We have a docker image and we run our build process in it. At some point in the build process we need to execute an application that needs a service to be running.
The image is based on Ubuntu 14.04.
The service needs to be started when we run in the image. The service needs root privilege to be started, but the build process is run with normal user privilege.
To be more precise, codemeter is the service I want to start. Codemeter is installed in the image but service is not running. And I need it to encrypt my application. To start the service, the command is
service codemeter start
The command I run to start the build process in the image is :
Based on what you are saying, your container requires 2 “services” running in the container.
That can be done by coding up a script which launches both the codemeter service and your build.
I recommend that you launch the codemeter service as a background process instead of an Upstart or Systemd service. Refer to the Docker documentation at this link for details -> https://docs.docker.com/config/containers/multi-service_container/
Yes I’ve already read it. Maybe I’ve missed something.
But the keypoint of my question is how can I start the service with root privilege and run my scripts with developper privilege.
See what I get.
developer@88509c9c35b9:~/dev$ service codemeter start
Starting CodeMeter Server codemeter
start-stop-daemon: unable to set gid to 1 (Operation not permitted) [fail]
Start the container with a docker container run command as root with the codemeter service configured to always run as the default service. Specify all of the docker container run options that your application build will need: volumes, etc.
Run your build in that existing running container by issuing a docker container exec command as the “developer” user with the “command” or “script” that runs your build.
No! We have a image with codemeter install in it (dpkg of the .deb file).
The service doesn’t start automatically when I call docker run. Then I want to start it manually, with root privilege.
The only way I know is to pass -u 0 to my docker run commmand.
But I want to run the build scrtips with -u UID (e.g. 1000).
That’s what I’m trying to do. If there’s a way to have the service running automatically when I start run the image while using -u UID it would be great. But I don’t know how to do it.
Our current build command is
docker run --rm -it -u 1000 -v git rev-parse --show-toplevel :/home/developer/dev -w /home/developer/dev mono_build_x32:v1.7 bash -c ‘python build.py’
-v and -w parameters are for information. The key point of our command is :
docker run --rm -it -u 1000 mono_build_x32:v1.7 bash -c ‘python build.py’
Run this command on a Linux machine where the codemeter service is still running to display the codemeter process.
pgrep -a -l codemeter | head -n 1
That should show you how codemeter is started by the Linux Service component (which could be Upstart or Systemd).
Here’s an example showing the sshdservice process.
🐳 root@172.28.128.3:[~] $ pgrep -a -l sshd | head -n 1
747 /usr/sbin/sshd -D
So the sshd service is started by running /usr/sbin/sshd -D.
You need to determine how codemeter is started.
Then make a docker image for codemeter with a Dockerfile.
In the Dockerfile you will need to install codemeter.
Then the CMD statement in the Dockerfile will need to contain the command to run it.
Example for sshd
CMD ["/usr/sbin/sshd", "-D"]
Then when you run a container from the codemeter docker image the codemeter service will run.
I’m not familiar at all with codemeter. So I don’t know how it’s installed and if it is configured to run as an Upstart Linux Service or Systemd Linux service https://en.wikipedia.org/wiki/Systemd
You will need to do some investigating of codemeter on your Linux virtual machine.
sshd on Ubuntu is configured as a Systemd service.
I will get back to you. Thank you for this information.
I think I’ve found a way of having the service running. But I’m not sure it is a good way for codemeter.
I’m either in a discussion with their team. I’m sure I’ll find the better procedure. I’ll keep you in touch.
Thank you for your help. I’ve found a way to start the server by executing the core application (and not via service start), by using the pgrep command you told me.
The service is not started via the CMD command (docker file), but started when I run the build scripts.