My first docker test with excitement -
RUN apk update \
&& apk add --no-cache openssl
CMD openssl genrsa -out server.key 1024
Purpose of this experiment: for situation that “volume” not allowed by server (like Heroku) and have to create certificate file inside container, at run time… that’s why I used CMD.
It turned out, openssl did nothing (with or without “USER root”). After that, in the shell, I executed openssl manually, and get certificate file successfully. Also, with or without “USER root”, I typed “whoami”, I got “root”.
Could anybody please enlighten me?
Am I understanding you correctly, that you just want to have it generate the key, and display it?
Then CMD needs to be:
CMD openssl genrsa -out server.key 1024 && cat /ops/server.key
And you dont have to set “USER root”, because by defualt, the user is root. (unless defined othervise in the parrent image, but in baseimages like these, its default root)
Thanks for taking time.
It can not be displayed, since server.key not generated.
Here’s what I found:
/root folder is empty.
“openssl” is in /usr/bin/
“find . server.key” finds nothing.
When I execute openssl manually, I get server.key at once.
I would expect /root to be empty since you set “WORKDIR /ops”
And i suspect the problem to be that the container exists when its done generating, and then you cant find it.
Have you tried changing the CMD to the one i provided? works for me.
My bad. Just tried your code and it works! -
If I do “docker run -it myimage sh”, I still can not find server.key file inside container. But if I do "docker run -it myimage ", content will be printed out.
Then I tested with “CMD openssl genrsa -out server.key 1024 && touch file2 && cat /ops/server.key && ls -lh && sleep 2m” and the result is totally as supposed to be.
Now this is getting interesting, why a file hides itself when I get in container? (by “docker run -it myimage sh”, is this a wrong command?)
Its because when you define sh in: “docker run -it myimage sh”
then you accually overwrite CMD with “sh”, so it wont run openssl.
Anything after the image name in docker run, is CMD
Roger that. Thanks a lot, you are so helpful !