Run sudo commands from inside of docker compose

Question

I am using AWS EC2 instance and have installed docker and docker-compose on AWS linux.

Now I have a docker-compose.yml file which is trying the command mkdir -p /workspace/.m2/repositories. Now this command requires sudo, otherwise it gives permissions error.

I tried adding sudo inside docker-compose but it gave me an error saying

sudo: command not found

I can run this command manually and can comment this command inside of docker-compose.yml file but I am interested to know that is there any way to run this command from inside of docker-compose.yml file?

I am using docker-compose. So I assume I need to write install sudo command inside docker-compose.yml file. Pls correct me if I am wrong. — Yug Singh, Mar 19 '19 at 19:30
@YugSingh - I think your sudo command should be in `Dockerfile` as alluded to by tkausl — Scott Skiles, Mar 19 '19 at 19:32
What do you mean, 'sudo inside docker-compose'? docker-compose is just a wrapper around docker cli, it doesn't do anything else, u can run something inside docker container, e.g. docker file — Dmitrii, Mar 19 '19 at 19:34
@ScottSkiles I have pulled a github repo and it contains only docker-compose.yml and no dockerfile is there — Yug Singh, Mar 19 '19 at 19:34
because docker compose stores link to images and surrounding info, e.g. networks, volumes and everything else. all logic stores inside docker image — Dmitrii, Mar 19 '19 at 19:35
u need to execute docker-compose up -d to run docker container with info described in this docker-compose file. — Dmitrii, Mar 19 '19 at 19:37
Can you run `sudo docker-compose up`? When you verify this works you can run `sudo docker-compose up -d` to run it detached. — Scott Skiles, Mar 19 '19 at 19:40
@ScottSkiles I can run `docker-compose up` and it's working fine. Then it is trying to run mkdir inside container and it's saying sudo doesn't exist. I was thinking that it has something to do with the host machine but as mentioned by @Dmitri that docker compose is just a wrapper around docker-cli I think compose is failing to run sudo insid ethe container. Also I tried running docer-compose up -d but the contaienr stopped in few seconds — Yug Singh, Mar 19 '19 at 19:44
And what about `sudo docker-compose up`? Have you attempted to use that command yet with sudo in ec2? Do you have sudo permissions on the EC2 instance? You do not run `sudo` from inside `docker-compose`. You run `sudo` from the ec2 instance. If this does not work, then you're spot on, you need to fix `sudo` in the container. Can you link the origin of the `docker-compose.yml ` file? — Scott Skiles, Mar 19 '19 at 20:00
Can you share your `Dockerfile` and `docker-compose.yml` files? If your are doing `mkdir` in a `root` owned area of the filesystem on startup, and the user in the container is not `root` - then you should probably back up and do this in the `Dockerfile` - there you can change user with the `USER` instruction. — Andreas Lorenzen, Mar 19 '19 at 20:29
@ScottSkiles yes I am following this link https://strongbox.github.io/developer-guide/building-the-code-with-docker.html — Yug Singh, Mar 19 '19 at 20:31
when i do docker-compose up I am getting the error. Now I was able to start the container manually and when inside the container I tried the mkdir command the user didn't have the permissions and sudo didn't exist. — Yug Singh, Mar 19 '19 at 20:32

Andreas Lorenzen · Accepted Answer · 2019-03-21T12:21:37.607

I may have a solution for you. You can extend the strongbox image in a custom Dockerfile to solve this issue I think.

Create a new Dockerfile, like this one:

Dockerfile

FROM strongboxci/alpine:jdk8-mvn-3.5

USER root

RUN mkdir -p /workspace/.m2/repositories
RUN chown jenkins:jenkins /workspace/.m2/repositories

USER jenkins

Then build the image with something like this:

docker build -t mystrongbox:01 .

And finally update the docker-compose.yml file to this:

docker-compose.yml

version: '2'
services:
  strongbox-from-web-core:
    image: mystrongbox:01
    command:
      - /bin/bash
      - -c
      - |
         echo ""
         echo "[NOTICE]   This will take at least 2 to 5 minutes to start depending on your machine and connection!"
         echo ""
         echo "           Open http://localhost:48080/storages to browse the repository contents."
         echo ""
         sleep 5
         mkdir -p /workspace/.m2/repositories
         mvn clean install -DskipTests -Dmaven.repo.local=/workspace/.m2/repositories
         cd strongbox-web-core
         mvn spring-boot:run -Dmaven.repo.local=/workspace/.m2/repositories
    ports:
      - 48080:48080
    volumes:
      - ./:/workspace
    working_dir: /workspace

Finally try again with:

docker-compose up

Then you will have the directory created in the image already, and ownership set to the jenkins user.

Please let me know if there is something else that I can do to help, or perhaps accept the answer if it was useful. Thanks! — Andreas Lorenzen, Mar 26 '20 at 09:01

score 2 · Answer 2 · edited Mar 21 '19 at 16:44

I'm one of the developers at strongbox/strongbox. We're thrilled that someone is trying out our Docker images for development :)

Now this command requires sudo, otherwise it gives permissions error.

What you are experiencing, is likely a permission issue. Our Docker images are running as user.group = 1000.1000 (which is usually the first user on many distributions). I suspect that your UID/GID is different, which you can check by doing id -u and id -g. If it's something other than 1000.1000 - you would need to do a workaround:

Create a user & group with IDs 1000.1000:

groupadd -g 1000 jenkins
useradd -u 1000 -g 1000 -s /bin/bash -m jenkins

Chown/chmod the cloned strongbox project like this:

chown -R `id -u`.1001 /path/to/strongbox-project
chmod -R 775 /path/to/strongbox-project

Try again docker-compose up

This image does not have sudo installed, so you wouldn't be able to execute it. However, you shouldn't need it as well, because the /workspace is being mounted from your FS (this is the strongbox project) and it will write /workspace/.m2/repository in the volume.

Run sudo commands from inside of docker compose

2 Answers2