Noob question about CMD openssl?

anderson456 · March 9, 2022, 1:04am

Hi all,
My first docker test with excitement -
Dockerfile:

FROM alpine
USER root
WORKDIR /ops
RUN apk update \
  && apk add --no-cache openssl
CMD openssl genrsa -out server.key 1024

Purpose of this experiment: for situation that “volume” not allowed by server (like Heroku) and have to create certificate file inside container, at run time… that’s why I used CMD.

It turned out, openssl did nothing (with or without “USER root”). After that, in the shell, I executed openssl manually, and get certificate file successfully. Also, with or without “USER root”, I typed “whoami”, I got “root”.

Could anybody please enlighten me?

terpz · March 9, 2022, 5:10pm

Am I understanding you correctly, that you just want to have it generate the key, and display it?

Then CMD needs to be:

CMD openssl genrsa -out server.key 1024 && cat /ops/server.key

And you dont have to set “USER root”, because by defualt, the user is root. (unless defined othervise in the parrent image, but in baseimages like these, its default root)

anderson456 · March 9, 2022, 11:02pm

Thanks for taking time.
It can not be displayed, since server.key not generated.

Here’s what I found:
/root folder is empty.
“openssl” is in /usr/bin/
“find . server.key” finds nothing.
When I execute openssl manually, I get server.key at once.

terpz · March 10, 2022, 7:40am

I would expect /root to be empty since you set “WORKDIR /ops”

And i suspect the problem to be that the container exists when its done generating, and then you cant find it.

Have you tried changing the CMD to the one i provided? works for me.

anderson456 · March 10, 2022, 11:10am

My bad. Just tried your code and it works! -
If I do “docker run -it myimage sh”, I still can not find server.key file inside container. But if I do "docker run -it myimage ", content will be printed out.
Then I tested with “CMD openssl genrsa -out server.key 1024 && touch file2 && cat /ops/server.key && ls -lh && sleep 2m” and the result is totally as supposed to be.
Now this is getting interesting, why a file hides itself when I get in container? (by “docker run -it myimage sh”, is this a wrong command?)

terpz · March 10, 2022, 11:37am

Its because when you define sh in: “docker run -it myimage sh”
then you accually overwrite CMD with “sh”, so it wont run openssl.

Anything after the image name in docker run, is CMD

anderson456 · March 10, 2022, 11:39am

Roger that. Thanks a lot, you are so helpful !

Topic		Replies	Views
USER command in dockerfile has superpowers?! General docker , build	5	1282	May 26, 2023
How to download file and run after that General docker , build	4	1625	December 9, 2021
Get SSL certificate for use in Docker container General docker	3	49238	May 2, 2018
The container does not have directory "/usr/share/doc/openssl" after having installed openssl both through Docker file and also through docker exec container bash General docker	3	564	January 2, 2023
Build App in Getting Started Guide fails Docker Desktop	0	1221	May 2, 2017

Noob question about CMD openssl?

Related topics