.
Thanks
from allure-docker-service.
I'm trying to run on an Openshift platform by using the following yaml:
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
name: allure-service
spec:
selector:
matchLabels:
app: allure-service
replicas: 1
template:
metadata:
labels:
app: allure-service
spec:
containers:
- name: allure-service
image: frankescobar/allure-docker-service:beta
ports:
- name: html
containerPort: 4040
- name: api
containerPort: 5050
I am not sure on what docker command this is translated into.
The resulting log is:
ALLURE_VERSION: 2.13.1
--
| Generating default report
| Generating report
| Configuration by default
| Checking Allure Results every 1 second/s
| * Serving Flask app "app" (lazy loading)
| * Environment: production
| WARNING: This is a development server. Do not use it in a production deployment.
| Use a production WSGI server instead.
| * Debug mode: off
| * Running on http://0.0.0.0:5050/ (Press CTRL+C to quit)
| Could not generate report
| java.nio.file.AccessDeniedException: /app/allure-report/history
| at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
| at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
| at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
| at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(Unknown Source)
| at java.base/java.nio.file.Files.createDirectory(Unknown Source)
| at java.base/java.nio.file.Files.createAndCheckIsDirectory(Unknown Source)
| at java.base/java.nio.file.Files.createDirectories(Unknown Source)
| at io.qameta.allure.CommonJsonAggregator.aggregate(CommonJsonAggregator.java:51)
| at io.qameta.allure.CompositeAggregator.aggregate(CompositeAggregator.java:43)
| at io.qameta.allure.ReportGenerator.aggregate(ReportGenerator.java:53)
| at io.qameta.allure.ReportGenerator.generate(ReportGenerator.java:70)
| at io.qameta.allure.ReportGenerator.generate(ReportGenerator.java:58)
| at io.qameta.allure.Commands.generate(Commands.java:104)
| at io.qameta.allure.CommandLine.run(CommandLine.java:152)
| at io.qameta.allure.CommandLine$$Lambda$9.00000000C848B6E0.get(Unknown Source)
| at java.base/java.util.Optional.orElseGet(Unknown Source)
| at io.qameta.allure.CommandLine.main(CommandLine.java:88)
| 127.0.0.1 - - [24/Jan/2020 09:49:17] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| Detecting results changes...
| Generating report
| 127.0.0.1 - - [24/Jan/2020 09:49:20] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| Could not generate report
| java.nio.file.AccessDeniedException: /app/allure-report/history
| at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
| at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
| at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
| at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(Unknown Source)
| at java.base/java.nio.file.Files.createDirectory(Unknown Source)
| at java.base/java.nio.file.Files.createAndCheckIsDirectory(Unknown Source)
| at java.base/java.nio.file.Files.createDirectories(Unknown Source)
| at io.qameta.allure.CommonJsonAggregator.aggregate(CommonJsonAggregator.java:51)
| at io.qameta.allure.CompositeAggregator.aggregate(CompositeAggregator.java:43)
| at io.qameta.allure.ReportGenerator.aggregate(ReportGenerator.java:53)
| at io.qameta.allure.ReportGenerator.generate(ReportGenerator.java:70)
| at io.qameta.allure.ReportGenerator.generate(ReportGenerator.java:58)
| at io.qameta.allure.Commands.generate(Commands.java:104)
| at io.qameta.allure.CommandLine.run(CommandLine.java:152)
| at io.qameta.allure.CommandLine$$Lambda$9.0000000038486D90.get(Unknown Source)
| at java.base/java.util.Optional.orElseGet(Unknown Source)
| at io.qameta.allure.CommandLine.main(CommandLine.java:88)
| 127.0.0.1 - - [24/Jan/2020 09:49:20] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:22] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:22] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:24] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:24] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:26] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:26] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:28] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| 127.0.0.1 - - [24/Jan/2020 09:49:28] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| Timeout requesting http://localhost:5050/emailable-report/render after 7 attempts
| 127.0.0.1 - - [24/Jan/2020 09:49:30] "GET /emailable-report/render HTTP/1.1" 400 -
| Retrying call http://localhost:5050/emailable-report/render in 2 seconds
| Starting web server...
| 2020-01-24 09:49:30.663:INFO::main: Logging initialized @464ms to org.eclipse.jetty.util.log.StdErrLog
| Can not open browser because this capability is not supported on your platform. You can use the link below to open the report manually.
| Server started at <http://172.35.4.82:4040/> . Press <Ctrl+C> to exit
| Timeout requesting http://localhost:5050/emailable-report/render after 7 attempts
from allure-docker-service.
@nicodevries can you tell me what other public containers are working on that platform? On that way, I could check the Dockerfile and copy the solution.
from allure-docker-service.
I could not find any public containers running directly, they are only used as bases for other images.
I did find the following Dockerfile command:
RUN \
chmod g=u /usr/share/filebeat && \
chgrp -R 0 /usr/share/filebeat
This is used in a dockerfile for an application that runs on the platform. It appears to set the group ownership of the directory where stuff needs to be written to 0 (the root group)
So I think that changing that to:
RUN \
chmod g=u /app/allure-report && \
chgrp -R 0 /app/allure-report
could work in this case.
I'm afraid that's the best I can do. Maybe this is getting too specific and I should just create my own image with yours as a base image.
from allure-docker-service.
@nicodevries you are right. In this case, this platform is too specific with their requirements about docker containers. The same I will release your suggestion about the root user. Thank you so much.
from allure-docker-service.
Thanks for the efforts
from allure-docker-service.
@nicodevries did you try overriding the user/group -u 1000:1000
? version: 2.13.1
DevExpress/testcafe#2875 (comment)
from allure-docker-service.
Related Issues (20)
- ls: cannot access '/app/allure-docker-api/static/projects/default/reports': No such file or directory HOT 2
- Doing any updates on vulnerabilities in 2.21.0 version HOT 1
- Users/Roles HOT 1
- Use S3 as volume for reports HOT 1
- Can you upload docker image with newest version of Allure(2.24) ? HOT 1
- not creting project HOT 1
- The access token has expired - redirect to login page? HOT 1
- Skip create Report leatest folder HOT 1
- Issue with Allure Docker Service for Multiple Maven Projects HOT 1
- Is there a way to see more than 20 reports in dropdown on UI?
- Is this project actively maintained? HOT 1
- Testcase history tab showing same date time
- Testcase history tab showing same date time for different runs
- Testcase history tab showing same date time for different runs HOT 3
- Error Generating Report API: 'Processing files for project_id 'project_demo'. Please Retry Later.' HOT 5
- Status Code 413 when sending highpayload HOT 2
- Integration with s3 as a storage for reports HOT 1
- Ignore index.html in the URL
- Project name convention
- If there is a "0" in the project name, the script does not clear old reports. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from allure-docker-service.