Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(docker): allow the zebra user access to relevant dirs #8817

Merged
merged 2 commits into from
Aug 29, 2024
Merged

fix(docker): allow the zebra user access to relevant dirs #8817

merged 2 commits into from
Aug 29, 2024

Conversation

gustavovalverde
Copy link
Member

@gustavovalverde gustavovalverde commented Aug 29, 2024
edited by arya2
Loading

Motivation

When running a Zebra node using Docker without a privileged user, you won't be able to modify some files and directories, not even the ones in the current directory, as the zebra user has no permission to /.

Solution

The best way to solve this is making the /opt/zebrad the current WORKDIR. This also requires moving the entrypoint.sh from the root / directory to /etc/zebrad as this directory is used to save configuration, and other files.

An APP_HOME ARG is used as not all platforms where a Docker container is deployed allows writting permissions to the /opt directory. This allow some users to re-build the image with a custom WORKDIR

PR Author's Checklist

  • The PR name will make sense to users.
  • The PR provides a CHANGELOG summary.
  • The solution is tested.
  • The documentation is up to date.
  • The PR has a priority label.

PR Reviewer's Checklist

  • The PR Author's checklist is complete.
  • The PR resolves the issue.

@gustavovalverde
fix(docker): allow the zebra user access to relevant dirs
0b03488 
When runnning a Zebra node using Docker without a privileged user, you won't be able to modify some files and directories, not even the ones in the current directory, as the `zebra` user has no permission to `/`.

The best way to solve this is making the `/opt/zebrad` the current `WORKDIR`. This also requires moving the `entrypoint.sh` from the root `/` directory to `/etc/zebrad` as this directory is used to save configuration, and other files.

An `APP_HOME` ARG is used as not all platforms where a Docker container is deployed allows writting permissions to the `/opt` directory. This allow some users to re-build the image with a custom `WORKDIR`
@gustavovalverde gustavovalverde added A-devops Area: Pipelines, CI/CD and Dockerfiles C-enhancement Category: This is an improvement I-usability Zebra is hard to understand or use P-Critical 🚑 labels Aug 29, 2024
@gustavovalverde gustavovalverde self-assigned this Aug 29, 2024
@gustavovalverde gustavovalverde requested a review from a team as a code owner August 29, 2024 18:36
@gustavovalverde gustavovalverde requested review from arya2 and removed request for a team August 29, 2024 18:36
@gustavovalverde
fix(docker): allow starting the container without a zebrad command
014e356 
As `gosu` is just required and available in our `runtime` image, trying to run `docker run -it --rm  --name tests -t zfnd/zebra:<pr> /bin/bash` in other stages will fail, as `gosu` is not available.
@gustavovalverde gustavovalverde mentioned this pull request Aug 29, 2024
Merged
7 tasks
@mergify mergify bot merged commit cdb9efd into main Aug 29, 2024
133 checks passed
@mergify mergify bot deleted the fix-unprivileged-docker branch August 29, 2024 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arya2 arya2 arya2 approved these changes

Assignees

@gustavovalverde gustavovalverde

Labels
A-devops Area: Pipelines, CI/CD and Dockerfiles C-enhancement Category: This is an improvement I-usability Zebra is hard to understand or use P-Critical 🚑
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gustavovalverde @arya2