1324193 – User ID needs to be non-root for image

Bug 1324193 - User ID needs to be non-root for image

Summary: User ID needs to be non-root for image

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Software Collections
Classification:	Red Hat
Component:	rh-nodejs4-container
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	2.2
Assignee:	Zuzana Svetlikova
QA Contact:	BaseOS QE - Apps
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-05 19:03 UTC by Steve Speicher
Modified:	2016-05-20 12:23 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-20 12:23:13 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Steve Speicher 2016-04-05 19:03:59 UTC

Description of problem:
Get error that can't run on OpenShift due to user id not in acceptable range. Guessing image doesn't specify the 

Version-Release number of selected component (if applicable):
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=485439

How reproducible:
Grab the build, import into OpenShift registry and use as builder image

Actual results:
F0405 18:13:31.879174 1 builder.go:204] Error: build error: image "172.30.18.123:5000/node-exploration/nodejs4@sha256:13ab5bab4172fdc07133fbb682c10a6ef6c7218a333d468854757d8d4881c07e" must specify a user that is numeric and within the range of allowed users


Expected results:
It builds my Node.js app


Additional info:

Comment 1 Ben Parees 2016-04-06 19:02:59 UTC

fyi the existing nodejs image handles this via:
https://github.com/openshift/sti-nodejs/blob/master/0.10/Dockerfile#L40

(among other things that ensure the assemble script, which runs as user 1001, will be successful)

Comment 2 Zuzana Svetlikova 2016-04-19 11:28:12 UTC

Seems to work for me.

Comment 3 Steve Speicher 2016-05-04 17:38:40 UTC

I was able to get this to work on OpenShift 3.2.0.41

Using:
docker pull brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhscl_beta/nodejs-4-rhel7

docker tag brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhscl_beta/nodejs-4-rhel7 registry.dev-preview-int.openshift.com/sspeiche-microservices/nodejs-4-rhel7

docker push registry.dev-preview-int.openshift.com/sspeiche-microservices/nodejs-4-rhel7

Which resulted in:

oc get is nodejs-4-rhel7 -o yaml
apiVersion: v1
kind: ImageStream
metadata:
  creationTimestamp: 2016-05-04T16:25:23Z
  generation: 1
  name: nodejs-4-rhel7
  namespace: sspeiche-microservices
  resourceVersion: "4016395"
  selfLink: /oapi/v1/namespaces/sspeiche-microservices/imagestreams/nodejs-4-rhel7
  uid: cd75a49b-1214-11e6-abb2-0ada84b8265d
spec: {}
status:
  dockerImageRepository: 172.30.94.234:5000/sspeiche-microservices/nodejs-4-rhel7
  tags:
  - items:
    - created: 2016-05-04T16:25:23Z
      dockerImageReference: 172.30.94.234:5000/sspeiche-microservices/nodejs-4-rhel7@sha256:5488d05f38964d490453fad5b2303da247557cde36a7a8a70bafb6e333218ce2
      generation: 1
      image: sha256:5488d05f38964d490453fad5b2303da247557cde36a7a8a70bafb6e333218ce2
    tag: latest

Comment 4 Zuzana Svetlikova 2016-05-20 12:23:13 UTC

If you have no further issues with the image, I'm closing the bug. We have rebuilt the image, so you can also try the latest build.

Note You need to log in before you can comment on or make changes to this bug.