An entrypoint.sh script to add a passwd entry if one does not exist #404
Conversation
…st for the container UID
| # If there is no passwd entry for the container UID, attempt to create one | ||
| if [ -z "$uidentry" ] ; then | ||
| if [ -w /etc/passwd ] ; then | ||
| echo "$myuid:x:$myuid:$mygid:anonymous uid:$SPARK_HOME:/bin/false" >> /etc/passwd |
There was a problem hiding this comment.
@erikerlandson why does OpenShift require an entry in passwd ? Is this an additional requirement unique to OpenShift when running docker images?
There was a problem hiding this comment.
It's a Spark requirement
There was a problem hiding this comment.
The problem arises because OpenShift runs its containers with an anonymous UID that has no passwd entry. Spark will crash if it can't find a passwd entry.
There was a problem hiding this comment.
Can you please paste on this ticket what the exception is so we can find this discussion again in the future if necessary?
|
rerun integration test please |
|
This change LGTM. Any comments @mccheah? |
|
I'm not entirely convinced that if this is specific to OpenShift that it should belong in the base Spark images. How often will this be needed outside of the OpenShift use case? |
|
It's hard to say. It will happen effectively all the time under OpenShift, and OpenShift(-Origin) is a major kube downstream. I'd expect it to be comparatively rare under straight kube, however it's not impossible for it to happen; containers configured to run under a UID that isn't present in |
|
If it was any more complicated, then I'd have second thoughts, but this seems simple enough (and mostly a no-op) that I'm not opposed to it. If it were to grow in complexity, I'd say we should split the image out to publish separate OpenShift artifacts. As for this change, I'm a bit less concerned. If you feel strongly here, we can punt on this and discuss in next week's meeting. |
|
Fine to merge then |
|
Great.. Thanks @mccheah. Merging now. |
4 participants
What changes were proposed in this pull request?
Add a common
entrypoint.shscript to use as the entrypoint for the container images. This script checks to see if the container UID has an entry in/etc/passwd. If not, then it will attempt to add one. The primary motivating use case is running inside of OpenShift, which runs containers with anonymous UIDs. This PR is part of an effort to put the reference images into a state such that one can run spark-on-k8s against OpenShift out-of-the-box.How was this patch tested?
CI to build and run integration testing with updated container images