By continuing you indicate that you have read and agree to our Terms of service and Privacy policy
by moby Go Version: v23.0.0-rc.3 License: Apache-2.0
by moby Go Version: v23.0.0-rc.3 License: Apache-2.0
Support
Quality
Security
License
Reuse
kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample Here
Get all kandi verified functions for this library.
Get all kandi verified functions for this library.
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
QUESTION
Select with joins in a unique table system
Asked 2022-Apr-11 at 03:19I am trying to build an SQL query on an omekaS database to extract books with a specific title and date.
In this system, the table holding the values is called value
, and the relevant attributes are as so :
value
-id (pk)
-resource_id
-type (int)
-value
The resource_Id
is the identifier through the db
Value is one field; like the book "Moby Dick" written in 1822 (random date) would look like this in db. Type tells us what is it (arbitrarily, 1
is titles and 2
is publishing year)
Id | resource_id | type | value |
---|---|---|---|
1 | 1 | 1 | Moby dick |
2 | 1 | 2 | 1822 |
I need to take all books with a certain title, published in a set of years
Basically
Select all the columns from value
Where value is a title and of type title
And value is in a set of years
And with all these having the same resource_id
I get lost, and I have no idea how to do this.
What would be the best way?
Thanks
ANSWER
Answered 2022-Apr-11 at 00:47If you need to check more types, you can check with AND EXISTS (SELECT 1 FROM ...WHERE type = 3 AND ...)
if the conditions are met
I renemd the table name, it is confusing to use cloumn names and table names with identical names.
CREATE TABLE books (
`Id` INTEGER,
`resource_id` INTEGER,
`type` INTEGER,
`value` VARCHAR(20)
);
INSERT INTO books
(`Id`, `resource_id`, `type`, `value`)
VALUES
('1', '1', '1', 'Moby Dick'),
('2', '1', '2', '1822');
SELECT `resource_id`, `value` FROM books
WHERE `type` = 1 AND `resource_id` IN (SELECT `resource_id` FROM books WHERE `type`= 2 AND `value` IN ('1822','1984'))
resource_id | value ----------: | :-------- 1 | Moby Dick
SELECT b1.`resource_id`, b1.`value` , b2.`value`
FROM books b1 INNER JOIN books b2 ON b1.`resource_id` = b2.`resource_id` and b2.`type`= 2
WHERE b1. `type` = 1 ANd b1.`resource_id` IN (SELECT `resource_id` FROM books WHERE `type`= 2 AND `value` IN ('1822','1984'))
resource_id | value | value ----------: | :-------- | :---- 1 | Moby Dick | 1822
db<>fiddle here
QUESTION
How to filter an array and get the filtered length?
Asked 2022-Mar-28 at 09:35Use the typical json as an example:
{ "store": {
"book": [
{ "category": "reference",
"author": "Nigel Rees",
"title": "Sayings of the Century",
"price": 8.95
},
{ "category": "fiction",
"author": "Evelyn Waugh",
"title": "Sword of Honour",
"price": 12.99
},
{ "category": "fiction",
"author": "Herman Melville",
"title": "Moby Dick",
"isbn": "0-553-21311-3",
"price": 8.99
},
{ "category": "fiction",
"author": "J. R. R. Tolkien",
"title": "The Lord of the Rings",
"isbn": "0-395-19395-8",
"price": 22.99
}
],
"bicycle": {
"color": "red",
"price": 19.95
}
}
}
I want filter the books, and get the filter result array size.
I write the json path as: $..book[?(@.category in ['fiction'])].size()
The expected value is 3. But actually I got 14.
Tried $..book[?(@.category in ['fiction'])].length()
Still got same result: 14
ANSWER
Answered 2022-Mar-22 at 09:42Why don't you use something like this:
int count = 0;
for (Book book : store) {
count = book.category.equals('fiction')? count+1 : count;
}
QUESTION
Svn checkout has no response in the docker image of Ubuntu 22.04
Asked 2022-Feb-14 at 12:43I ran the following command, it seems to be stuck, neither error nor success:
docker run --rm ubuntu:22.04 /bin/bash -c "apt-get update && apt-get install -y subversion && svn co https://github.com/GPUOpen-LibrariesAndSDKs/AMF/trunk/amf/public/include --non-interactive amf-headers"
also I tried debug log,still no output:
docker run --rm ubuntu:22.04 /bin/bash -c "apt-get update && apt-get install -y subversion && svn co https://github.com/GPUOpen-LibrariesAndSDKs/AMF/trunk/amf/public/include --non-interactive --config-option servers:global:neon-debug-mask=1073741824 amf-headers"
so I tried ubuntu 20.04 and it at least gives an error:
docker run --rm ubuntu:20.04 /bin/bash -c "apt-get update && apt-get install -yqq subversion && svn co https://github.com/GPUOpen-LibrariesAndSDKs/AMF/trunk/amf/public/include --non-interactive amf-headers"
svn: E170013: Unable to connect to a repository at URL 'https://github.com/GPUOpen-LibrariesAndSDKs/AMF/trunk/amf/public/include'
svn: E230001: Server SSL certificate verification failed: issuer is not trusted
Why does svn have no response on Ubuntu 22.04?
If it is an ssl certificate problem like ubuntu 20.04, it should also give an error message instead of nothing
more detail:
GitHub repositories can be accessed from both Git and Subversion (SVN) clients doc
I do all the test with github action(ubuntu-latest/ubuntu-20.04),Included Software
test workflow:
name: Test
on:
push:
branches: [ main ]
workflow_dispatch:
jobs:
Test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
version: ["22.04", "21.10", "21.04", "20.04"]
steps:
- name: Test
timeout-minutes: 5
shell: bash
run: |
docker run --rm ubuntu:${{ matrix.version }} /bin/bash -c "apt-get update && apt-get install -yqq subversion && svn co https://github.com/GPUOpen-LibrariesAndSDKs/AMF/trunk/amf/public/include --non-interactive amf-headers"
If you really want konw where I used this command,you can try using https://github.com/shinchiro/mpv-winbuild-cmake to build mpv with docker image ubuntu:22.04.The toolchain use svn to download some files.
ANSWER
Answered 2022-Feb-14 at 12:43This is a bug in current Ubuntu 22.04 development version filed as bug #1959717 - I guess we have to wait until it gets fixed.
QUESTION
What is the equivalent of --add-host=host.docker.internal:host-gateway in a Compose file
Asked 2022-Feb-07 at 21:32Starting from Docker version 20.10
(https://github.com/moby/moby/pull/40007), there is a new special string host-gateway
that one can use within the --add-host
run flag to allow a direct connection from inside a docker container to the local machine on Linux based systems. And this is very nice.
But what is the equivalent of --add-host=host.docker.internal:host-gateway
in a Compose file?
e.g. in:
$ docker run \
--rm \
--name postgres \
-p "5433:5432" \
-e POSTGRES_PASSWORD=**** \
--add-host=host.docker.internal:host-gateway \
-d postgres:14.1-bullseye
How would the same --add-host
flag fit in this Docker Compose equivalent template:
version: '3.9'
services:
postgres:
image: postgres:14.1-bullseye
environment:
POSTGRES_PASSWORD: ****
ports:
- "5433:5432"
It's for sure not: network_mode: host
at the service level (see #Doc).
ANSWER
Answered 2022-Feb-07 at 21:32The actual Docker Compose equivalent is achieved by appending the same string to the extra_hosts
parameters (#Doc) as:
version: '3.9'
services:
postgres:
image: postgres:14.1-bullseye
environment:
POSTGRES_PASSWORD: ****
ports:
- "5433:5432"
extra_hosts:
- "host.docker.internal:host-gateway"
You can see it has been successfully mapped to the IP of the docker0
interface, here 172.17.0.1
, from inside your container, e.g.:
$ docker-compose up -d
$ docker-compose exec postgres bash
then, from inside the container:
root@5864db7d7fba:/# apt update && apt -y install netcat
root@5864db7d7fba:/# nc -vz host.docker.internal 80
Connection to host.docker.internal (172.17.0.1) 80 port [tcp/http] succeeded!
(assuming port 80 is not closed or constrained to the IP of the docker0
interface by a firewall on the host machine).
More on this can be found here:
https://medium.com/@TimvanBaarsen/how-to-connect-to-the-docker-host-from-inside-a-docker-container-112b4c71bc66
But... beware...
This will normally always match the 172.17.0.1
IP of the docker0
interface on the host machine. Hence, if you spin-up a container using a Compose file (so, not by using docker run
), chances are infinitely high that this container will rely on the network created during the build of the Compose services. And this network will use a random Gateway address of the form 172.xxx.0.1
which will for sure be different than the 172.17.0.1
default docker Gateway, this can for example be 172.22.0.1
.
This can cause you some troubles if for example you only explicitly authorized connections from 172.17.0.1
to a port of a local service on the host machine.
Indeed, it will not be possible to ping the port of that service from inside the container, precisely because of this differently assigned Gateway address (172.22.0.1
).
Therefore, and because you cannot know in advance which Gateway address the Compose network will have, I highly recommend that you wisely build a custom network
definition in the Compose file, e.g.:
version: '3.9'
networks:
network1:
name: my-network
attachable: true
ipam:
driver: default
config:
- subnet: 172.18.0.0/16
ip_range: 172.18.5.0/24
gateway: 172.18.0.1
services:
postgres:
image: postgres:14.1-bullseye
environment:
POSTGRES_PASSWORD: ****
ports:
- "5433:5432"
networks:
- network1
If needed, I also recommend using some IP range calculator tool, such as http://jodies.de/ipcalc?host=172.18.5.0&mask1=24&mask2= to help yourself in that task, especially when defining ranges using the CIDR notation.
Finally, spin up your container. And verify that the newly specified Gateway address 172.18.0.1
has been correctly used:
$ docker inspect tmp_postgres_1 -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}'
172.18.0.1
Attach to it, install netcat
and verify:
root@9fe8de220d44:/# nc -vz 172.18.0.1 80
Connection to 172.18.0.1 80 port [tcp/http] succeeded!
(you may also need to adapt your firewall rules accordingly and/or the allowed IPs for your local service, e.g. a database)
Another solutionis to connect to the existing default bridge
network using docker network
. In order to do so, after having spin up the container, run this command:
$ docker network connect bridge tmp_postgres_1
Now, an inspect should give you two IPs; the one you set up (if any) or the one auto-magically set up by docker during the container creation, and the bridge
IP:
$ docker inspect tmp_postgres_1 -f '{{range .NetworkSettings.Networks}}{{.Gateway}}{{end}}'
172.17.0.1 172.18.0.1
you can skip the manual network creation and directy tell, in your Compose service definition, to join the bridge
network using the network_mode:
flag as follow:
version: '3.9'
services:
postgres:
image: postgres:14.1-bullseye
environment:
POSTGRES_PASSWORD: ****
ports:
- "5433:5432"
# removed networks: and add this:
network_mode: bridge
extra_hosts:
- "host.docker.internal:host-gateway"
Now, whether you used the docker network connect...
method or the network_mode:
flag in your Compose file, you normally succesfully joined the default bridge
network with the Gateway 172.17.0.1
, this will allow you to use that Gateway IP to connect to your host, either by typing its numerical value, or if set, the variable host.docker.internal
:
root@9fe8de220d44:/# nc -vz 172.18.0.1 80
Connection to 172.18.0.1 80 port [tcp/http] succeeded!
root@9fe8de220d44:/# nc -vz 172.17.0.1 80
Connection to 172.18.0.1 80 port [tcp/http] succeeded!
root@9fe8de220d44:/# nc -vz host.docker.internal 80
Connection to host.docker.internal (172.17.0.1) 80 port [tcp/http] succeeded!
⚠️ But by joining the bridge
network, you also makes it possible for your container to communicate with all other containers on that network (if they have published ports), and vice-versa. So if you need to clearly keep it apart from these other containers, you preferably don't want to do that and stick with its own custom network!
In case you messed up your docker network after some trials, you may face such error message:
Creating tmp_postgres_1 ... error
ERROR: for tmp_postgres_1 Cannot start service postgres: failed to create endpoint tmp_postgres_1 on network bridge: network 895de42e2a0bdaab5423a6356a079fae55aae41ae268ee887ed214bd6fd88486 does not exist
ERROR: for postgress Cannot start service postgres: failed to create endpoint tmp_postgres_1 on network bridge: network 895de42e2a0bdaab5423a6356a079fae55aae41ae268ee887ed214bd6fd88486 does not exist
ERROR: Encountered errors while bringing up the project.
even so the 895de42e2a0bdaab5423a6356a079fae55aae41ae268ee887ed214bd6fd88486
bridge network does actually exist, you have to clean all that either by restarting your computer or in the luckiest case, the docker service with:
$ sudo service docker restart
(a docker networkd prune -f
may not be sufficient).
More in the documentation:
https://docs.docker.com/compose/networking/
https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
https://github.com/compose-spec/compose-spec/blob/master/spec.md#networks-top-level-element
Tested on a host machine having the following specs:
Ubuntu: 18.04.6 LTS
Kernel: 5.4.0-94-generic
Docker: 20.10.12, build e91ed57
Docker Compose: 1.27.4, build 40524192
QUESTION
How is computed the image id in the Docker image manifest?
Asked 2022-Jan-31 at 01:10Stating the documentation the Docker image Id is computed as sha256 checksum of the image config json.
For example, for the classic hello-world image I can see the following image id
» docker images --no-trunc
reg.ngrok.io/library/hello-world latest sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412 4 months ago 13.3kB
However, in the image tar I can see the following image config json content
{
"architecture":"amd64",
"config":{
"Hostname":"",
"Domainname":"",
"User":"",
"AttachStdin":false,
"AttachStdout":false,
"AttachStderr":false,
"Tty":false,
"OpenStdin":false,
"StdinOnce":false,
"Env":[
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd":[
"/hello"
],
"Image":"sha256:b9935d4e8431fb1a7f0989304ec86b3329a99a25f5efdc7f09f3f8c41434ca6d",
"Volumes":null,
"WorkingDir":"",
"Entrypoint":null,
"OnBuild":null,
"Labels":null
},
"container":"8746661ca3c2f215da94e6d3f7dfdcafaff5ec0b21c9aff6af3dc379a82fbc72",
"container_config":{
"Hostname":"8746661ca3c2",
"Domainname":"",
"User":"",
"AttachStdin":false,
"AttachStdout":false,
"AttachStderr":false,
"Tty":false,
"OpenStdin":false,
"StdinOnce":false,
"Env":[
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd":[
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"/hello\"]"
],
"Image":"sha256:b9935d4e8431fb1a7f0989304ec86b3329a99a25f5efdc7f09f3f8c41434ca6d",
"Volumes":null,
"WorkingDir":"",
"Entrypoint":null,
"OnBuild":null,
"Labels":{
}
},
"created":"2021-09-23T23:47:57.442225064Z",
"docker_version":"20.10.7",
"history":[
{
"created":"2021-09-23T23:47:57.098990892Z",
"created_by":"/bin/sh -c #(nop) COPY file:50563a97010fd7ce1ceebd1fa4f4891ac3decdf428333fb2683696f4358af6c2 in / "
},
{
"created":"2021-09-23T23:47:57.442225064Z",
"created_by":"/bin/sh -c #(nop) CMD [\"/hello\"]",
"empty_layer":true
}
],
"os":"linux",
"rootfs":{
"type":"layers",
"diff_ids":[
"sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359"
]
}
}
The above document contains the following attributes that do not match with the expected image id:
"Image":"sha256:b9935d4e8431fb1a7f0989304ec86b3329a99a25f5efdc7f09f3f8c41434ca6d"
"container":"8746661ca3c2f215da94e6d3f7dfdcafaff5ec0b21c9aff6af3dc379a82fbc72",
How those attributes are computed? could not find any documentation at this regard.
ANSWER
Answered 2022-Jan-31 at 01:10The config.Image, container, and container_config can all be ignored, you won't even see those fields when you build with other tools like buildkit. They come from how the classic builder creates images by creating dangling images for each build step, and this shows some of id's and randomly generated numbers associated with those previous steps.
Since I don't have your image, I'm going to work through an example with busybox cloned to my local registry:
$ docker image ls --no-trunc localhost:5000/library/busybox
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost:5000/library/busybox inspect sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a 4 weeks ago 1.24MB
localhost:5000/library/busybox latest sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a 4 weeks ago 1.24MB
localhost:5000/library/busybox <none> sha256:cabb9f684f8ba3edb303d578bfd7d709d853539ea1b420a3f6c81a08e85bb3d7 3 months ago 1.24MB
The ID I'm looking for is sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a
. And I see that in the image inspect:
$ docker inspect localhost:5000/library/busybox
[
{
"Id": "sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a",
"RepoTags": [
"busybox:latest",
"localhost:5000/library/busybox:inspect",
"localhost:5000/library/busybox:latest"
],
"RepoDigests": [
"busybox@sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678",
"localhost:5000/library/busybox@sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678",
"localhost:5000/library/busybox@sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee"
],
"Parent": "",
"Comment": "",
"Created": "2021-12-30T19:19:41.006954958Z",
"Container": "a0007fa726185ffbcb68e90f8edabedd79a08949f32f4f0bcc6e5fed713a72c8",
"ContainerConfig": {
"Hostname": "a0007fa72618",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"sh\"]"
],
"Image": "sha256:da658412c37aa24e561eb7e16c61bc82a9711340d8fb5cf1a8f39d8e96d7f723",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"DockerVersion": "20.10.7",
"Author": "",
"Config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"sh"
],
"Image": "sha256:da658412c37aa24e561eb7e16c61bc82a9711340d8fb5cf1a8f39d8e96d7f723",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"Architecture": "amd64",
"Os": "linux",
"Size": 1239820,
"VirtualSize": 1239820,
"GraphDriver": {
"Data": {
"MergedDir": "/home/docker/overlay2/558763c3b913289624792cf7f43a9b22a30f65eaab714b26d7da2a977070070a/merged",
"UpperDir": "/home/docker/overlay2/558763c3b913289624792cf7f43a9b22a30f65eaab714b26d7da2a977070070a/diff",
"WorkDir": "/home/docker/overlay2/558763c3b913289624792cf7f43a9b22a30f65eaab714b26d7da2a977070070a/work"
},
"Name": "overlay2"
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:01fd6df81c8ec7dd24bbbd72342671f41813f992999a3471b9d9cbc44ad88374"
]
},
"Metadata": {
"LastTagTime": "2022-01-30T19:48:56.850389545-05:00"
}
}
]
For computing the config digest, I'm going to look at the image as it is on the registry. The config should look the same there:
$ regctl image inspect localhost:5000/library/busybox --format raw-body | jq .
{
"architecture": "amd64",
"config": {
"Hostname": "",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"sh"
],
"Image": "sha256:da658412c37aa24e561eb7e16c61bc82a9711340d8fb5cf1a8f39d8e96d7f723",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": null
},
"container": "a0007fa726185ffbcb68e90f8edabedd79a08949f32f4f0bcc6e5fed713a72c8",
"container_config": {
"Hostname": "a0007fa72618",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"sh\"]"
],
"Image": "sha256:da658412c37aa24e561eb7e16c61bc82a9711340d8fb5cf1a8f39d8e96d7f723",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"created": "2021-12-30T19:19:41.006954958Z",
"docker_version": "20.10.7",
"history": [
{
"created": "2021-12-30T19:19:40.833034683Z",
"created_by": "/bin/sh -c #(nop) ADD file:6db446a57cbd2b7f4cfde1f280177b458390ed5a6d1b54c6169522bc2c4d838e in / "
},
{
"created": "2021-12-30T19:19:41.006954958Z",
"created_by": "/bin/sh -c #(nop) CMD [\"sh\"]",
"empty_layer": true
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:01fd6df81c8ec7dd24bbbd72342671f41813f992999a3471b9d9cbc44ad88374"
]
}
}
And running that original config (without jq formatting) through a sha256sum, you see the desired "image id" value:
$ regctl image inspect localhost:5000/library/busybox --format raw-body | sha256sum
beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a -
This same digest is visible in the image manifest. Images are made up of content addressable storage, so the digest of each of the components is calculated and pushed to the registry before the manifest is pushed:
$ regctl image manifest localhost:5000/library/busybox
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 1456,
"digest": "sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 772788,
"digest": "sha256:5cc84ad355aaa64f46ea9c7bbcc319a9d808ab15088a27209c9e70ef86e5a2aa"
}
]
}
That manifest itself has a digest, which you can compute by calculating the sha256sum on itself, and you'll see the same digest in the manifest list of multi-platform images:
$ regctl image manifest localhost:5000/library/busybox --format raw-body | sha256sum
62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee -
$ regctl image manifest --list localhost:5000/library/busybox --format '{{ jsonPretty . }}'
{
"manifests": [
{
"digest": "sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "amd64",
"os": "linux"
},
"size": 527
},
{
"digest": "sha256:ca038f83e1a3a6a08b539830ca3beefb503a3989cc1f19c265ae4e624a45a9cc",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v5"
},
"size": 527
},
{
"digest": "sha256:b27cc98025245c0e746b201d5c773faff99869ae58585090182e18d7c5e8a5e2",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v6"
},
"size": 527
},
{
"digest": "sha256:4ca297c4a8fdaf9806239ddcaf7c91266614c15d2c50b1acc96c0401ed18e544",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "arm",
"os": "linux",
"variant": "v7"
},
"size": 527
},
{
"digest": "sha256:a77fe109c026308f149d36484d795b42efe0fd29b332be9071f63e1634c36ac9",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "arm64",
"os": "linux",
"variant": "v8"
},
"size": 527
},
{
"digest": "sha256:839f94220ea4ab84e1b6364f7c3f311085a51904d4f5d76d022aead017fe2e1a",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "386",
"os": "linux"
},
"size": 527
},
{
"digest": "sha256:04b9b3684bf435766a3ec5f31f7db0b27ace0c13f4f9d514724432e96b0e7ccd",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "mips64le",
"os": "linux"
},
"size": 527
},
{
"digest": "sha256:d70e38f76482b3e5b1be06dbfe7aaf9cac00bb00678931b6e14785bee41caf3d",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "ppc64le",
"os": "linux"
},
"size": 528
},
{
"digest": "sha256:22b3bb958147afeb0db0122c91cb7d8b3a9d691b0d4e532e0cf79078cc80916f",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "riscv64",
"os": "linux"
},
"size": 527
},
{
"digest": "sha256:6b52cb58f1bfdd3b6068cc91febb82668f2ee16939e926fa67bab898863b6139",
"mediaType": "application\/vnd.docker.distribution.manifest.v2+json",
"platform": {
"architecture": "s390x",
"os": "linux"
},
"size": 528
}
],
"mediaType": "application\/vnd.docker.distribution.manifest.list.v2+json",
"schemaVersion": 2
}
And even that multi-platform manifest has a digest, where both this and the platform specific digest appear in the RepoDigests in the image inspect:
$ regctl image manifest --list localhost:5000/library/busybox --format raw-body | sha256sum
5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678 -
Note the regctl
command here is my own, from regclient and similar tools can be found from Google's crane and RedHat's skopeo.
For more details on the image specification, I'd recommend looking at the OCI image spec.
QUESTION
Elastic Beanstalk environment is failing suddenly. Why?
Asked 2022-Jan-27 at 17:18I am at a complete loss and really freaking out, because this project of mine was close to being done. I will give out a bounty for the answer that helps me (when I can). I am desperate, please help.
I have an Elastic Beanstalk project that has been working fine for literally months. Today, I decide to enable and disable a port listener as seen in the photo below:
I enabled port 80
and then the website stopped working. So I was like "oh crap, I will change it back". But guess what? It is still broken. The code has not changed whatsoever, but the application is now broken and I am freaking out.
I have restarted the app servers, rebuilt the environment and nothing. I can't even access the environment site by clicking Go to environment
. I just see a Bad Gateway
message on screen. The health status of the environment when first deployed is OK
and then quickly goes to Severe
.
If my code has not changed, what is the deal here? How can I find out what is going on here? All I changed was that port, by enabling and then disabling again.
I have already come across this question: Question and I am already doing this. This environment variable is on my application.properties
file like this:
server.port=5000
and its been like this for months and HAS ALREADY been working. So this can't be the reason that it broke today. I even tried adding it directly to the environment variables in Elastic Beanstalk console and same result, still getting 502 Bad Gateway.
I also have a path for the health-check configured and this has not changed in months.
Here are the last 100 lines from my log file after health status goes to Severe
:
----------------------------------------
/var/log/eb-engine.log
----------------------------------------
2022/01/27 15:53:53.370165 [INFO] Running command /bin/sh -c docker tag af10382f81a4 aws_beanstalk/current-app
2022/01/27 15:53:53.489035 [INFO] Running command /bin/sh -c docker rmi aws_beanstalk/staging-app
2022/01/27 15:53:53.568222 [INFO] Untagged: aws_beanstalk/staging-app:latest
2022/01/27 15:53:53.568307 [INFO] Running command /bin/sh -c systemctl show -p PartOf eb-docker.service
2022/01/27 15:53:53.576541 [INFO] Running command /bin/sh -c systemctl daemon-reload
2022/01/27 15:53:53.712836 [INFO] Running command /bin/sh -c systemctl reset-failed
2022/01/27 15:53:53.720035 [INFO] Running command /bin/sh -c systemctl enable eb-docker.service
2022/01/27 15:53:53.866046 [INFO] Running command /bin/sh -c systemctl show -p PartOf eb-docker.service
2022/01/27 15:53:53.875112 [INFO] Running command /bin/sh -c systemctl is-active eb-docker.service
2022/01/27 15:53:53.886916 [INFO] Running command /bin/sh -c systemctl start eb-docker.service
2022/01/27 15:53:53.991608 [INFO] Running command /bin/sh -c systemctl show -p PartOf eb-docker-log.service
2022/01/27 15:53:54.002839 [INFO] Running command /bin/sh -c systemctl daemon-reload
2022/01/27 15:53:54.092602 [INFO] Running command /bin/sh -c systemctl reset-failed
2022/01/27 15:53:54.102854 [INFO] Running command /bin/sh -c systemctl enable eb-docker-log.service
2022/01/27 15:53:54.226561 [INFO] Running command /bin/sh -c systemctl show -p PartOf eb-docker-log.service
2022/01/27 15:53:54.246914 [INFO] Running command /bin/sh -c systemctl is-active eb-docker-log.service
2022/01/27 15:53:54.263293 [INFO] Running command /bin/sh -c systemctl start eb-docker-log.service
2022/01/27 15:53:54.433800 [INFO] docker container 3771e61e64ae is running aws_beanstalk/current-app
2022/01/27 15:53:54.433823 [INFO] Executing instruction: Clean up Docker
2022/01/27 15:53:54.433842 [INFO] Running command /bin/sh -c docker ps -aq
2022/01/27 15:53:54.638602 [INFO] 3771e61e64ae
2022/01/27 15:53:54.638644 [INFO] Running command /bin/sh -c docker images | sed 1d
2022/01/27 15:53:54.810723 [INFO] aws_beanstalk/current-app latest af10382f81a4 13 seconds ago 597MB
<none> <none> adafe645300e 24 seconds ago 732MB
openjdk 8 3bc5f7759e81 30 hours ago 526MB
maven 3.8.1-jdk-8 498ac51e5e6e 6 months ago 525MB
2022/01/27 15:53:54.810767 [INFO] save docker tag command: docker tag af10382f81a4 aws_beanstalk/current-app:latest
2022/01/27 15:53:54.810772 [INFO] save docker tag command: docker tag adafe645300e <none>:<none>
2022/01/27 15:53:54.810776 [INFO] save docker tag command: docker tag 3bc5f7759e81 openjdk:8
2022/01/27 15:53:54.810781 [INFO] save docker tag command: docker tag 498ac51e5e6e maven:3.8.1-jdk-8
2022/01/27 15:53:54.810793 [INFO] Running command /bin/sh -c docker rm `docker ps -aq`
2022/01/27 15:53:54.964217 [INFO] Running command /bin/sh -c docker rmi `docker images -aq`
2022/01/27 15:53:56.249352 [INFO] Deleted: sha256:adafe645300e41dd29b04abccf86a562ad5e635bd6afff9343b6a45721fb3a45
Deleted: sha256:b78c0f45b590e7c8c496466450e2fecf2e31044dd53bcf8d9c64a9e7a8c84139
Deleted: sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9
Deleted: sha256:a568ba4507a603b7ace044d64726daaf3022c817cc9550779d64dbb95d0e1e5d
Deleted: sha256:fe90a30920d18ecad75ec02e8c04894fbcaadc209529c3e5c14fdaa66d3a7bc9
Deleted: sha256:7c72fe5e2da958b5d44267aa9de538c274e70125c902bc3e663af4c5c87280dc
Untagged: maven:3.8.1-jdk-8
Untagged: maven@sha256:cba6d738a97e81e8845d60ee2662f020385d01d6135a2cf75bc1f5a84980ef88
Deleted: sha256:498ac51e5e6e99ae8646d007ed554587a4ceeab78a664dc7eedde7137c658e9e
Deleted: sha256:de026bec49cbc1fd7bd1bd7aa03d544713985e39bc0a913f4c0a59dbcc556715
Deleted: sha256:f5c45a5e495b035f37dc2e19d8ead0458cf0ad8b83d5573cc9b4016ea54814b6
Deleted: sha256:9f871694bb9a37f62b6baf12760480448d46e008c8c85f06dab5340b16d11a2b
Deleted: sha256:19a57d2c318dfeac5de4cac0a5263af560eff01c620100570c83658e12df0a87
Deleted: sha256:bc20a3f84b95792033865bff3c1cc53b060108ef2018b1913da3c8eddda77b99
Deleted: sha256:f33d6ed931ff64c63168af00c7544d148d01fda66831246572ff2bfcacbcf2d6
Deleted: sha256:017b9704876de2443b332b1dfec580d365184b514eb0af43f1d59637e77af9bb
Deleted: sha256:98fc59c935e697d6375f05f4fa29d0e1ef7e8ece61aed109056926983ada0ef4
Deleted: sha256:c21ff68b02e7caf277f5d356e8b323a95e8d3969dd1ab0d9f60e7c8b4a01c874
Deleted: sha256:afa3e488a0ee76983343f8aa759e4b7b898db65b715eb90abc81c181388374e3
2022/01/27 15:53:56.249384 [INFO] restore docker image name with command: docker tag af10382f81a4 aws_beanstalk/current-app:latest
2022/01/27 15:53:56.249393 [INFO] Running command /bin/sh -c docker tag af10382f81a4 aws_beanstalk/current-app:latest
2022/01/27 15:53:56.352957 [INFO] restore docker image name with command: docker tag adafe645300e <none>:<none>
2022/01/27 15:53:56.352988 [INFO] Running command /bin/sh -c docker tag adafe645300e <none>:<none>
2022/01/27 15:53:56.360403 [INFO] restore docker image name with command: docker tag 3bc5f7759e81 openjdk:8
2022/01/27 15:53:56.360437 [INFO] Running command /bin/sh -c docker tag 3bc5f7759e81 openjdk:8
2022/01/27 15:53:56.461652 [INFO] restore docker image name with command: docker tag 498ac51e5e6e maven:3.8.1-jdk-8
2022/01/27 15:53:56.461677 [INFO] Running command /bin/sh -c docker tag 498ac51e5e6e maven:3.8.1-jdk-8
2022/01/27 15:53:56.561836 [INFO] Executing instruction: start X-Ray
2022/01/27 15:53:56.561859 [INFO] X-Ray is not enabled.
2022/01/27 15:53:56.561863 [INFO] Executing instruction: configureSqsd
2022/01/27 15:53:56.561868 [INFO] This is a web server environment instance, skip configure sqsd daemon ...
2022/01/27 15:53:56.561871 [INFO] Executing instruction: startSqsd
2022/01/27 15:53:56.561874 [INFO] This is a web server environment instance, skip start sqsd daemon ...
2022/01/27 15:53:56.561877 [INFO] Executing instruction: Track pids in healthd
2022/01/27 15:53:56.561881 [INFO] This is an enhanced health env...
2022/01/27 15:53:56.561891 [INFO] Running command /bin/sh -c systemctl show -p ConsistsOf aws-eb.target | cut -d= -f2
2022/01/27 15:53:56.572170 [INFO] cfn-hup.service docker.service nginx.service healthd.service eb-docker-log.service eb-docker-events.service eb-docker.service
2022/01/27 15:53:56.572206 [INFO] Running command /bin/sh -c systemctl show -p ConsistsOf eb-app.target | cut -d= -f2
2022/01/27 15:53:56.583143 [INFO]
2022/01/27 15:53:56.583747 [INFO] Executing instruction: Configure Docker Container Logging
2022/01/27 15:53:56.587182 [INFO] Executing instruction: RunAppDeployPostDeployHooks
2022/01/27 15:53:56.587200 [INFO] The dir .platform/hooks/postdeploy/ does not exist in the application. Skipping this step...
2022/01/27 15:53:56.587204 [INFO] Executing cleanup logic
2022/01/27 15:53:56.587325 [INFO] CommandService Response: {"status":"SUCCESS","api_version":"1.0","results":[{"status":"SUCCESS","msg":"Engine execution has succeeded.","returncode":0,"events":[{"msg":"Instance deployment completed successfully.","timestamp":1643298836,"severity":"INFO"}]}]}
2022/01/27 15:53:56.587458 [INFO] Platform Engine finished execution on command: app-deploy
2022/01/27 15:56:08.141406 [INFO] Starting...
2022/01/27 15:56:08.141500 [INFO] Starting EBPlatform-PlatformEngine
2022/01/27 15:56:08.141523 [INFO] reading event message file
2022/01/27 15:56:08.141619 [INFO] no eb envtier info file found, skip loading env tier info.
2022/01/27 15:56:08.141697 [INFO] Engine received EB command cfn-hup-exec
2022/01/27 15:56:08.291283 [INFO] Running command /bin/sh -c /opt/aws/bin/cfn-get-metadata -s arn:aws:cloudformation:us-east-1:796071762232:stack/awseb-e-zzq77xp3px-stack/a072a330-7f88-11ec-8245-125e3f27604f -r AWSEBAutoScalingGroup --region us-east-1
2022/01/27 15:56:08.851246 [INFO] Running command /bin/sh -c /opt/aws/bin/cfn-get-metadata -s arn:aws:cloudformation:us-east-1:796071762232:stack/awseb-e-zzq77xp3px-stack/a072a330-7f88-11ec-8245-125e3f27604f -r AWSEBBeanstalkMetadata --region us-east-1
2022/01/27 15:56:09.238835 [INFO] checking whether command tail-log is applicable to this instance...
2022/01/27 15:56:09.238847 [INFO] this command is applicable to the instance, thus instance should execute command
2022/01/27 15:56:09.238849 [INFO] Engine command: (tail-log)
2022/01/27 15:56:09.238906 [INFO] Executing instruction: GetTailLogs
2022/01/27 15:56:09.238910 [INFO] Tail Logs...
2022/01/27 15:56:09.239208 [INFO] Running command /bin/sh -c tail -n 100 /var/log/eb-engine.log
----------------------------------------
/var/log/nginx/access.log
----------------------------------------
172.31.35.54 - - [27/Jan/2022:15:53:59 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\x82\x02\x92T\xC0\x06O\x7F\xAA\xB5=\xC8\x8Ca\x83v\xFF\xF7\x8E\xF2\xB9\xBDW\x1B\xB9\x9A\x91x\xB0\x81\xBF\xA6\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:54:14 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\xBAy5)=k\x1D\x19|\xF6\xBC\xB0B\x10\x0B$\xE8#\x06\x8B\xA1iY\xB4@@+-\x1F\xAC\x92&\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:54:29 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\x03\xBC\xF2\x93\x90uW\xC0\xA5f\xFFWz~K_\xF61\xAEsuY\xE2R\xE0\xBC&\xE7\xFB|\xDB\xC2\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:54:44 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\x84\xFD\xD5\xA5{\xF7\xDEr\x96\xEB" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:54:59 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\xBCU\xC9\x92=\xCBT\xC2\xB8RL\xA3\xF7\xE6\xD4s\xB8!A\xF2\x14\xC3" 400 157 "-" "-" "-"
172.31.85.167 - - [27/Jan/2022:15:55:09 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03f\x1B\xB8\x17\x19k|H\x1DW\xEF&\x83\x03#\xE9GB\xE8f\xB4\xDAGJ]\x8E\x92\xD6\xC8L\xD3%\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:55:14 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\xCC\x9D\x1A5&\x99\xB76\x16\xC1\xE2\xB5\xC3:G]\x1A\xA5H\xEE\xF6s\xD0\xF9s\xA3\xBE\xD2\x9Aq\xF0\xC2\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.85.167 - - [27/Jan/2022:15:55:24 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03j4x\xF0\x86uwh\x1C\xEEg8\xA9\xA3\x1E(\x18C\x96\xFA\xE8\xA6\x87{\xC3N\xD4\x08\x10\xBA\xAC\x03\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:55:29 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\x5C\x8Btq\xBEG\xD2\xF8l\xC8\xBA\x94F\x14\x8F\x1C\xCC\xA1@JSw9\xE4\xCD\xA7\x05\x82\xE4][\xB8\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.85.167 - - [27/Jan/2022:15:55:39 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03{\x05\x86\x89\x09.:A\x0C\xCF\x14\xA4=\xDF\xFA\xC6\xD4\xF5+\x9D\xA4\xF8\x93\xE9k\xD5\xD3\xC5\xCA\x9C\xFB\x15\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:55:44 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\xBC\xF3\xE3\xDEy\xB3(\xF2\x18\xEB\xC5f\x1F\xA2\xF5\xE6\xF5\x8C\xF6lO\x98D\xFAT\xCB\xB3`\x9C\xC2\xCE.\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.85.167 - - [27/Jan/2022:15:55:54 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\x16P\x10\x07}\x90\xBD!\x9E\xA1\xAB\xD9\xDD\x1F\xAA\xBF\x85u\xCF\xE7\xAD\xA9\x93$q\xC4" 400 157 "-" "-" "-"
172.31.35.54 - - [27/Jan/2022:15:55:59 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03x\x94z\x84\x1Buz3\x9A\x8FbX\x07\x13\x00\x8DH\xDFf\x10\xC9\xE7\xDB\xF7\xE7\xBFr\xE8w>\xFC\x9E\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
172.31.85.167 - - [27/Jan/2022:15:56:09 +0000] "\x16\x03\x01\x00\xA3\x01\x00\x00\x9F\x03\x03\xEF\x1F'\x84@\xF4\xF4\xB6C\xEE\xE4}\xD6E\x94\x05\xA1\x1B*\x1EZ\x94N\xB9K\x96A>\x8A\x8Ep\xBF\x00\x00&\xC0+\xC0/\xC0#\xC0'\xC0\x09\xC0\x13\xC0,\xC00\xC0$\xC0(\xC0\x14\xC0" 400 157 "-" "-" "-"
----------------------------------------
/var/log/nginx/error.log
----------------------------------------
----------------------------------------
/var/log/docker-events.log
----------------------------------------
2022-01-27T15:52:46.764393026Z image pull maven:3.8.1-jdk-8 (name=maven)
2022-01-27T15:52:47.730944524Z container create b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010 (image=sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9, name=inspiring_tesla)
2022-01-27T15:52:47.731203832Z container attach b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010 (image=sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9, name=inspiring_tesla)
2022-01-27T15:52:47.784204703Z network connect 38cc920306e67474a0e4c1558a074911f27746d82bcaf75a013b36aa57d583d3 (container=b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010, name=bridge, type=bridge)
2022-01-27T15:52:48.320837501Z container start b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010 (image=sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9, name=inspiring_tesla)
2022-01-27T15:53:28.504262431Z container die b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010 (exitCode=0, image=sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9, name=inspiring_tesla)
2022-01-27T15:53:28.615767036Z network disconnect 38cc920306e67474a0e4c1558a074911f27746d82bcaf75a013b36aa57d583d3 (container=b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010, name=bridge, type=bridge)
2022-01-27T15:53:30.828196270Z container destroy b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010 (image=sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9, name=inspiring_tesla)
2022-01-27T15:53:40.412059108Z image pull openjdk:8 (name=openjdk)
2022-01-27T15:53:41.682562011Z container create ebb956fca825c2053c41bce28fb0a802ab2f3ef344bdeb14f821a7577c284138 (image=sha256:2ab20532670b7570e512ec955536dfa5e246c374bdca4f0494df107b88a51c75, name=stoic_fermi)
2022-01-27T15:53:41.807749332Z container destroy ebb956fca825c2053c41bce28fb0a802ab2f3ef344bdeb14f821a7577c284138 (image=sha256:2ab20532670b7570e512ec955536dfa5e246c374bdca4f0494df107b88a51c75, name=stoic_fermi)
2022-01-27T15:53:41.854905318Z container create 28814d73d5d71c7f3cd97d31e3745db7c8d74c7f41a1369d86a6ac94540ff54c (image=sha256:8020ea63973791b37416e569141e448a047578432cc73771afc09069d4a0f99c, name=awesome_ritchie)
2022-01-27T15:53:41.972362390Z container destroy 28814d73d5d71c7f3cd97d31e3745db7c8d74c7f41a1369d86a6ac94540ff54c (image=sha256:8020ea63973791b37416e569141e448a047578432cc73771afc09069d4a0f99c, name=awesome_ritchie)
2022-01-27T15:53:41.978868467Z image tag sha256:af10382f81a47247f3194b007fe0b95c08b2a68c7d9f8f4118741b00121ee217 (name=aws_beanstalk/staging-app:latest)
2022-01-27T15:53:46.962572822Z container create 3771e61e64aec3296f70d863c3deeae6e33d57184feecc1297665eee4630c399 (image=af10382f81a4, name=dreamy_napier)
2022-01-27T15:53:47.000564620Z network connect 38cc920306e67474a0e4c1558a074911f27746d82bcaf75a013b36aa57d583d3 (container=3771e61e64aec3296f70d863c3deeae6e33d57184feecc1297665eee4630c399, name=bridge, type=bridge)
2022-01-27T15:53:47.520980591Z container start 3771e61e64aec3296f70d863c3deeae6e33d57184feecc1297665eee4630c399 (image=af10382f81a4, name=dreamy_napier)
2022-01-27T15:53:53.482805850Z image tag sha256:af10382f81a47247f3194b007fe0b95c08b2a68c7d9f8f4118741b00121ee217 (name=aws_beanstalk/current-app:latest)
2022-01-27T15:53:53.562121224Z image untag sha256:af10382f81a47247f3194b007fe0b95c08b2a68c7d9f8f4118741b00121ee217 (name=sha256:af10382f81a47247f3194b007fe0b95c08b2a68c7d9f8f4118741b00121ee217)
2022-01-27T15:53:55.349273944Z image delete sha256:adafe645300e41dd29b04abccf86a562ad5e635bd6afff9343b6a45721fb3a45 (name=sha256:adafe645300e41dd29b04abccf86a562ad5e635bd6afff9343b6a45721fb3a45)
2022-01-27T15:53:55.351988220Z image delete sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9 (name=sha256:16aedb83589da925c19d2f692234a2a36c017b35846c07fd8ad6817cceda6ae9)
2022-01-27T15:53:55.356884258Z image delete sha256:fe90a30920d18ecad75ec02e8c04894fbcaadc209529c3e5c14fdaa66d3a7bc9 (name=sha256:fe90a30920d18ecad75ec02e8c04894fbcaadc209529c3e5c14fdaa66d3a7bc9)
2022-01-27T15:53:55.374500965Z image untag sha256:498ac51e5e6e99ae8646d007ed554587a4ceeab78a664dc7eedde7137c658e9e (name=sha256:498ac51e5e6e99ae8646d007ed554587a4ceeab78a664dc7eedde7137c658e9e)
2022-01-27T15:53:55.376309688Z image untag sha256:498ac51e5e6e99ae8646d007ed554587a4ceeab78a664dc7eedde7137c658e9e (name=sha256:498ac51e5e6e99ae8646d007ed554587a4ceeab78a664dc7eedde7137c658e9e)
2022-01-27T15:53:56.244254893Z image delete sha256:498ac51e5e6e99ae8646d007ed554587a4ceeab78a664dc7eedde7137c658e9e (name=sha256:498ac51e5e6e99ae8646d007ed554587a4ceeab78a664dc7eedde7137c658e9e)
2022-01-27T15:53:56.345382037Z image tag sha256:af10382f81a47247f3194b007fe0b95c08b2a68c7d9f8f4118741b00121ee217 (name=aws_beanstalk/current-app:latest)
2022-01-27T15:53:56.458746013Z image tag sha256:3bc5f7759e81182b118ab4d74087103d3733483ea37080ed5b6581251d326713 (name=openjdk:8)
----------------------------------------
/var/log/eb-docker-process.log
----------------------------------------
2022/01/27 15:53:53.917760 [INFO] Loading Manifest...
2022/01/27 15:53:53.917884 [INFO] no eb envtier info file found, skip loading env tier info.
2022/01/27 15:53:53.943756 [INFO] Running command /bin/sh -c /opt/aws/bin/cfn-get-metadata -s arn:aws:cloudformation:us-east-1:796071762232:stack/awseb-e-zzq77xp3px-stack/a072a330-7f88-11ec-8245-125e3f27604f -r AWSEBAutoScalingGroup --region us-east-1
2022/01/27 15:53:57.965132 [INFO] Running command /bin/sh -c /opt/aws/bin/cfn-get-metadata -s arn:aws:cloudformation:us-east-1:796071762232:stack/awseb-e-zzq77xp3px-stack/a072a330-7f88-11ec-8245-125e3f27604f -r AWSEBBeanstalkMetadata --region us-east-1
2022/01/27 15:53:58.364393 [INFO] Checking if docker is running...
2022/01/27 15:53:58.364409 [INFO] Fetch current app container id...
2022/01/27 15:53:58.364434 [INFO] Running command /bin/sh -c docker ps | grep 3771e61e64ae
2022/01/27 15:53:58.402972 [INFO] 3771e61e64ae af10382f81a4 "java -jar /usr/loca…" 12 seconds ago Up 10 seconds 5000/tcp dreamy_napier
2022/01/27 15:53:58.402996 [INFO] Running command /bin/sh -c docker wait 3771e61e64ae
----------------------------------------
/var/log/docker
----------------------------------------
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.206815429Z" level=info msg="Starting up"
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.251734173Z" level=info msg="parsed scheme: \"unix\"" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.251769208Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.251794146Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.251813620Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.273290447Z" level=info msg="parsed scheme: \"unix\"" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.273327673Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.273364441Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock <nil> 0 <nil>}] <nil> <nil>}" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.273386710Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.465282859Z" level=info msg="Loading containers: start."
Jan 27 15:50:41 ip-172-31-85-60 docker: time="2022-01-27T15:50:41.956009883Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Jan 27 15:50:42 ip-172-31-85-60 docker: time="2022-01-27T15:50:42.186887273Z" level=info msg="Loading containers: done."
Jan 27 15:50:42 ip-172-31-85-60 docker: time="2022-01-27T15:50:42.641490298Z" level=info msg="Docker daemon" commit=b0f5bc3 graphdriver(s)=overlay2 version=20.10.7
Jan 27 15:50:42 ip-172-31-85-60 docker: time="2022-01-27T15:50:42.643174227Z" level=info msg="Daemon has completed initialization"
Jan 27 15:50:42 ip-172-31-85-60 docker: time="2022-01-27T15:50:42.702629222Z" level=info msg="API listen on /run/docker.sock"
Jan 27 15:53:28 ip-172-31-85-60 docker: time="2022-01-27T15:53:28.503145956Z" level=info msg="ignoring event" container=b83331900dd580a01b9c5e2744412bd6f6e4465313177fb45a2f288d70765010 module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Jan 27 15:53:41 ip-172-31-85-60 docker: time="2022-01-27T15:53:41.783532791Z" level=info msg="Layer sha256:e963a094d3f25a21ce0bfcae0216d04385c4c06ad580c73675a7992627c28416 cleaned up"
Jan 27 15:53:41 ip-172-31-85-60 docker: time="2022-01-27T15:53:41.948756315Z" level=info msg="Layer sha256:e963a094d3f25a21ce0bfcae0216d04385c4c06ad580c73675a7992627c28416 cleaned up"
----------------------------------------
/var/log/eb-docker/containers/eb-current-app/eb-3771e61e64ae-stdouterr.log
----------------------------------------
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.5.6)
2022-01-27 15:53:57.807 INFO 3771e61e64ae --- [ main] o.s.b.a.e.w.EndpointLinksResolver : Exposing 1 endpoint(s) beneath base path '/actuator'
2022-01-27 15:53:57.853 INFO 3771e61e64ae --- [ main] o.a.c.h.Http11NioProtocol : Starting ProtocolHandler ["http-nio-5000"]
2022-01-27 15:53:57.875 INFO 3771e61e64ae --- [ main] o.s.b.w.e.t.TomcatWebServer : Tomcat started on port(s): 5000 (http) with context path ''
2022-01-27 15:53:57.903 INFO 3771e61e64ae --- [ main] c.n.p.ParalleniumHostApplication : Started ParalleniumHostApplication in 8.805 seconds (JVM running for 10.386)
2022-01-27 15:53:57.939 INFO 3771e61e64ae --- [ main] c.n.p.ParalleniumHostApplication : **The server is hosted at: 127.0.0.1:5000 with a PUBLIC ip of 34.226.166.24
2022-01-27 15:53:57.941 INFO 3771e61e64ae --- [ main] c.n.p.ParalleniumHostApplication : Spring version is 5.3.12
2022-01-27 15:53:57.946 INFO 3771e61e64ae --- [ main] c.n.p.ParalleniumHostApplication : Socket Server is listening on port 6868...
ANSWER
Answered 2022-Jan-27 at 17:18Okay, so I decided to just launch a new environment using the same exact configuration and code and it worked. Looks like Elastic Beanstalk environments can break and once that happens, there is no fixing it apparently.
QUESTION
How do I align my buttons horizontally for my website?
Asked 2022-Jan-06 at 05:28I' m trying to align my buttons horizontally for my personal website. Any solutions of how I can do so? I'm a beginner but I can mostly understand HTML and CSS. Any help is appreciated.
<body>
<section class="seperator-wrapper">
<div class="seperator gradient">
</div>
</section>
<style>
body, html{
margin: 0;
padding: 0;
width: 100vw;
height: 100vh;
background: linear-gradient(124deg, #ff2400, #e81d1d, #e8b71d, #e3e81d, #1de840, #1ddde8, #2b1de8, #dd00f3, #dd00f3);
background-size: 1800% 1800%;
font-family: Arial, Helvetica, sans-serif;
color: black;
image-rendering: pixelated;
scrollbar-width: none;
overflow: none;
display: flex;
justify-content: center;
align-items: center;
flex-direction: column;
-webkit-animation: rainbow 18s ease infinite;
-z-animation: rainbow 18s ease infinite;
-o-animation: rainbow 18s ease infinite;
animation: rainbow 18s ease infinite;
}
::-webkit-scrollbar {
display: none;
}
iframe {
width: 100vw;
height: 100vh;
border: none;
margin: 0;
padding: 0;
display: block;
}
@-webkit-keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
@-moz-keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
@-o-keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
@keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
h2 {
padding: 1em 2em;
margin: 0.25em 0.25em;
}
h5 {
padding: 1em 2em;
margin: 0.25em 0.25em;
}
</style>
<h2 style="font-family:monospace; font-weight: 500;font-style: normal; text-align:center; color:Black">arr3</h2>
<h4 style="font-family:monospace; font weight: 500; font-style: normal; text-align:center; color:Black"> I love coding.</h4>
<br>
<button onclick="location.href = 'info.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">Want to learn more?</button>
<br>
<button onclick="location.href = 'corrosion.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">Use Corrosion</button>
<br>
<button onclick="location.href = 'mobydick.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">Read Moby Dick</button>
<br>
<button onclick="location.href = 'hmrkey.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">HammerHead Key</button>
</body>
ANSWER
Answered 2022-Jan-06 at 04:25You can wrap your button
tags around a div
and then add a display: flex
for the div
tag
<body>
<section class="seperator-wrapper">
<div class="seperator gradient">
</div>
</section>
<style>
body, html{
margin: 0;
padding: 0;
width: 100vw;
height: 100vh;
background: linear-gradient(124deg, #ff2400, #e81d1d, #e8b71d, #e3e81d, #1de840, #1ddde8, #2b1de8, #dd00f3, #dd00f3);
background-size: 1800% 1800%;
font-family: Arial, Helvetica, sans-serif;
color: black;
image-rendering: pixelated;
scrollbar-width: none;
overflow: none;
display: flex;
justify-content: center;
align-items: center;
flex-direction: column;
-webkit-animation: rainbow 18s ease infinite;
-z-animation: rainbow 18s ease infinite;
-o-animation: rainbow 18s ease infinite;
animation: rainbow 18s ease infinite;
}
::-webkit-scrollbar {
display: none;
}
iframe {
width: 100vw;
height: 100vh;
border: none;
margin: 0;
padding: 0;
display: block;
}
@-webkit-keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
@-moz-keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
@-o-keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
@keyframes rainbow {
0%{background-position:0% 82%}
50%{background-position:100% 19%}
100%{background-position:0% 82%}
}
h2 {
padding: 1em 2em;
margin: 0.25em 0.25em;
}
h5 {
padding: 1em 2em;
margin: 0.25em 0.25em;
}
div {
display: flex;
}
</style>
<h2 style="font-family:monospace; font-weight: 500;font-style: normal; text-align:center; color:Black">arr3</h2>
<h4 style="font-family:monospace; font weight: 500; font-style: normal; text-align:center; color:Black"> I love coding.</h4>
<br>
<div>
<button onclick="location.href = 'info.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">Want to learn more?</button>
<br>
<button onclick="location.href = 'corrosion.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">Use Corrosion</button>
<br>
<button onclick="location.href = 'mobydick.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">Read Moby Dick</button>
<br>
<button onclick="location.href = 'hmrkey.html'"
style="font-family:monospace; font-weight: 500; font-style: normal; text-align:center; color:black" class="border-button">HammerHead Key</button>
</div>
</body>
You can also add margin
for your button
tags, so the buttons don't stay too close to each other.
QUESTION
How to have multiple cluster in kafka by using docker?
Asked 2021-Dec-22 at 12:10I'm trying to up multiple clusters with three nodes in kafka with using docker and I followed this approach in my docker-compose file but this is wrong and I can't up Kafka those I wrote in my docker-compose file please tell me the true docker-compose file or true approach for that to up multiple clusters (with three nodes) in Kafka by using docker
version: '2'
services:
zookeeper-1:
image: confluentinc/cp-zookeeper:latest
environment:
ZOOKEEPER_SERVER_ID: 1
ZOOKEEPER_CLIENT_PORT: 22101
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_INIT_LIMIT: 5
ZOOKEEPER_SYNC_LIMIT: 2
ZOOKEEPER_SERVERS: localhost:22000:23000;localhost:32000:33000;localhost:42000:43000
network_mode: host
extra_hosts:
- "moby:127.0.0.1"
zookeeper-2:
image: confluentinc/cp-zookeeper:latest
environment:
ZOOKEEPER_SERVER_ID: 2
ZOOKEEPER_CLIENT_PORT: 32181
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_INIT_LIMIT: 5
ZOOKEEPER_SYNC_LIMIT: 2
ZOOKEEPER_SERVERS: localhost:22888:23888;localhost:32888:33888;localhost:42888:43888
network_mode: host
extra_hosts:
- "moby:127.0.0.1"
zookeeper-3:
image: confluentinc/cp-zookeeper:latest
environment:
ZOOKEEPER_SERVER_ID: 3
ZOOKEEPER_CLIENT_PORT: 42181
ZOOKEEPER_TICK_TIME: 2000
ZOOKEEPER_INIT_LIMIT: 5
ZOOKEEPER_SYNC_LIMIT: 2
ZOOKEEPER_SERVERS: localhost:22888:23888;localhost:32888:33888;localhost:42888:43888
network_mode: host
extra_hosts:
- "moby:127.0.0.1"
kafka-1:
image: confluentinc/cp-zookeeper:latest
network_mode: host
depends_on:
- zookeeper-1
- zookeeper-2
- zookeeper-3
environment:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: localhost:22181,localhost:32181,localhost:42181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:19092
kafka-2:
image: confluentinc/cp-zookeeper:latest
network_mode: host
depends_on:
- zookeeper-1
- zookeeper-2
- zookeeper-3
environment:
KAFKA_BROKER_ID: 2
KAFKA_ZOOKEEPER_CONNECT: localhost:22181,localhost:32181,localhost:42181
KAFKA_ADVERTISED_LISTENER: PLAINTEXT://localhost:29092
extra_hosts:
- "moby:127.0.0.1"
kafka-3:
image: confluentinc/cp-zookeeper:latest
network_mode: host
depends_on:
- zookeeper-1
- zookeeper-2
- zookeeper-3
environment:
KAFKA_BROKER_ID: 3
KAFKA_ZOOKEEPER_CONNECT: localhost:22181,localhost:32181,localhost:42181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:39092
extra_hosts:
- "moby:127.0.0.1"
ANSWER
Answered 2021-Dec-19 at 12:37Your configuration is wrong:
Each zk node has a process (named QuorumPeerMain) which listen to clients on a default port 2181 and communicate with each other on port 2888:3888. So when try to define a zookeeper quorum define it as zk1:[port],zk2:[port],...
zookeeper-1:
ZOOKEEPER_CLIENT_PORT: 2181
...
...
zookeeper-2:
ZOOKEEPER_CLIENT_PORT: 2181
...
...
zookeeper-3:
ZOOKEEPER_CLIENT_PORT: 2181
and in Kafka properties:
KAFKA_ZOOKEEPER_CONNECT: zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181
Follow this link: Guide to Setting Up Apache Kafka Using Docker
QUESTION
Copy directory into docker build no matter if empty or not - fails on "COPY failed: no source files were specified"
Asked 2021-Dec-10 at 11:02I have directory csv
in context directory of docker build
. I want to copy it into docker image in all circumstances (for empty directory in host an empty directory inside image is created, for nonempty directory in host it is copied with all content).
The COPY csv/* /csv/
gives COPY failed: no source files were specified
error when the directory is empty.
Similar questions I found on SO are differing from my case in either setup or intention (multistage build, copying existing jar, certainly existing file) so I choose Q&A-style here rather than messing question with unrelated answer. This Github issue is also related.
ANSWER
Answered 2021-Dec-09 at 19:29The solution is to use
COPY csv/. /csv/
This question gave me a hint (although the behavior desired by me is unwanted for its OP).
QUESTION
docker dropping capabilities not working as expected?
Asked 2021-Nov-14 at 14:12From this docker doc page - https://docs.docker.com/engine/security/#linux-kernel-capabilities
Processes (like web servers) that just need to bind on a port below 1024 do not need to run as root: they can just be granted the net_bind_service.
Below is my Dockerfile -
FROM ubuntu:20.04
#FROM openjdk:11-jre-slim
LABEL description="This is hello-docker app"
LABEL version="1.0.0-snapshot"
#distro specific things before application specific things
#this will be cached, so you have to build with --no-cache option
RUN apt-get update && apt-get install -y openjdk-11-jdk
#just for demo - installed for demo
RUN apt-get install -y sudo
RUN sudo sh -c 'echo root:root | chpasswd'
#ENV APP_HOME /usr/apps
ENV APP_HOME=/myapps
RUN mkdir -p $APP_HOME
#with customuser/appuser
RUN groupadd appgroup && useradd -g appgroup appuser
#RUN groupadd -g 999 appgroup && useradd -r -u 999 -g appgroup appuser
#COPY --chown=appuser:appgroup hello-docker-0.0.1-SNAPSHOT.jar /
COPY --chown=nobody:nogroup hello-docker-0.0.1-SNAPSHOT.jar $APP_HOME
#documenting that the application exposes these ports
EXPOSE 8080 8081
#switching to non-root user. This is recommended for security purpose
#USER appuser
USER nobody
WORKDIR $APP_HOME
RUN pwd
RUN ls -l
# this command (bash) can be overwritten while running the image using arguments
#CMD ["bash"]
#ENTRYPOINT ["sh", "-c"]
#CMD ["exec java -jar hello-docker-0.0.1-SNAPSHOT.jar"]
ENTRYPOINT ["java", "-jar", "-Dserver.port=80", "./hello-docker-0.0.1-SNAPSHOT.jar"]
As, it can be observed - i have switched to nobody
user. This user is NOT root. So this user should not be able to bind to any port below 1024 and the container should fail at startup. But it's succeeding and i am able to access the web application on port 80. WHY.
I tried removing the capability explicitly - but still, the container is succeeding. WHY STILL????
docker run --name hello-docker -it --cap-drop net_bind_service --rm -p 80:80 dockerdemo/hello-docker:1.0
The container ran successfully even after removing net bind service capability.
Any help is greatly appreciated.
Edit -
Q3 - related to above.
The same docker security doc mentioned above points to this page - https://github.com/moby/moby/blob/master/oci/caps/defaults.go#L6-L19
What does default here refer to:> Capabilities granted to any user (root or Not root) or only root user. If only root, then what are capabilities granted to non-root user. None?
ANSWER
Answered 2021-Nov-14 at 14:12You don't have the capability to bind to privileged ports. What has changed is that unprivileged ports don't start at the normal 1024 inside of containers. Instead it's set to 0 so every port is unprivileged. The privileged restriction doesn't make sense for a single user / single application environment.
See this PR for more details: https://github.com/moby/moby/pull/41030
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
No vulnerabilities reported
Save this library and start creating your kit
HTTPS
https://github.com/moby/moby.git
CLI
gh repo clone moby/moby
SSH
git@github.com:moby/moby.git
Share this Page
See Similar Libraries in
by kubernetes
by moby
by ripienaar
by gogs
by traefik
See all Continuous Deployment Libraries
by moby Go
by moby C
by moby Go
by moby Go
by moby Go
See all Libraries by this author
by kubernetes
by docker
by jenkinsci
by moby
by rancher
See all Continuous Deployment Libraries
by TheMangoFactory
by kawasima
by wildfly-extras
by hortonworks
by vilaca
See all Continuous Deployment Libraries
by TheMangoFactory
by kawasima
by yaw
by yaw
by wildfly-extras
See all Continuous Deployment Libraries
by wildfly-extras
by ninjaframework
by cloudera
by joerghoh
by nathanmarz
See all Continuous Deployment Libraries
by coherence-community
by treelogic-swe
by zulily
by yunusmete
by SFTtech
See all Continuous Deployment Libraries
Save this library and start creating your kit
Open Weaver – Develop Applications Faster with Open Source