英文:
Logging to docker output with a cron job running as non root
问题
我正在尝试以非root用户身份运行cron作业。这个cron作业实际上应该运行一个Python脚本并写一些文件。我还想在Docker日志中看到cron作业的输出。
以下是一个初始尝试,我将cron作为myuser运行。
# 使用已安装cron的镜像
FROM continuumio/miniconda3:latest
# 安装cron
RUN apt-get update && apt-get -y install cron
# 创建具有特定UID和GID的用户(将1006替换为所需的UID和GID)
RUN groupadd -g 1006 myuser && useradd -u 1006 -g 1006 myuser
# 编写crontab文件并安装它
RUN echo "* * * * * myuser echo 'WEEEEE' > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
# 在前台启动cron
CMD ["cron", "-f", "-l", "2"]
这导致Docker日志中没有任何输出被打印:
~/docker_test$ docker build . -t test-cron
Sending build context to Docker daemon 12.8kB
Step 1/5 : FROM continuumio/miniconda3:latest
...
Successfully tagged test-cron:latest
~/docker_test$ docker run --name test-cron-container test-cron
然而,如果我将它以root身份运行,方法是将以下行更改为:
RUN echo "* * * * * root echo 'WEEEEE' > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
那么它可以正常工作。我理解myuser没有权限写入/proc/1/fd/1。
我已经看过了你提供的Stack Overflow答案,但我无法复现他在终端中看到输出的结果。
英文:
I am trying to get a cronjob to run as non root user. This cronjob should really running a python script and write some files. I'd also like to see the output of the cronjob in the docker logs.
Here is an initial attempt where I run the cron as myuser.
FROM continuumio/miniconda3:latest
# Install cron
RUN apt-get update && apt-get -y install cron
# Create a user with a specific UID and GID (replace 1000 with the desired UID and GID)
RUN groupadd -g 1006 myuser && useradd -u 1006 -g 1006 myuser
# Write the crontab file and install it
RUN echo "* * * * * myuser echo 'WEEEEE' > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
# Start cron in the foreground
CMD ["cron", "-f", "-l", "2"]
This results in nothing being printed to the docker logs:
~/docker_test$ docker build . -t test-cron
Sending build context to Docker daemon 12.8kB
Step 1/5 : FROM continuumio/miniconda3:latest
---> fbedfde8d058
Step 2/5 : RUN apt-get update && apt-get -y install cron
---> Using cache
---> 678562a4310d
Step 3/5 : RUN groupadd -g 1006 myuser && useradd -u 1006 -g 1006 myuser
---> Running in 3900a0e8b4b4
Removing intermediate container 3900a0e8b4b4
---> 88700a4f5e80
Step 4/5 : RUN echo "* * * * * myuser echo 'WEEEEE' > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
---> Running in 82d2f2736673
Removing intermediate container 82d2f2736673
---> 4a4a6193881e
Step 5/5 : CMD ["cron", "-f", "-l", "2"]
---> Running in a50eaf745b75
Removing intermediate container a50eaf745b75
---> 008da0fec723
Successfully built 008da0fec723
Successfully tagged test-cron:latest
~/docker_test$ docker run --name test-cron-container test-cron
If I run it as root, however, by changing the line
RUN echo "* * * * * myuser echo 'WEEEEE' > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
to
RUN echo "* * * * * root echo 'WEEEEE' > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
it works. I understand that myuser does not have permissions to write to /proc/1/fd/1.
I've seen this answer but I cannot reproduce his results of seeing the outputs in the terminal.
答案1
得分: 0
以下是您要求的翻译内容:
如果您只想要以myuser身份运行 echo 'WEEEEE',您可以将Dockerfile 更改为:
FROM ubuntu
# 安装cron
RUN apt-get update && apt-get -y install cron
# 创建具有特定UID和GID的用户(将1000替换为所需的UID和GID)
RUN groupadd -g 1006 myuser && useradd -u 1006 -g 1006 myuser
# 编写crontab文件并安装
RUN echo "* * * * * root su myuser -c \"echo 'WEEEEE'\" > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
# 在前台启动cron
CMD ["cron", "-f", "-l", "2"]
希望这对您有所帮助。
英文:
I all you wanted to do is to run echo 'WEEEEE' as myuser, you can change Dockerfile to:
FROM ubuntu
# Install cron
RUN apt-get update && apt-get -y install cron
# Create a user with a specific UID and GID (replace 1000 with the desired UID and GID)
RUN groupadd -g 1006 myuser && useradd -u 1006 -g 1006 myuser
# Write the crontab file and install it
RUN echo "* * * * * root su myuser -c \"echo 'WEEEEE'\" > /proc/1/fd/1 2>/proc/1/fd/2" >> /etc/crontab
# Start cron in the foreground
CMD ["cron", "-f", "-l", "2"]
答案2
得分: 0
我可能有点不准确,但我刚刚读完的 Docker 书上说要使用外部工具来限制容器到 "一个服务" 或一个任务。
他们甚至在其中有一个 cron 的示例。你可以在主机上使用 docker exec CONTAINERNAME COMMAND 来设置 cron。我迅速在我的机器上尝试过,它可以工作,无论是否使用 -i -t 或 -it。
另外,你的 Dockerfile 有三个连续的 RUN 命令。这会大幅增加镜像的大小,因为每个命令都是一个层。你应该能够使用 && 和 \ 将它们合并成一个命令。
祝你好运。
英文:
I might be off here but the docker book I've just finished reading says to use outside stuff to limit containers to "one service" or one job as one says.
They even have a cron example in there. You cron on the host with docker exec CONTAINERNAME COMMAND I quickly tried this on my machine and it works, with our without -i -t or -it.
Also, your dockerfile has 3 RUN commands back to back. This expands the size of your image massively as every command is a layer. You should be able to make these into one using && and \.
Good luck.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论