From 1de799454879208efc561f33da0673ef9a634bd4 Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Fri, 6 Jul 2018 11:03:59 +0200 Subject: [PATCH 1/6] consistently use uid 1000 for cmsusr --- cvmfs/Dockerfile | 2 +- slc6-only/Dockerfile | 2 +- standalone/Dockerfile_patch | 5 +++-- standalone/Dockerfile_production | 5 +++-- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/cvmfs/Dockerfile b/cvmfs/Dockerfile index 85330e3..9854fea 100644 --- a/cvmfs/Dockerfile +++ b/cvmfs/Dockerfile @@ -51,7 +51,7 @@ ADD run-cvmfs.sh /etc/cvmfs/run-cvmfs.sh RUN chmod uga+rx /etc/cvmfs/run-cvmfs.sh ADD etc-cvmfs-default-local /etc/cvmfs/default.local -RUN adduser cmsusr && \ +RUN groupadd -g 1000 cmsusr && adduser -u 1000 -g 1000 cmsusr && \ echo "cmsusr ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers WORKDIR /home/cmsusr diff --git a/slc6-only/Dockerfile b/slc6-only/Dockerfile index 206b6c7..40d75b9 100644 --- a/slc6-only/Dockerfile +++ b/slc6-only/Dockerfile @@ -30,7 +30,7 @@ RUN yum update -y && yum install -y \ yum install -y -q wget git && \ yum clean -y all -RUN adduser cmsusr && \ +RUN groupadd -g 1000 cmsusr && adduser -u 1000 -g 1000 cmsusr && \ echo "cmsusr ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers WORKDIR /home/cmsusr diff --git a/standalone/Dockerfile_patch b/standalone/Dockerfile_patch index 687be90..d827e96 100644 --- a/standalone/Dockerfile_patch +++ b/standalone/Dockerfile_patch @@ -32,8 +32,9 @@ RUN yum install -y libXft-devel libX11-devel libXpm-devel libXext-devel mesa strace && \ yum clean -y all -RUN groupadd -g 500 cmsinst && adduser -u 500 -g 500 cmsinst && install -d /opt && install -d -o cmsinst /opt/cms && \ - groupadd -g 501 cmsusr && adduser -u 501 -g 501 cmsusr +RUN groupadd -g 1000 cmsusr && adduser -u 1000 -g 1000 cmsusr && \ + groupadd -g 1001 cmsinst && adduser -u 1001 -g 1001 cmsinst && \ + install -d /opt && install -d -o cmsinst /opt/cms USER cmsinst WORKDIR /opt/cms diff --git a/standalone/Dockerfile_production b/standalone/Dockerfile_production index 85c638b..03a7e25 100644 --- a/standalone/Dockerfile_production +++ b/standalone/Dockerfile_production @@ -31,8 +31,9 @@ RUN yum install -y libXft-devel libX11-devel libXpm-devel libXext-devel mesa strace && \ yum clean -y all -RUN groupadd -g 500 cmsinst && adduser -u 500 -g 500 cmsinst && install -d /opt && install -d -o cmsinst /opt/cms && \ - groupadd -g 501 cmsusr && adduser -u 501 -g 501 cmsusr +RUN groupadd -g 1000 cmsusr && adduser -u 1000 -g 1000 cmsusr && \ + groupadd -g 1001 cmsinst && adduser -u 1001 -g 1001 cmsinst && \ + install -d /opt && install -d -o cmsinst /opt/cms USER cmsinst WORKDIR /opt/cms -- GitLab From cba4dc2a82e931b283d2c027de52cd4d118696b8 Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Fri, 6 Jul 2018 11:07:18 +0200 Subject: [PATCH 2/6] install sudo and make cmsusr sudoer --- standalone/Dockerfile_patch | 3 ++- standalone/Dockerfile_production | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/standalone/Dockerfile_patch b/standalone/Dockerfile_patch index d827e96..8819ae3 100644 --- a/standalone/Dockerfile_patch +++ b/standalone/Dockerfile_patch @@ -29,10 +29,11 @@ RUN yum install -y libXft-devel libX11-devel libXpm-devel libXext-devel mesa zip e2fsprogs \ CERN-CA-certs voms-clients-cpp ca-policy-lcg \ krb5-devel cern-wrappers krb5-workstation \ - strace && \ + strace sudo && \ yum clean -y all RUN groupadd -g 1000 cmsusr && adduser -u 1000 -g 1000 cmsusr && \ + echo "cmsusr ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers && \ groupadd -g 1001 cmsinst && adduser -u 1001 -g 1001 cmsinst && \ install -d /opt && install -d -o cmsinst /opt/cms diff --git a/standalone/Dockerfile_production b/standalone/Dockerfile_production index 03a7e25..ae1c7a3 100644 --- a/standalone/Dockerfile_production +++ b/standalone/Dockerfile_production @@ -28,10 +28,11 @@ RUN yum install -y libXft-devel libX11-devel libXpm-devel libXext-devel mesa zip e2fsprogs \ CERN-CA-certs voms-clients-cpp ca-policy-lcg \ krb5-devel cern-wrappers krb5-workstation \ - strace && \ + strace sudo && \ yum clean -y all RUN groupadd -g 1000 cmsusr && adduser -u 1000 -g 1000 cmsusr && \ + echo "cmsusr ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers && \ groupadd -g 1001 cmsinst && adduser -u 1001 -g 1001 cmsinst && \ install -d /opt && install -d -o cmsinst /opt/cms -- GitLab From b6a011dabe4b1ed74a6940927cfa715a785edc09 Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Fri, 6 Jul 2018 11:25:59 +0200 Subject: [PATCH 3/6] define script-based entrypoint --- standalone/Dockerfile_patch | 14 ++++++-------- standalone/Dockerfile_production | 15 +++++++-------- standalone/entrypoint.sh | 7 +++++++ 3 files changed, 20 insertions(+), 16 deletions(-) create mode 100755 standalone/entrypoint.sh diff --git a/standalone/Dockerfile_patch b/standalone/Dockerfile_patch index 8819ae3..ff77b69 100644 --- a/standalone/Dockerfile_patch +++ b/standalone/Dockerfile_patch @@ -19,7 +19,6 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.version=$VERSION \ org.label-schema.schema-version="1.0" -CMD /bin/bash RUN yum install -y libXft-devel libX11-devel libXpm-devel libXext-devel mesa-libGLU-devel \ libXmu libXpm \ HEP_OSlibs_SL6 wget git \ @@ -54,13 +53,12 @@ USER cmsusr WORKDIR /home/cmsusr ENV CMSSW_VERSION=${CMSSW_VERSION}_${PATCH} ENV SCRAM_ARCH=${SCRAM_ARCH} -RUN echo $'source /opt/cms/cmsset_default.sh; \n\ - scramv1 project CMSSW ${CMSSW_VERSION}; \n\ - cd ${CMSSW_VERSION}/src; \n\ - eval `scramv1 runtime -sh`; \n\ - export PS1=\'[\\t] \\e[91m\\u\\e[0m@\\e[34m\\h \\e[36m\\w \\e[0m$ \'; \n\ +ADD entrypoint.sh /opt/cms/entrypoint.sh +RUN echo $'export PS1=\'[\\t] \\e[91m\\u\\e[0m@\\e[34m\\h \\e[36m\\w \\e[0m$ \'; \n\ export PROMPT=\'[%*] %F{red}%n%f@%F{blue}%m%f %F{yellow}%3~%f $ \'' \ > .bashrc; \ - cp .bashrc .zshrc; + cp .bashrc .zshrc; \ + chmod +x /opt/cms/entrypoint.sh; -# ENTRYPOINT /bin/zsh +ENTRYPOINT ["/opt/cms/entrypoint.sh"] +CMD ["/bin/zsh"] \ No newline at end of file diff --git a/standalone/Dockerfile_production b/standalone/Dockerfile_production index ae1c7a3..4095b82 100644 --- a/standalone/Dockerfile_production +++ b/standalone/Dockerfile_production @@ -18,7 +18,6 @@ LABEL org.label-schema.build-date=$BUILD_DATE \ org.label-schema.version=$VERSION \ org.label-schema.schema-version="1.0" -CMD /bin/bash RUN yum install -y libXft-devel libX11-devel libXpm-devel libXext-devel mesa-libGLU-devel \ libXmu libXpm \ HEP_OSlibs_SL6 wget git \ @@ -50,15 +49,15 @@ RUN /bin/cp -f /opt/cms/cmsset_default.sh /etc/profile.d/ USER cmsusr WORKDIR /home/cmsusr +ENV HOME=/home/cmsusr ENV CMSSW_VERSION=${CMSSW_VERSION} ENV SCRAM_ARCH=${SCRAM_ARCH} -RUN echo $'source /opt/cms/cmsset_default.sh; \n\ - scramv1 project CMSSW ${CMSSW_VERSION}; \n\ - cd ${CMSSW_VERSION}/src; \n\ - eval `scramv1 runtime -sh`; \n\ - export PS1=\'[\\t] \\e[91m\\u\\e[0m@\\e[34m\\h \\e[36m\\w \\e[0m$ \'; \n\ +ADD entrypoint.sh /opt/cms/entrypoint.sh +RUN echo $'export PS1=\'[\\t] \\e[91m\\u\\e[0m@\\e[34m\\h \\e[36m\\w \\e[0m$ \'; \n\ export PROMPT=\'[%*] %F{red}%n%f@%F{blue}%m%f %F{yellow}%3~%f $ \'' \ > .bashrc; \ - cp .bashrc .zshrc; + cp .bashrc .zshrc; \ + chmod +x /opt/cms/entrypoint.sh; -# ENTRYPOINT /bin/zsh +ENTRYPOINT ["/opt/cms/entrypoint.sh"] +CMD ["/bin/zsh"] \ No newline at end of file diff --git a/standalone/entrypoint.sh b/standalone/entrypoint.sh new file mode 100755 index 0000000..3cbd689 --- /dev/null +++ b/standalone/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e + +echo "Setting up ${CMSSW_VERSION}" +source /opt/cms/cmsset_default.sh +scramv1 project CMSSW ${CMSSW_VERSION} +cd ${CMSSW_VERSION}/src +eval `scramv1 runtime -sh` \ No newline at end of file -- GitLab From 478c73fc0eda44530c1595f1832efaa0b9bcbcc9 Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Fri, 6 Jul 2018 11:27:03 +0200 Subject: [PATCH 4/6] update maintainer LABEL --- cvmfs/Dockerfile | 2 +- slc6-only/Dockerfile | 2 +- standalone/Dockerfile_patch | 2 +- standalone/Dockerfile_production | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cvmfs/Dockerfile b/cvmfs/Dockerfile index 9854fea..bf6ba10 100644 --- a/cvmfs/Dockerfile +++ b/cvmfs/Dockerfile @@ -1,7 +1,7 @@ ## ## A container where CernVM-FS is up and running for CMSSW FROM cern/slc6-base -LABEL maintainer="Clemens Lange clemens.lange@cern.ch" +LABEL maintainer="Clemens Lange " # Build-time metadata as defined at http://label-schema.org ARG BUILD_DATE diff --git a/slc6-only/Dockerfile b/slc6-only/Dockerfile index 40d75b9..150ecc1 100644 --- a/slc6-only/Dockerfile +++ b/slc6-only/Dockerfile @@ -1,7 +1,7 @@ ## ## A container where CernVM-FS is up and running for CMSSW FROM cern/slc6-base -LABEL maintainer="Clemens Lange clemens.lange@cern.ch" +LABEL maintainer="Clemens Lange " # Build-time metadata as defined at http://label-schema.org ARG BUILD_DATE diff --git a/standalone/Dockerfile_patch b/standalone/Dockerfile_patch index ff77b69..808bff0 100644 --- a/standalone/Dockerfile_patch +++ b/standalone/Dockerfile_patch @@ -1,5 +1,5 @@ FROM cern/slc6-base -MAINTAINER Clemens Lange "clemens.lange@cern.ch" +LABEL maintainer="Clemens Lange " ARG SCRAM_ARCH=slc6_amd64_gcc481 ARG CMSSW_VERSION=CMSSW_7_1_25 diff --git a/standalone/Dockerfile_production b/standalone/Dockerfile_production index 4095b82..f755db3 100644 --- a/standalone/Dockerfile_production +++ b/standalone/Dockerfile_production @@ -1,5 +1,5 @@ FROM cern/slc6-base -MAINTAINER Clemens Lange "clemens.lange@cern.ch" +LABEL maintainer="Clemens Lange " ARG SCRAM_ARCH=slc6_amd64_gcc530 ARG CMSSW_VERSION=CMSSW_9_2_1 -- GitLab From cef9a0fbd463bac198b1c64cdf34b07eae6e148d Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Fri, 6 Jul 2018 12:11:16 +0200 Subject: [PATCH 5/6] fix rights for entrypoint.sh --- standalone/Dockerfile_patch | 2 +- standalone/Dockerfile_production | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/standalone/Dockerfile_patch b/standalone/Dockerfile_patch index 808bff0..1a2d00d 100644 --- a/standalone/Dockerfile_patch +++ b/standalone/Dockerfile_patch @@ -58,7 +58,7 @@ RUN echo $'export PS1=\'[\\t] \\e[91m\\u\\e[0m@\\e[34m\\h \\e[36m\\w \\e[0m$ export PROMPT=\'[%*] %F{red}%n%f@%F{blue}%m%f %F{yellow}%3~%f $ \'' \ > .bashrc; \ cp .bashrc .zshrc; \ - chmod +x /opt/cms/entrypoint.sh; + sudo chmod 755 /opt/cms/entrypoint.sh; ENTRYPOINT ["/opt/cms/entrypoint.sh"] CMD ["/bin/zsh"] \ No newline at end of file diff --git a/standalone/Dockerfile_production b/standalone/Dockerfile_production index f755db3..b39d0d0 100644 --- a/standalone/Dockerfile_production +++ b/standalone/Dockerfile_production @@ -57,7 +57,7 @@ RUN echo $'export PS1=\'[\\t] \\e[91m\\u\\e[0m@\\e[34m\\h \\e[36m\\w \\e[0m$ export PROMPT=\'[%*] %F{red}%n%f@%F{blue}%m%f %F{yellow}%3~%f $ \'' \ > .bashrc; \ cp .bashrc .zshrc; \ - chmod +x /opt/cms/entrypoint.sh; + sudo chmod 755 /opt/cms/entrypoint.sh; ENTRYPOINT ["/opt/cms/entrypoint.sh"] CMD ["/bin/zsh"] \ No newline at end of file -- GitLab From 2380dc6f93dcba36d6e707939362cf395c5169a7 Mon Sep 17 00:00:00 2001 From: Clemens Lange Date: Sat, 7 Jul 2018 01:01:42 +0200 Subject: [PATCH 6/6] fix entrypoint script --- standalone/entrypoint.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/standalone/entrypoint.sh b/standalone/entrypoint.sh index 3cbd689..062b856 100755 --- a/standalone/entrypoint.sh +++ b/standalone/entrypoint.sh @@ -1,7 +1,11 @@ -#!/bin/bash -e +#!/bin/bash +set -e echo "Setting up ${CMSSW_VERSION}" source /opt/cms/cmsset_default.sh scramv1 project CMSSW ${CMSSW_VERSION} cd ${CMSSW_VERSION}/src -eval `scramv1 runtime -sh` \ No newline at end of file +eval `scramv1 runtime -sh` +echo "CMSSW should now be available." + +exec "$@" -- GitLab