phusion / baseimage-docker Goto Github PK

View Code? Open in Web Editor NEW

8.9K 8.9K 1.1K 2.09 MB

A minimal Ubuntu base image modified for Docker-friendliness

Home Page: http://phusion.github.io/baseimage-docker/

License: MIT License

Makefile 4.68% Shell 49.66% Python 44.56% Dockerfile 1.09%

baseimage-docker's People

Contributors

Stargazers

Watchers

Forkers

dragonmantank juniorz jorisvddonk fqxp modcloth ingoclaro joe8bit walski ngbinh drnic tomer fgabolde thomasleveil kmanley taylor gijzelaerr mmatey-rmn ewenig kingdonb inthecloud247 rmoorman agur tedeh ruphin abrgr saidimu felixhummel yekeqiang dzwicker samrocketman olberger six8 erezool nikicat ereztourjeman abelaska harto ticosax hugoduncan naag endersonmaia mpeterson utahdave gissehel bardusco drupalmodule zoltrain walm madebymany ngpestelos decodedco andre-luiz-dos-santos vinchu imanel jeckhart wizehive dagelf yebyen kjseefried puntonim philipz ejchet dockerimages valerioorfano qerub dgoujard w1l50n bfitzsimmons szaydel kevinlowrie adgoji ndelitski bubenkoff roverwolf jhale dkhroad netmackan timclassic zromans johnwlockwood markgstewart elhu keymon dbongo carenas tinco wwestenbrink aemonfly bkkoos giorgiofellipe gmacario dnephin dbpeng ronaldobarrera champ1 devpie boomfish prodigeni miguelramosfdz frank-dspeed

baseimage-docker's Issues

/etc/my_init.d/logtime.sh failed with status 127

Your sample sh with chmod +x

#In logtime.sh (make sure this file is chmod +x):
#!/bin/bash
/bin/date > /tmp/boottime.txt

RUN mkdir -p /etc/my_init.d
ADD logtime.sh /etc/my_init.d/logtime.sh

docker run -i -t kunthar/middleware /sbin/my_init -- /bin/bash
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
*** Running /etc/my_init.d/logtime.sh...
*** /etc/my_init.d/logtime.sh failed with status 127
*** Killing all processes...

Whenever i comment out

ADD logtime.sh /etc/my_init.d/logtime.sh

everything is fine.

This is the explanation of status 127= http://is.gd/eKCtRI
I've used

/bin/date > /tmp/boottime.txt

but no luck.

Any comments?

setuser problem

Hi,

I think there is a problem with the setuser tool... I used it to start a redis server, and some other services, but after updating to latest baseimage it won't work anymore.

root@0aebe605108e:/# /sbin/setuser redis /usr/bin/redis-server /etc/redis/redis.conf
setuser: cannot execute /usr/bin/redis-server: [Errno 13] Permission denied

permissions look good for me .. and using su to change the user and start the server manually works.

Store environment variables in a file, and allow init scripts to change environment variables

Since processes such as Nginx nuke environment variables, we will want to provide an easy way for processes to query what the original environment variables are. my_init should store the original environment variable in files, ideally in multiple formats so that applications can easily parse them:

/etc/container_environment - a directory containing files named after the keys. The contents contain the values.
/etc/container_environment.sh - bash format (export KEY=value). We can use the shlex.quote function from Python 3.3: https://github.com/bendmorris/static-python/blob/master/Lib/shlex.py#L279-L290
/etc/container_environment.json - JSON format. Python 2.6+ supports json.

We should also allow init scripts in the startup pipeline to modify the environment for subsequent scripts. They can write to the flat files in /etc/container_environment. My_init will then import them, and export them to the bash and json formats before continuing.

Question regarding logging: what is happening when there is no more disk space to log?

the memcached log might flood the container, no?

Missing link environment variables

It looks like the environment variables set when linking a container are not available when using your image. Information on the docker site:

http://docs.docker.io/en/latest/use/working_with_links_names/

I use these in my rails app container database.yml script.

e.g.

defaults: &defaults
  adapter: postgresql
  host: <%= ENV['POSTGRES_PORT_5432_TCP_ADDR'] %>
  port: <%= ENV['POSTGRES_PORT_5432_TCP_PORT'] %>
  username: docker
  password: docker

development:
  <<: *defaults
  database: db_development

test:
  <<: *defaults
  database: db_test

production:
  <<: *defaults
  database: db_production

/sbin/my_init: line 2: import: command not found

When i run my Dockerfile, i have this message

sudo docker run -rm -t -i -p 27017:27017 -v /var/data:/D -v /var/data/log:/L ng2/mongodb
Invalid command: /sbin/my_init

If i try to launch with

sudo docker run -rm -t -i -p 27017:27017 -v /var/data:/D -v /var/data/log:/L --entrypoint bash ng2/mongodb
/sbin/my_init: line 2: import: command not found
/sbin/my_init: line 4: KILL_PROCESS_TIMEOUT: command not found
/sbin/my_init: line 5: KILL_ALL_PROCESSES_TIMEOUT: command not found
/sbin/my_init: line 7: LOG_LEVEL_ERROR: command not found
/sbin/my_init: line 8: LOG_LEVEL_WARN: command not found
/sbin/my_init: line 9: LOG_LEVEL_INFO: command not found
/sbin/my_init: line 10: LOG_LEVEL_DEBUG: command not found
/sbin/my_init: line 12: log_level: command not found
/sbin/my_init: line 14: syntax error near unexpected token `('
/sbin/my_init: line 14: `class AlarmException(Exception):'

Docker version :

sudo docker version
Client version: 0.8.1
Go version (client): go1.2
Git commit (client): a1598d1
Server version: 0.8.1
Git commit (server): a1598d1
Go version (server): go1.2
Last stable version: 0.8.1

Let's get docker images :

sudo docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
ng2/mongodb              latest              09d620ea830d        3 minutes ago       595.5 MB
<none>                   <none>              0abb320eaa5c        7 minutes ago       595.5 MB
<none>                   <none>              b45ee8b7c78a        36 minutes ago      595.5 MB
<none>                   <none>              53d8f8bf98a5        2 days ago          595.2 MB
crosbymichael/dockerui   latest              1364a90139c5        2 days ago          467.4 MB
<none>                   <none>              374e0657b5cc        2 days ago          595.2 MB
<none>                   <none>              8d8a71e48513        2 days ago          595.2 MB
<none>                   <none>              ee5d2de85091        2 days ago          467.4 MB
phusion/baseimage        0.9.6               f4e6f8a8ae28        7 days ago          352.8 MB
phusion/baseimage        latest              f4e6f8a8ae28        7 days ago          352.8 MB
phusion/baseimage        0.9.5               a96ad6a18c43        2 weeks ago         352.8 MB
ubuntu                   12.04               9cd978db300e        2 weeks ago         204.4 MB
phusion/baseimage        0.9.4               f2e32dd503b7        2 weeks ago         403.8 MB
phusion/baseimage        0.9.1               a9f93affd469        3 months ago        346.9 MB
phusion/baseimage        0.9.0               99e64f286549        3 months ago        346.9 MB

And my Dockerfile is :

FROM phusion/baseimage:latest

MAINTAINER [email protected]

ENV HOME /root
ENV MONGO_VERSION 2.4.8

RUN /etc/my_init.d/00_regen_ssh_host_keys.sh

RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
RUN echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/mongodb.list
RUN apt-get -qq -y update
RUN rm /usr/sbin/policy-rc.d
RUN apt-get install -qq -y mongodb-10gen=$MONGO_VERSION

VOLUME ["/D", "/L"]
EXPOSE 27017

CMD ["/sbin/my_init"]

ENTRYPOINT ["mongod","-f","/D/mongodb.conf"]

Works fine with direct phusion/baseimage

sudo docker run -rm -t -i phusion/baseimage bash -l
root@86ff86b5cdc1:/#

How can I log runit messages to a log file?

Let's say I have a running service using the directory /etc/service/foo. Now I delete that directory. Runit will start showing a message (which can be seen with ps aux) saying it can't find that directory. But that message isn't logged anywhere. How can I do that? I couldn't find anything about this in runit's docs.

Btw, thanks for this great image, I'm loving it.

Environment not correct with v0.9.7

I just updated my Dockerfile to use baseimage-docker v0.9.7 instead of v0.9.6 (you can check the source here: https://github.com/StudioMelipone/docker-ruby-2.0.0-p353 and the image is available on the docker index) and now the script executed by my_init does not work anymore.
The problem seems to be a wrong environment since when bundler run, it complains about not finding git and other executables. Indeed when doing an env there are only two variables (PWD and OLD_PWD).

0.9.9 | apt-get install | Failed to fetch

I want to use 0.9.9 because with 0.9.10 a program that I use gives fatal error on compilation. With 0.9.9 it sure worked, I installed in about 3 moths ago.
Now I made some changes in my Dockerfile, tried to build it, but it gives me "Failed to fetch" errors.

Step 8 : RUN apt-get install -y --fix-missing mysql-server
 ---> Running in a68e51246702
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
  libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient18
  libnet-daemon-perl libplrpc-perl libterm-readkey-perl mysql-client-5.5
  mysql-client-core-5.5 mysql-common mysql-server-5.5 mysql-server-core-5.5
Suggested packages:
  libipc-sharedcache-perl tinyca mailx
The following NEW packages will be installed:
  libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient18
  libnet-daemon-perl libplrpc-perl libterm-readkey-perl mysql-client-5.5
  mysql-client-core-5.5 mysql-common mysql-server mysql-server-5.5
  mysql-server-core-5.5
0 upgraded, 13 newly installed, 0 to remove and 10 not upgraded.
Need to get 27.2 MB of archives.
After this operation, 97.5 MB of additional disk space will be used.
Err http://archive.ubuntu.com/ubuntu/ precise-updates/main mysql-common all 5.5.35-0ubuntu0.12.04.2
  404  Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com/ubuntu/ precise-updates/main libmysqlclient18 amd64 5.5.35-0ubuntu0.12.04.2
  404  Not Found [IP: 91.189.92.200 80]
Get:1 http://archive.ubuntu.com/ubuntu/ precise/main libnet-daemon-perl all 0.48-1 [43.1 kB]
Get:2 http://archive.ubuntu.com/ubuntu/ precise/main libplrpc-perl all 0.2020-2 [36.0 kB]
Get:3 http://archive.ubuntu.com/ubuntu/ precise/main libdbi-perl amd64 1.616-1build2 [849 kB]
Get:4 http://archive.ubuntu.com/ubuntu/ precise/main libdbd-mysql-perl amd64 4.020-1build2 [106 kB]
Err http://archive.ubuntu.com/ubuntu/ precise-updates/main mysql-client-core-5.5 amd64 5.5.35-0ubuntu0.12.04.2
  404  Not Found [IP: 91.189.92.200 80]
Get:5 http://archive.ubuntu.com/ubuntu/ precise/main libterm-readkey-perl amd64 2.30-4build3 [28.6 kB]
Err http://archive.ubuntu.com/ubuntu/ precise-updates/main mysql-client-5.5 amd64 5.5.35-0ubuntu0.12.04.2
  404  Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com/ubuntu/ precise-updates/main mysql-server-core-5.5 amd64 5.5.35-0ubuntu0.12.04.2
  404  Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com/ubuntu/ precise-updates/main mysql-server-5.5 amd64 5.5.35-0ubuntu0.12.04.2
  404  Not Found [IP: 91.189.92.200 80]
Get:6 http://archive.ubuntu.com/ubuntu/ precise/main libhtml-template-perl all 2.10-1 [65.0 kB]
Err http://archive.ubuntu.com/ubuntu/ precise-updates/main mysql-server all 5.5.35-0ubuntu0.12.04.2
  404  Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/mysql-common_5.5.35-0ubuntu0.12.04.2_all.deb  404  Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/libmysqlclient18_5.5.35-0ubuntu0.12.04.2_amd64.deb  404  Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/mysql-client-core-5.5_5.5.35-0ubuntu0.12.04.2_amd64.deb  404  Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/mysql-client-5.5_5.5.35-0ubuntu0.12.04.2_amd64.deb  404  Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/mysql-server-core-5.5_5.5.35-0ubuntu0.12.04.2_amd64.deb  404  Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/mysql-server-5.5_5.5.35-0ubuntu0.12.04.2_amd64.deb  404  Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/m/mysql-5.5/mysql-server_5.5.35-0ubuntu0.12.04.2_all.deb  404  Not Found [IP: 91.189.92.200 80]
Fetched 1127 kB in 0s (1588 kB/s)
Unable to correct missing packages.
E: Aborting install.
2014/06/02 09:14:26 The command [/bin/sh -c apt-get install -y --fix-missing mysql-server] returned a non-zero code: 100

dependency on python2?

does this library has a dependency on python2?

i get when i try to run this docker run --rm -t -i phusion/baseimage /sbin/my_init -- bash -l

/usr/bin/python2: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory

Trusted build

Not really an issue here but as many people where yelling for a trusted build on the page https://index.docker.io/u/phusion/baseimage/ , I created one on https://index.docker.io/u/gissehel/phusion-baseimage/ .

I named it "phusion-baseimage" because "phusion's baseimage" is the most meaningfull title I found. On the other hand, it contains the term "phusion" in it, which you may not like.

If this is a problem, I can delete the docker index's repo and github repo (for that reason or any other reason like you provided trusted builds, or you just don't like the idea).

SSH with docker 0.9: PTY allocation request failed on channel 0

Hi. When I run a baseimage-based container on docker 0.9 and try to ssh to it, I get the error:

PTY allocation request failed on channel 0
stdin: is not a tty

It seems like I still have a bash, but without prompt or anything. The same image worked as expected under docker-0.8.0. Nothing in syslog or docker -D output in response to the connection attempts.

ssh -v: (ssh -vvvv at http://bpaste.net/show/188386/)

voyd@kanne> ssh [email protected] -v
OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/voyd/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 172.17.0.4 [172.17.0.4] port 22.
debug1: Connection established.
debug1: identity file /home/voyd/.ssh/id_rsa type 1
debug1: identity file /home/voyd/.ssh/id_rsa-cert type -1
debug1: identity file /home/voyd/.ssh/id_dsa type -1
debug1: identity file /home/voyd/.ssh/id_dsa-cert type -1
debug1: identity file /home/voyd/.ssh/id_ecdsa type -1
debug1: identity file /home/voyd/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/voyd/.ssh/id_ed25519 type -1
debug1: identity file /home/voyd/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.1 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA cd:e9:52:a5:e3:61:51:11:e7:2d:77:89:39:c3:eb:d4
debug1: Host '172.17.0.4' is known and matches the ECDSA host key.
debug1: Found key in /home/voyd/.ssh/known_hosts:26
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/voyd/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: Authentication succeeded (publickey).
Authenticated to 172.17.0.4 ([172.17.0.4]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env COLORTERM = xfce4-terminal
debug1: Sending env TERM = screen-256color
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_COLLATE = C
debug1: Sending env LC_NUMERIC = de_DE.UTF-8
debug1: Sending env LC_TIME = de_DE.UTF-8
debug1: Sending env LC_MONETARY = de_DE.UTF-8
debug1: Sending env LC_PAPER = de_DE.UTF-8
debug1: Sending env LC_NAME = de_DE.UTF-8
debug1: Sending env LC_ADDRESS = de_DE.UTF-8
debug1: Sending env LC_TELEPHONE = de_DE.UTF-8
debug1: Sending env LC_MEASUREMENT = de_DE.UTF-8
debug1: Sending env LC_IDENTIFICATION = de_DE.UTF-8
debug1: Sending env LC_MESSAGES = en_US.UTF-8
PTY allocation request failed on channel 0
stdin: is not a tty

Conflicting docs

At http://phusion.github.io/baseimage-docker/ this paragraph

setuser
A custom tool for running a command as another user. Easier to use than su, has a smaller attack vector than sudo, and unlike chpst this tool sets $HOME correctly. Available as /sbin/setuser.

and this example

### In memcached.sh (make sure this file is chmod +x):
#!/bin/sh
# `chpst` is part of running. `chpst -u memcache` runs the given command
# as the user `memcache`. If you omit this, the command will be run as root.
exec chpst -u memcache /usr/bin/memcached >>/var/log/memcached.log 2>&1

look a bit in contrast. I suspect the example is outdated.

(And does runit kick in automatically?)

apt-get update fail: Related to https://github.com/phusion/baseimage-docker/issues/72

Is not so simple ...

Case 1:

    ...
    RUN echo "deb https://download.sernet.de/packages/samba/4.1/ubuntu trusty main"  >> /etc/apt/source.list
    RUN apt-get update
    ...

apt-get update fail cause can´t fetch https urls.

Case 2:

curl or wget any https://...  fail too.

if not a good behaviour remember add: apt-get install ca-certificates for basis thing like add/download secured content. Today everywhere is moving to secures URL´s

Is was OK on precise by default.

Environment not passed to runit scripts

Environment variables passed into the container via the -e option of docker run are not preserved through the runit launch process. I have confirmed that the variables are available to the /sbin/my_init process, but on line 75, you call /usr/sbin/runsvdir-start which clears the environment before calling runsvdir. My recommendation is to bypass runsvdir-start and call runsvdir directly in order to preserve the environment.

Add anacron to the system services

As the docker containers aren't always up all time, particularly on the dev side, I find it convenient to have anacron making sure that cronjobs are executed once in a while, for example for log rotations, etc.

I've modified image/system_services.sh to add "$minimal_apt_get_install anacron" in my "Debian fork" (https://github.com/olberger/baseimage-docker/tree/debian).

Or maybe this is only useful in Debian environment, and not applying to the base Ubuntu system ?

Hope this helps.

Upgrade to Ubuntu 14.04 as base

14.04 is the new LTS release. IWBN to upgrade the base to it.

Can’t run an image based on baseimage-docker without arguments?

Hi,

I’m quite new to docker and I’m trying to create an example image to work with ruby on rails.
But when I’m trying to execute my script with my_init it doesn’t work.

I have the following entries in my Dockerfile:

ENTRYPOINT ["/sbin/my_init"]
CMD ["/root/rails.sh"]

When I try to run my image with docker run without any argument, I have the following error:
my_init: error: unrecognized arguments: -c #(nop) ADD file:19aa57293c80cb2b84047fcfcbc89cd75ded94e5841cc8062e282dca6e5e680e in /etc/service/redis/run

I tried to add "--" to CMD but with no luck. I don’t understand what’s the matter here?

on demand sshd start

Related to: #37
I read that too but here work flawless without any delay.
Test your self.

my_init doesn't preserve non-zero exit status

Unless I'm misunderstanding something, the final line of this output should read 42:

$ docker run --rm phusion/baseimage:0.9.9 /sbin/my_init --skip-runit -- bash -c 'exit 42'
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
No SSH host key available. Generating one...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
*** Running /etc/rc.local...
*** Running bash -c exit 42...
*** bash exited with exit code 10752.
*** Killing all processes...
$ echo $?
0

Description on index.docker.io is outdated

The description of the image on the Docker Index is outdated and still refers to 12.04.

Getting tons of debconf messages unless TERM is set to linux

debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7, <> line 19.)
debconf: falling back to frontend: Teletype
dpkg-preconfigure: unable to re-open stdin:

Possible to use upstart?

Is it still possible to use upstart services with this baseimage? I'd like to orchestrate/setup docker containers with ansible playbooks that already rely on upstart services.

Would that work oob or do I have to install/fix stuff in the image first?

Log in without keys

I am using the baseimage to create a bioinformatics analysis images that we can run on bare metal, vms, or in the cloud. I have added the core users in the dockerfile and now I would like to allow these users to log in without a key -- you know, with just their password

everytime I try to do this I get this

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
cd:3a:28:db:45:d7:43:de:9f:37:6a:4a:8e:34:39:85.
Please contact your system administrator.
Add correct host key in /home/tlaurent/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/tlaurent/.ssh/known_hosts:17
  remove with: ssh-keygen -f "/home/tlaurent/.ssh/known_hosts" -R 172.17.0.2
ECDSA host key for 172.17.0.2 has changed and you have requested strict checking.
Host key verification failed.

Is there a good way I can make the system just be a container we can ssh into without
using key files?

Permission denied errors

I'm having some trouble with phusion/baseimage resulting in "Permission denied" errors. Here's an example:

 docker run --rm -it phusion/baseimage:0.9.9 /sbin/my_init -- bash
*** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
No SSH host key available. Generating one...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 74
*** Running bash...
root@993e4c770d14:/# addgroup --gid 9999 app && adduser --uid 9999 --gid 9999 --disabled-password --gecos "Application" app && usermod -L app
Adding group `app' (GID 9999) ...
Done.
Adding user `app' ...
Adding new user `app' (9999) with group `app' ...
Creating home directory `/home/app' ...
Copying files from `/etc/skel' ...

root@993e4c770d14:/# setuser app touch /tmp/foo
touch: cannot touch `/tmp/foo': Permission denied

root@993e4c770d14:/# setuser app bash -c 'echo foo > /dev/null'
bash: /dev/null: Permission denied

As you can see, after booting a container, a new non-root user is unable to create a file in /tmp or write to /dev/null.

Any ideas? Thanks.

add-apt-repository fail

Probably not a baseimage bug in the line of ca-certificates missings but fail ...

Dockerfile

# nas
# VERSION 0.1.9

FROM phusion/baseimage:0.9.10
MAINTAINER bySabi <[email protected]>

RUN \
    apt-get update 1>/dev/null && apt-get upgrade -y -q --no-install-recommends && \
    apt-get install -y --no-install-recommends python-software-properties ca-certificates

RUN add-apt-repository -y ppa:nginx/stable

Fail with:

/bin/sh: 1: add-apt-repository: not found

Any sugesstion to solved?

baseimage-docker based on newer ubuntu versions?

Any plans to provide baseimage-docker based on newer Ubuntu versions, e.g. the currently latest 13.10? I don't find the benefits of LTS compelling for containers.

Would forking this repo be the simplest path? And would you anticipate any major issues building this image based on ubuntu:13.10?

Thanks!

enabling insecure key at runtime

I feel uncomfortable publishing a docker image based on baseimage with the insecure key enabled. However I would like end users to be able to easily enable the insecure key.

What about adding a new argument to my_init, let say --enable-insecure-key that would take care of that ?

my_init: OSError: [Errno 10] No child processes

I'm intermittently seeing this error:

++ docker run --rm image_name_here /sbin/my_init --quiet --skip-runit -- true
*** An error occurred. Aborting.
Traceback (most recent call last):
  File "/sbin/my_init", line 311, in <module>
    main(args)
  File "/sbin/my_init", line 259, in main
    exit_code = waitpid_reap_other_children(pid)
  File "/sbin/my_init", line 108, in waitpid_reap_other_children
    this_pid, status = os.waitpid(-1, 0)
OSError: [Errno 10] No child processes

`docker run` envs don't override those in `/etc/container_environment`

I'm trying to use /etc/container_environment as a way to bake "default" values for environment variables into a Docker image. I then want to optionally override these values using docker run --env=....

Consider the following Dockerfile:

FROM phusion/baseimage
RUN echo "foo" >/etc/container_environment/FOO

I use this to produce an image named env-test:

$ docker build -t env-test .

Then I can see that an env FOO is set within the container:

$ docker run --rm env-test my_init --skip-runit --quiet -- env 2>/dev/null | grep FOO
FOO=foo

When I attempt to provide a different value of FOO using the --env option for docker run, it doesn't override the original value:

$ docker run --rm --env FOO=bar env-test my_init --skip-runit --quiet -- env 2>/dev/null | grep FOO
FOO=foo

Is this expected? It seems incorrect to me.

Strange issue on trying to resolve smtp.office365.com

Hi,
I have a problem that's puzzling me: although I can ping and resolve smtp.office365.com from inside a container, using netcat just hangs indefinitely, apparently because it cannot resolve the domain name. This problem seems to occur only with that specific domain name. To reproduce:

docker run --rm -t -i ubuntu /bin/bash
ping smtp.office365.com # Ok
netcat smtp.office365.com 587 # Hangs, no messages
netcat 132.245.211.249 587 # (One of the IPs smtp.office365.com resolves to) Ok
netcat smtp.gmail.com # (for example) Ok

I can reach smtp.office365.com from the host or from a machine on a different network.

Can you reproduce this? What's going on? I don't even know how to debug this. Using Docker version 0.11.1, build fb99f99.

Version 0.9.11 missing from index?

I'm getting the following error:

2014/05/16 20:39:02 Tag 0.9.11 not found in repository phusion/baseimage

What am I doing wrong?

remove contents of /var/lib/apt/lists/

apt-get update pulls files with over 80 MByte into the directory /var/lib/apt/lists/.
After building the image those files could be removed (in cleanup.sh):

rm -rf /var/lib/apt/lists/*

Support for Ubuntu 14.04 LTS

hello,
do you guys got a plan to migrate this base image to newest Ubuntu LTS version ?
Apart from that - well done. This image is exactly what I was looking for.

Regards,
Robert

syslog-ng failing to start

There is a problem that's causing syslog-ng failing to start since it can not access the kernel messages. I'm currently on the move and I can't make the change now but I'm posting the issue so I don't forget.

The solution is here: http://www.carrier-lost.org/syslog-ng-on-vserver-with-debian-lenny/

If when I'm back at my house you haven't fixed it yet I'll make a pull request.

my_init should have a mechanism to wait until all Runit services are started

I'm having around 300 images based on baseimage-docker and I'm running a script that will run a command on each of those (with /sbin/my_init -- as an entry point), wait for it to finish, do stuff, run next...

Several times, container hang with this message as last thing in log:

warning: /etc/service/cron: unable to open supervise/ok: file does not exist

except any of the cron / syslog / ssh could fail with this message.

I'm not having a reliable way to reproduce this.

Insertion failed because database is full: database or disk is full

OK so I am provisioning an analysis image and I have just hit an error :

➜  cloudbiolinux  sudo docker build -t szbifx/ai:0.1 .
Uploading context 43.01 kB
Uploading context
Step 0 : FROM phusion/baseimage
 ---> 745d3ac92697
Step 1 : MAINTAINER Timothy Laurent
 ---> Using cache
 ---> 5a3ca3a81560
Step 2 : RUN apt-get update && apt-get install -y -q git build-essential autotools-dev automake pkg-config curl wget && apt-get clean
 ---> Using cache
 ---> 4dab4dcba94d
Step 3 : RUN mkdir /install && cd install ;    apt-get update ; apt-get install python-setuptools python-dev -y -q && apt-get clean
2014/04/30 09:54:25 Insertion failed because database is full: database or disk is full

docker info shows :

➜  cloudbiolinux  sudo docker info
Containers: 54
Images: 80
Storage Driver: devicemapper
 Pool Name: docker-8:21-656129-pool
 Data file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata
 Data Space Used: 0.0 Mb
 Data Space Total: 0.0 Mb
 Metadata Space Used: 0.0 Mb
 Metadata Space Total: 0.0 Mb
Execution Driver: native-0.1
Kernel Version: 3.8.0-39-generic
WARNING: No swap limit support

OK so what happened to the devicemapper space?

Yesterday I hit the 10GB limit for devicemapper. I can't wait until that limit is gone. But not it looks like I don't have any space.

What is going on here??

cannot pull phusion/baseimage

Possibly a docker index issue, I don't know. I'm running docker on ubuntu 13.10 on esxi 5.1 on a speedy fiber connection in canada

"docker pull phusion/baseimage" fails over and over

Pulling repository phusion/baseimage
65e9dbc42589: Error pulling image (latest) from phusion/baseimage, link /opt/docker_runtime/docker/devicemapper/mnt/444041ffab2cdeced4f5254da0680282055f768e64cc6e77c31b921160e980e2/rootfs/.wh..wh.plnk/317.929004a9f93affd469: Download complete 
99e64f286549: Download complete 
8dbd9e392a96: Download complete 
15fda1f601cb: Download complete 
a092c0d9e4a9: Download complete 
5ba4bd3b42b5: Download complete 
87081acac42d: Download complete 
444041ffab2c: Error downloading dependent layers 
8b4daf651a99: Download complete 
27a4ee5782fb: Download complete 
b45f1125208a: Download complete 
1430b0dcd3fc: Download complete 
816b6817e295: Download complete 
0112363aa85e: Download complete 
a19f2a8d5b34: Download complete 
b1f6df7052a1: Download complete 
dc5551da37ca: Download complete 
7be9d12a2177: Download complete 
afe99d7ac3c2: Download complete 
7228d468b63c: Download complete 
2014/01/15 17:45:14 Could not find repository on any of the indexed registries.

my_init is not waitpid'ing correctly

My_init's waitpid algorithm currently involves waiting for any child process, until the requested child process is waited for. This normally works well, but not when my_init has to wait for multiple processes, such as when shutting down Runit. The wait for a non-Runit process could have reaped Runit, causing a future wait for Runit to fail.

SSH does not preserve ENV variables

Dockfile used for test:

FROM phusion/baseimage:0.9.9

ENV LANG en_US.UTF-8
ENV LANGUAGE en_US.UTF-8
ENV LC_ALL en_US.UTF-8

RUN /etc/my_init.d/00_regen_ssh_host_keys.sh && \
    rm /etc/my_init.d/00_regen_ssh_host_keys.sh

RUN /usr/sbin/enable_insecure_key

CMD ["/sbin/my_init"]

Testing via `docker run`

$ docker run -i e38194b7ec6f my_init -- env
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 8
*** Running env...
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
HOSTNAME=97b73766a684
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
INITRD=no
LC_ALL=en_US.UTF-8
HOME=/root
*** env exited with exit code 0.
*** Shutting down runit daemon (PID 8)...
*** Killing all processes...

Testing via ssh execute

$ ssh [email protected] env
SHELL=/bin/bash
SSH_CLIENT=172.17.42.1 37381 22
USER=root
MAIL=/var/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
PWD=/root
SHLVL=1
HOME=/root
LOGNAME=root
SSH_CONNECTION=172.17.42.1 37381 172.17.0.2 22
_=/usr/bin/env

Testing via ssh -> env

$ ssh [email protected]
Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.8.0-35-generic x86_64)

 * Documentation:  https://help.ubuntu.com/
root@83fc7ad57eaf:~# env
TERM=xterm-256color
SHELL=/bin/bash
SSH_CLIENT=172.17.42.1 37382 22
SSH_TTY=/dev/pts/0
USER=root
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:d... <cut>
MAIL=/var/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
PWD=/root
SHLVL=1
HOME=/root
LOGNAME=root
SSH_CONNECTION=172.17.42.1 37382 172.17.0.2 22
LESSOPEN=| /usr/bin/lesspipe %s
LESSCLOSE=/usr/bin/lesspipe %s %s
_=/usr/bin/env

Expected behavior

Env variables set via Dockerfile or container environments.

adding service logrotate ?

I have yet no experience with long running container based on phusion/baseimage, but I wonder if some of the log files might grow beyond reasonable.

Would not installing logrotate by default be wise ?

weird problem

The dockerfile below crashes after I uncomment these 4 lines shown below in the docker file:

#RUN touch "/etc/php5/fpm/conf.d/20-mongo.ini"
#RUN touch "/etc/php5/cli/conf.d/20-mongo.ini"
#RUN echo "extension=mongo.so" >> /etc/php5/fpm/conf.d/20-mongo.ini
#RUN echo "extension=mongo.so" >> /etc/php5/cli/conf.d/20-mongo.ini

here:

FROM phusion/baseimage:0.9.9

ENV HOME /root

RUN /etc/my_init.d/00_regen_ssh_host_keys.sh

CMD ["/sbin/my_init"]

# Some Environment Variables
ENV    DEBIAN_FRONTEND noninteractive

# Nginx-PHP Installation
RUN apt-get update
RUN apt-get install -y vim curl wget build-essential python-software-properties
RUN add-apt-repository -y ppa:ondrej/php5
RUN add-apt-repository -y ppa:nginx/stable
RUN apt-get update
RUN apt-get install -y php-pear php5-dev php5-cli php5-fpm php5-mysql php5-pgsql \
            php5-sqlite php5-curl php5-gd php5-mcrypt php5-intl php5-imap php5-tidy
RUN yes '' | pecl install mongo
RUN touch "/etc/php5/fpm/conf.d/20-mongo.ini"
RUN touch "/etc/php5/cli/conf.d/20-mongo.ini"
RUN echo "extension=mongo.so" >> /etc/php5/fpm/conf.d/20-mongo.ini
RUN echo "extension=mongo.so" >> /etc/php5/cli/conf.d/20-mongo.ini

RUN sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php5/fpm/php.ini
RUN sed -i "s/;date.timezone =.*/date.timezone = UTC/" /etc/php5/cli/php.ini

RUN apt-get install -y nginx

RUN echo "daemon off;" >> /etc/nginx/nginx.conf
RUN sed -i -e "s/;daemonize\s*=\s*yes/daemonize = no/g" /etc/php5/fpm/php-fpm.conf
RUN sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php5/fpm/php.ini

RUN mkdir           /var/www
ADD build/default   /etc/nginx/sites-available/default
RUN mkdir           /etc/service/nginx
ADD build/nginx.sh  /etc/service/nginx/run
RUN chmod +x        /etc/service/nginx/run
RUN mkdir           /etc/service/phpfpm
ADD build/phpfpm.sh /etc/service/phpfpm/run
RUN chmod +x        /etc/service/phpfpm/run

EXPOSE 80
EXPOSE 81
# End Nginx-PHP

RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

why when running such a container would crash? can someone please explain?

[question] Trusty (14.04) Ubuntu

Hey!
I use this base image for most docker stuff - I was wondering if there were plans for a base image for 14.04?

Thanks

`my_init` crashes entire Mac OS 10.9.2 system

Running my_init on Mac OS 10.9.2 crashes the entire system, dumping it to a blank grey screen and requiring a reboot.

Warning, by the nature of this issue, running the examples may crash your system.

This first happened when I invoked my_init from Mac OS to test exit status fixes for #45:

python my_init --skip-runit -- bash -c "exit 42"

A simpler and more universal test-case:

URL="https://raw.githubusercontent.com/phusion/baseimage-docker/master/image/my_init"
curl $URL | /usr/bin/python

I get the same crash with:

System Python 2.7.5 at /usr/bin/python
Homebrew Python 2.7.6 at /usr/local/bin/python

I realize Mac OS isn't the target system for this program, but it'd be nice to be able to test e.g. exit status bugs on any python-capable system, and the crash is very strange.

Release 0.9.10 not CA certificates

I think, in some point 0.9.10 image lost ca-certificates. Now I have to add:
apt-get install ca-certificates to Dockerfile for properly fetch https urls.

Error pulling image (0.9.8) from phusion/baseimage, flate: read error at offset 42110970: unexpected EOF : read error at offset 42110970: unexpected EOF

I was just trying baseimage for the first time and I keep hitting this error, any thoughts?

Step 0 : FROM phusion/baseimage:0.9.8
Pulling repository phusion/baseimage
83bc4d21347b: Error pulling image (0.9.8) from phusion/baseimage, flate: read error at offset 42110970: unexpected EOF : read error at offset 42110970: unexpected EOF
``

exposed port 80 and 443

I wonder why are ports 80 and 443 exposed in the Dockerfile.
Is this a mistake or is there any undocumented feature behind those ports ?

How to run one or two commands?

I tried this and it works:

docker run -i -t myimage my_init -- echo 'lol'

But then I tried this and didn't work:

$ docker run -i -t myimage my_init -- cd /srv
cd exited with exit code 32512

What I really want to do is go to certain directory and then execute certain script (the script uses relative paths so I can't execute it directly, I have to cd to the directory first). The cd part already is supposed to happen in ~/.bashrc, but apparently it hasn't been executed yet. Is there a way to make my command execute after ~/.bashrc? If that's not possible, I would like to simply run two commands: cd into that directory and then execute the script.

FROM racker/ubuntu-with-updates

@pquerna has a pretty interesting blog post around some additional improvements that might be useful.

Vagrant "There are errors in the configuration of this machine"

I may be being utterly stupid here, as I'm struggling to get to grips with Docker on OSX and am having to use Vagrant to do so. I think this'd be much easier with Vagrant out of the mix, but that isn't an option for me.

I assumed that I could just download this repository, navigate into the directory, and run

vagrant up --provider=docker

As there's a Vagrantfile included in the repo. But if I do I get the following output:

Bringing machine 'default' up with 'docker' provider...
There are errors in the configuration of this machine. Please fix
the following errors and try again:

docker provider:
* One of "build_dir" or "image" must be set

I'm running Vagrant 1.6.3.

I'd originally tried following the Vagrant blog post ( http://www.vagrantup.com/blog/feature-preview-vagrant-1-6-docker-dev-environments.html ) but that doesn't work either, it appears that the phusion.key isn't something that 'just exists' and I've not been able to follow how to get any Docker environment up and running via Vagrant with SSH support.