1

In Dockerfile, I put in the following:

COPY docker-files/krb5.conf /etc
RUN /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid;

Expectation is that KDC would be started when I use "docker run -it" command.

However, KDC is not running after starting docker VM. Was my expectation correct ?

Thanks

Ted
  • 379
  • 1
  • 5
  • 18

2 Answers2

0

RUN is not the same as CMD

https://docs.docker.com/engine/reference/builder/#cmd

or

ENTRYPOINT

https://docs.docker.com/engine/reference/builder/#entrypoint

By default a docker container executes what it has in CMD and exits, so that is "normal".

Try replacing RUN by CMD, rebuild and relaunch

See also creack answer in

What is the difference between CMD and ENTRYPOINT in a Dockerfile?

Community
  • 1
  • 1
user2915097
  • 30,758
  • 6
  • 57
  • 59
  • I changed the RUN with CMD and relaunched the docker VM. krb5kdc is still not active in the VM. BTW for "docker run", I specified "-h=securecluster". Not sure whether this would play some role in what I observed. – Ted May 19 '17 at 15:56
  • Does this command last long or gives back a prompt immediately? – user2915097 May 19 '17 at 16:05
  • try `CMD /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid; sleep infinity` – user2915097 May 19 '17 at 16:18
  • Doesn't the above mean that only one process can be started in this manner ? – Ted May 19 '17 at 16:21
  • To answer previous question, start-docker.sh builds the docker image and runs the image. It was not immediately clear how long the kdc command in Dockerfile ran. – Ted May 19 '17 at 16:23
  • You can run several processes with supervisor https://docs.docker.com/engine/admin/multi-service_container/ or s6 or daemontools – user2915097 May 19 '17 at 16:28
0

First, use CMD (takes effect on run time) instead of RUN (takes effect on build time)

Then put krb in foreground with -n:

CMD /usr/sbin/krb5kdc -n -P /var/run/krb5kdc.pid

But if it is still not working, post the docker logs of that container

Robert
  • 33,429
  • 8
  • 90
  • 94
  • You said "then put krb in foreground". Does this mean that I need two CMD's for krb5kdc ? In the previous output, there was only one CMD. – Ted May 20 '17 at 15:27
  • Looking at /var/log/krb5kdc.log , there was no indication that the krb5kdc actually ran - the log file is empty. – Ted May 20 '17 at 15:33
  • When you **docker run** bash you are overriding the CMD with bash. To try what you need, do the same docker run, without the bash, and in another terminal, do `docker exec -it bash` then `ps aux` – Robert May 20 '17 at 15:50
  • Thanks for the quick response. I did see kdc running as described above. However, the *docker run* command is supposed to give developers a terminal where they can build / test native code. Currently after "krb5kdc: starting..." message the terminal is not usable. Any suggestion ? – Ted May 20 '17 at 16:26
  • `docker run -d` (add -d before image name). Then use docker stop/kill to stop container. Is it what you asked? – Robert May 20 '17 at 16:29
  • Is there any downside to starting kdc within the *docker run* command like this ? -it hbase_native /bin/bash -c "/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid; /bin/bash" – Ted May 20 '17 at 16:30
  • There is no problem. The thing is that you remain attached to the terminal. For production stuff is not the best approach. This is equivalent without bash: `-t -d hbase_native /bin/bash -c "/usr/sbin/krb5kdc -n -P /var/run/krb5kdc.pid"` – Robert May 20 '17 at 16:40