Skip to content

Commit

Permalink
fix: permission denied in the docker image (#4464)
Browse files Browse the repository at this point in the history
  • Loading branch information
nodece authored Nov 13, 2024
1 parent 0376bdc commit be499be
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 24 deletions.
67 changes: 48 additions & 19 deletions docker/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,39 @@
# under the License.
#

FROM alpine:3.20 as bk-dist

ARG BK_VERSION=4.17.1
ARG DISTRO_NAME=bookkeeper-server-${BK_VERSION}-bin
ARG DISTRO_URL=https://archive.apache.org/dist/bookkeeper/bookkeeper-${BK_VERSION}/${DISTRO_NAME}.tar.gz

RUN apk update && apk add gpg gpg-agent wget \
&& cd /opt \
&& wget -q "${DISTRO_URL}" \
&& wget -q "${DISTRO_URL}.asc" \
&& wget -q "${DISTRO_URL}.sha512" \
&& sha512sum -c ${DISTRO_NAME}.tar.gz.sha512 \
&& wget -q https://dist.apache.org/repos/dist/release/bookkeeper/KEYS \
&& gpg --import KEYS \
&& gpg --batch --verify "$DISTRO_NAME.tar.gz.asc" "$DISTRO_NAME.tar.gz" \
&& tar -xzf "$DISTRO_NAME.tar.gz" \
&& mv bookkeeper-server-${BK_VERSION}/ /opt/bookkeeper/ \
&& rm -rf "$DISTRO_NAME.tar.gz" "$DISTRO_NAME.tar.gz.asc" "$DISTRO_NAME.tar.gz.sha512";

COPY scripts /opt/bookkeeper/scripts

RUN for SUBDIRECTORY in conf logs data; do \
mkdir -p /opt/bookkeeper/$SUBDIRECTORY; \
chmod -R ug+rwx /opt/bookkeeper/$SUBDIRECTORY; \
chown -R 10000:0 /opt/bookkeeper/$SUBDIRECTORY; \
done

RUN for SUBDIRECTORY in scripts bin; do \
chmod -R g+rx /opt/bookkeeper/$SUBDIRECTORY; \
done

RUN chmod -R o+rx /opt/bookkeeper

FROM eclipse-temurin:17 as jre-build

# Create a custom Java runtime
Expand Down Expand Up @@ -48,43 +81,39 @@ ENV DEBIAN_FRONTEND=noninteractive
ARG UBUNTU_MIRROR=http://archive.ubuntu.com/ubuntu/
ARG UBUNTU_SECURITY_MIRROR=http://security.ubuntu.com/ubuntu/

# Download Apache Bookkeeper, untar and clean up
RUN set -x \
&& sed -i -e "s|http://archive\.ubuntu\.com/ubuntu/|${UBUNTU_MIRROR:-http://archive.ubuntu.com/ubuntu/}|g" \
-e "s|http://security\.ubuntu\.com/ubuntu/|${UBUNTU_SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu/}|g" /etc/apt/sources.list \
&& echo 'Acquire::http::Timeout "30";\nAcquire::http::ConnectionAttemptDelayMsec "2000";\nAcquire::https::Timeout "30";\nAcquire::https::ConnectionAttemptDelayMsec "2000";\nAcquire::ftp::Timeout "30";\nAcquire::ftp::ConnectionAttemptDelayMsec "2000";\nAcquire::Retries "15";' > /etc/apt/apt.conf.d/99timeout_and_retries \
&& adduser "${BK_USER}" \
&& apt-get update \
&& apt-get install -y ca-certificates apt-transport-https \
&& apt-get install -y --no-install-recommends python3 pip \
&& ln -s /usr/bin/python3 /usr/bin/python \
&& apt-get install -y --no-install-recommends gpg gpg-agent wget sudo \
&& apt-get install -y --no-install-recommends wget sudo \
&& apt-get -y --purge autoremove \
&& apt-get autoclean \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& mkdir -pv /opt \
&& cd /opt \
&& wget -q "${DISTRO_URL}" \
&& wget -q "${DISTRO_URL}.asc" \
&& wget -q "${DISTRO_URL}.sha512" \
&& sha512sum -c ${DISTRO_NAME}.tar.gz.sha512 \
&& wget https://dist.apache.org/repos/dist/release/bookkeeper/KEYS \
&& gpg --import KEYS \
&& gpg --batch --verify "$DISTRO_NAME.tar.gz.asc" "$DISTRO_NAME.tar.gz" \
&& tar -xzf "$DISTRO_NAME.tar.gz" \
&& mv bookkeeper-server-${BK_VERSION}/ /opt/bookkeeper/ \
&& rm -rf "$DISTRO_NAME.tar.gz" "$DISTRO_NAME.tar.gz.asc" "$DISTRO_NAME.tar.gz.sha512" \
&& pip install zk-shell

WORKDIR /opt/bookkeeper

# JDK
ENV JAVA_HOME=/opt/java/openjdk
ENV PATH="$PATH:$JAVA_HOME/bin"
COPY --from=jre-build /javaruntime $JAVA_HOME

COPY scripts /opt/bookkeeper/scripts
RUN chmod +x -R /opt/bookkeeper/scripts/
# BK
ENV ZK_dataDir=${BK_HOME}/data/zookeeper/data
ENV ZK_dataLogDir=${BK_HOME}/data/zookeeper/txlog
ENV BK_DATA_DIR=${BK_HOME}/data
ENV BK_journalDirectory=${BK_HOME}/data/journal
ENV BK_ledgerDirectories=${BK_HOME}/data/ledgers
ENV ZK_SHELL_HOME=${BK_HOME}/data
COPY --from=bk-dist /opt/bookkeeper ${BK_HOME}

WORKDIR ${BK_HOME}

RUN adduser "${BK_USER}" -u 10000 --gid 0 --home ${BK_HOME} --no-create-home --disabled-password
USER 10000

ENTRYPOINT [ "/bin/bash", "/opt/bookkeeper/scripts/entrypoint.sh" ]
CMD ["bookie"]
Expand Down
2 changes: 2 additions & 0 deletions docker/scripts/common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ export BK_dlogRootPath=${BK_dlogRootPath:-"${BK_CLUSTER_ROOT_PATH}/distributedlo
# stream storage
export BK_NUM_STORAGE_CONTAINERS=${BK_NUM_STORAGE_CONTAINERS:-"32"}
export BK_STREAM_STORAGE_ROOT_PATH=${BK_STREAM_STORAGE_ROOT_PATH:-"/stream"}
# zk-shell
export ZK_SHELL_HOME=${ZK_SHELL_HOME:-"${HOME}"}

echo "Environment Vars for bookie:"
echo ""
Expand Down
14 changes: 9 additions & 5 deletions docker/scripts/init_bookie.sh
Original file line number Diff line number Diff line change
Expand Up @@ -21,25 +21,29 @@
# */
source ${SCRIPTS_DIR}/common.sh

function run_zk_shell() {
HOME=${ZK_SHELL_HOME} zk-shell "$@"
}

function wait_for_zookeeper() {
echo "wait for zookeeper"
until zk-shell --run-once "ls /" ${BK_zkServers}; do sleep 5; done
until run_zk_shell --run-once "ls /" ${BK_zkServers}; do sleep 5; done
}

function create_zk_root() {
if [ "x${BK_CLUSTER_ROOT_PATH}" != "x" ]; then
echo "create the zk root dir for bookkeeper at '${BK_CLUSTER_ROOT_PATH}'"
zk-shell --run-once "create ${BK_CLUSTER_ROOT_PATH} '' false false true" ${BK_zkServers}
run_zk_shell --run-once "create ${BK_CLUSTER_ROOT_PATH} '' false false true" ${BK_zkServers}
fi
}

function init_cluster() {
zk-shell --run-once "ls ${BK_zkLedgersRootPath}/available/readonly" ${BK_zkServers}
run_zk_shell --run-once "ls ${BK_zkLedgersRootPath}/available/readonly" ${BK_zkServers}
if [ $? -eq 0 ]; then
echo "Cluster metadata already exists"
else
# Create an ephemeral zk node `bkInitLock` for use as a lock.
lock=`zk-shell --run-once "create ${BK_CLUSTER_ROOT_PATH}/bkInitLock '' true false false" ${BK_zkServers}`
lock=`run_zk_shell --run-once "create ${BK_CLUSTER_ROOT_PATH}/bkInitLock '' true false false" ${BK_zkServers}`
if [ -z "$lock" ]; then
echo "znodes do not exist in Zookeeper for Bookkeeper. Initializing a new Bookkeekeper cluster in Zookeeper."
/opt/bookkeeper/bin/bookkeeper shell initnewcluster
Expand All @@ -57,7 +61,7 @@ function init_cluster() {
while [ ${tenSeconds} -lt 100 ]
do
sleep 10
zk-shell --run-once "ls ${BK_zkLedgersRootPath}/available/readonly" ${BK_zkServers}
run_zk_shell --run-once "ls ${BK_zkLedgersRootPath}/available/readonly" ${BK_zkServers}
if [ $? -eq 0 ]; then
echo "Waited $tenSeconds * 10 seconds. Successfully listed ''${BK_zkLedgersRootPath}/available/readonly'"
break
Expand Down

0 comments on commit be499be

Please sign in to comment.