admin管理员组文章数量:1357377
I want to create an image with Podman which has to be deployed first to Openshift local (under windows) for testing and later to an Openshift stack. The image is based on quay.io/wildfly/wildfly:33.0.2.Final
The requirement is, that the contained Wildfly server runs with an user with an uid > 1000000000
Podman is installed on Windows based on Hyperv
podman version
Client: Podman Engine
Version: 5.3.2
API Version: 5.3.2
Go Version: go1.23.5
Git Commit: 85043bb1a3818102194afa82845cb63841067c9c
Built: Wed Jan 22 14:42:46 2025
OS/Arch: windows/amd64
Server: Podman Engine
Version: 5.3.2
API Version: 5.3.2
Go Version: go1.23.4
Built: Wed Jan 22 01:00:00 2025
OS/Arch: linux/amd64
First ein generate a base image xxx/wildfly-base:v1 with some more tools (vim, find, etc).
podman build --log-level debug -t xxx/barch:v1 -f containerbase-test.00.cfg
FROM quay.io/wildfly/wildfly:33.0.2.Final-jdk21 AS BUILDER
USER root
RUN microdnf update -y
RUN microdnf install -y vim
RUN microdnf install -y procps-ng
RUN microdnf install -y findutils
RUN microdnf install -y net-tools
RUN microdnf clean all
In the next step I try to build this image
FROM xxx/base:v1 AS BUILDER
USER root
ENV JBOSS_ROOT=/opt/jboss
RUN groupadd -g 996 -r test
RUN useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
but I receive an error
STEP 6/7: RUN useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
useradd warning: wildfly's uid 1000860000 is greater than SYS_UID_MAX 999
Error: committing container for step {Env:[PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin container=oci JAVA_HOME=/opt/java/openjdk LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 JAVA_VERSION=jdk-21.0.4+7 WILDFLY_VERSION=33.0.2.Final WILDFLY_SHA1=a42e8cb6a83931a8f85c7064cb7220e16c6dc0c9 JBOSS_HOME=/opt/jboss/wildfly LAUNCH_JBOSS_IN_BACKGROUND=true JBOSS_ROOT=/opt/jboss] Command:run Args:[useradd -u 1000860000 -r -g basys3 -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly] Flags:[] Attrs:map[] Message:RUN useradd -u 1000860000 -r -g basys3 -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly Heredocs:[] Original:RUN useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly}: copying layers and metadata for container "aaa965ffeb6ac839967defed92e794cf985c949ad49efada546829b61e46edc9": initializing source containers-storage:e88b4a2b6ac8-working-container: storing layer "eb932967ff2edf3f3307cea683119c17c396896c4b102553d49f717961a68013" to file: reading tar archive: copying content for "var/log/lastlog": write /var/tmp/buildah1105374746/layer: no space left on device on pipe close
Based on this hint regarding the SYS_UID_MAX limit, I adjust the limits in /etc/login.defs inside the buildfile and run the podman build again
FROM xxx/base:v1 AS BUILDER
USER root
ENV JBOSS_ROOT=/opt/jboss
RUN sed -i 's/^SYS_UID_MAX.*/SYS_UID_MAX 2000000000/' /etc/login.defs
RUN sed -i 's/^UID_MIN.*/UID_MIN 2000000001/' /etc/login.defs
RUN sed -i 's/^UID_MAX.*/UID_MAX 3000000000/' /etc/login.defs
RUN groupadd -g 996 -r test
RUN useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
In this trial I receive this error:
STEP 9/9: RUN useradd -u 1000860000 -r -g basys3 -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
COMMIT xxx/barch:v1
Error: committing container for step {Env:[PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin container=oci JAVA_HOME=/opt/java/openjdk LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 JAVA_VERSION=jdk-21.0.4+7 WILDFLY_VERSION=33.0.2.Final WILDFLY_SHA1=a42e8cb6a83931a8f85c7064cb7220e16c6dc0c9 JBOSS_HOME=/opt/jboss/wildfly LAUNCH_JBOSS_IN_BACKGROUND=true JBOSS_ROOT=/opt/jboss] Command:run Args:[useradd -u 1000860000 -r -g basys3 -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly] Flags:[] Attrs:map[] Message:RUN useradd -u 1000860000 -r -g basys3 -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly Heredocs:[] Original:RUN useradd -u 1000860000 -r -g basys3 -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly}: copying layers and metadata for container "ae4d48a998d79d986c63f4f5600ba5f8e68b6045c9c337948985f6f63a8bd4a8": initializing source containers-storage:5ef8a62593f5-working-container: storing layer "1682410edac9f22700fbe5abbf0faabfc4581308ccd687899b5f1d8f2a4d6877" to file: reading tar archive: copying content for "var/log/lastlog": write /var/tmp/buildah317096128/layer: no space left on device on pipe close
I don't see any hint for the error. Because of less information I try now to run the xxx/base:v1 and do the steps manually
podman run -d --name base xxx/base:v1
and start a bash
podman exec -it base /bin/bash
then I enter the commands line by line:
[root@3e56a429eef5 jboss]# export JBOSS_ROOT=/opt/jboss
[root@3e56a429eef5 jboss]# sed -i 's/^SYS_UID_MAX.*/SYS_UID_MAX 2000000000/' /etc/login.defs
[root@3e56a429eef5 jboss]# sed -i 's/^UID_MIN.*/UID_MIN 2000000001/' /etc/login.defs
[root@3e56a429eef5 jboss]# sed -i 's/^UID_MAX.*/UID_MAX 3000000000/' /etc/login.defs
[root@3e56a429eef5 jboss]# groupadd -g 996 -r test
[root@3e56a429eef5 jboss]# useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
[root@3e56a429eef5 jboss]# cd ..
[root@3e56a429eef5 opt]# chown -R wildfly:test $JBOSS_ROOT
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/.installation': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/.well-known/acme-challenge': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/.well-known': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/appclient/configuration/hashes': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/appclient/configuration': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/appclient': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/bin/client/hashes': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/bin/client': Invalid argument
chown: changing ownership of '/opt/jboss/wildfly/.galleon/hashes/bin/hashes': Invalid argument
It seems the useradd has properly worked, but if I want to change the ownership of /opt/jboss I receive the next errors.
The underlying Linux is
cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="9.5 (Plow)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="9.5"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Red Hat Enterprise Linux 9.5 (Plow)"
ANSI_COLOR="0;31"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
HOME_URL="/"
DOCUMENTATION_URL=";
BUG_REPORT_URL="/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
REDHAT_BUGZILLA_PRODUCT_VERSION=9.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.5"
Can you please help me: How can I create this user
useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
and change the permissions from /opt/jboss to this user
chown -R wildfly:test $JBOSS_ROOT
inside an image build using Podman under Windows?
--------------------------EDIT----------------------------
I have now changed the setup: I went from podman@hyperv to podman@wsl. Now I have two rhel9 instances in wsl. One with docker and one with podman installed.
I am now able to enter the comands step by step. It seems there was a problem with podman running under hyperv??? However I have the same results when entering the comands in docker and in podman.
As in the first experimental setup, I create a base image:
podman build --log-level debug -t xxx/base:v1 -f containerbase-test.00.cfg
FROM quay.io/wildfly/wildfly:33.0.2.Final-jdk21 AS BUILDER
USER root
RUN microdnf update -y
RUN microdnf install -y vim
RUN microdnf install -y procps-ng
RUN microdnf install -y findutils
RUN microdnf install -y net-tools
RUN microdnf clean all
Then I run this image (in docker and in podman also) and logon
podman run -d --name base xxx/base:v1
podman exec -it base /bin/bash
I enter these comands step I step
export JBOSS_ROOT=/opt/jboss
sed -i 's/^SYS_UID_MAX.*/SYS_UID_MAX 2000000000/' /etc/login.defs
sed -i 's/^UID_MIN.*/UID_MIN 2000000001/' /etc/login.defs
sed -i 's/^UID_MAX.*/UID_MAX 3000000000/' /etc/login.defs
groupadd -g 996 -r test
useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
chown -R wildfly:test $JBOSS_ROOT
id wildfly
uid=1000860000(wildfly) gid=996(test) groups=996(test)
cat /etc/passwd | grep -i wildfly
wildfly:x:1000860000:996:WildFly user:/opt/jboss:/sbin/nologin
ls -l
drwxrwxr-x 1 wildfly test 4096 Sep 16 2024 wildfly
-> and it is working
But when I bring the comands in a docker file and try out a build. (I built it parallel: one in docker and one with podman) It has taken a very long time. And the image size will grow up to 300GB. Building in docker took about half an hour. Building in podman took about 2hours.
podman build --log-level debug -t xxx/barch:v1 -f containerbase-test.03.cfg
FROM xxx/base:v1 AS builder
USER root
ENV JBOSS_ROOT=/opt/jboss
RUN sed -i 's/^SYS_UID_MAX.*/SYS_UID_MAX 2000000000/' /etc/login.defs
RUN sed -i 's/^UID_MIN.*/UID_MIN 2000000001/' /etc/login.defs
RUN sed -i 's/^UID_MAX.*/UID_MAX 3000000000/' /etc/login.defs
RUN groupadd -g 996 -r test
RUN useradd -u 1000860000 -r -g test -d $JBOSS_ROOT -s /sbin/nologin -c "WildFly user" wildfly
RUN chown -R wildfly:test $JBOSS_ROOT
[root@DE-PF1X98TD user]# DOCKER_BUILDKIT=1 docker build -t xxx/barch:v1 -f containerbase-test.03.cfg .
[+] Building 1649.6s (11/11) FINISHED docker:default
=> [internal] load build definition from containerbase-test.03.cfg 0.0s
=> => transferring dockerfile: 488B 0.0s
=> [internal] load metadata for xxx/base:v1 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/7] FROM xxx/base:v1 0.1s
=> [2/7] RUN sed -i 's/^SYS_UID_MAX.*/SYS_UID_MAX 2000000000/' /etc/login.defs 0.8s
=> [3/7] RUN sed -i 's/^UID_MIN.*/UID_MIN 2000000001/' /etc/login.defs 0.5s
=> [4/7] RUN sed -i 's/^UID_MAX.*/UID_MAX 3000000000/' /etc/login.defs 0.5s
=> [5/7] RUN groupadd -g 996 -r test 0.8s
=> [6/7] RUN useradd -u 1000860000 -r -g test -d /opt/jboss -s /sbin/nologin -c "WildFly user" wildfly 0.9s
=> [7/7] RUN chown -R wildfly:test /opt/jboss 11.7s
=> exporting to image 1634.0s
=> => exporting layers 1633.9s
=> => writing image sha256:a1d0cdf7bce6dcf19dce2fddcfc3b5c45f8df91877651cd40b1722f7b590655e 0.0s
=> => naming to xxx/barch:v1 0.0s
[root@DE-PF1X98TD user]# docker image list
REPOSITORY TAG IMAGE ID CREATED SIZE
xxx/barch v1 a1d0cdf7bce6 2 hours ago 294GB
xxx/base v1 e3592aca1804 3 hours ago 1.04GB
quay.io/wildfly/wildfly 33.0.2.Final-jdk21 a345c99be4e9 6 months ago 780MB
[root@DE-PF1X98TD user]# podman image list | grep -i xxx
xxx/barch v1 5fcf2cd249ae 32 minutes ago 294 GB
xxx/base v1 fe84401ee1e8 21 hours ago 1.34 GB
[root@DE-PF1X98TD user]#
If I login to such an image
[root@DE-PF1X98TD user]# podman run -d --name base xxx/barch:v1
bee9a1ffb994850626b60b0dc3bcbc6b8366b20977909344f7be954252b96afd
[root@DE-PF1X98TD user]# podman exec -it base /bin/bash
[root@bee9a1ffb994 jboss]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 1007G 321G 635G 34% /
tmpfs 64M 0 64M 0% /dev
none 3.9G 8.8M 3.9G 1% /etc/hosts
shm 63M 0 63M 0% /dev/shm
cgroup 1.0M 0 1.0M 0% /sys/fs/cgroup
none 3.9G 0 3.9G 0% /proc/keys
Does anyone now why this image is now so hugh? Is there a possibility to "compress" this image anyhow?
Thanks a lot and kind regards, Juergen
本文标签: Build Image with Podman under WindowsDockerfile contains UID gt 1000000000Stack Overflow
版权声明:本文标题:Build Image with Podman under Windows - Dockerfile contains UID > 1000000000 - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744080672a2587578.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论