From 971586625c14fd73a3ca91d36c878289013c225f Mon Sep 17 00:00:00 2001 From: Yikun Jiang Date: Sat, 15 Oct 2022 20:29:50 +0800 Subject: [PATCH 1/5] Add spark user --- .github/workflows/main.yml | 2 +- 3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile | 7 ++++--- 3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh | 10 +++++++++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7972703..d73ac13 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -49,7 +49,7 @@ jobs: - ${{ inputs.scala }} java_version: - ${{ inputs.java }} - image_suffix: [python3-ubuntu, ubuntu, r-ubuntu, python3-r-ubuntu] + image_suffix: [python3-r-ubuntu] steps: - name: Checkout Spark repository uses: actions/checkout@v2 diff --git a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile index c95dd39..774fe17 100644 --- a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile +++ b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile @@ -18,10 +18,13 @@ FROM eclipse-temurin:11-jre-focal ARG spark_uid=185 +RUN groupadd --system --gid=${spark_uid} spark && \ + useradd --system --uid=${spark_uid} --gid=spark spark + RUN set -ex && \ apt-get update && \ ln -s /lib /lib64 && \ - apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \ + apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \ apt install -y python3 python3-pip && \ pip3 install --upgrade pip setuptools && \ apt install -y r-base r-base-dev && \ @@ -80,5 +83,3 @@ RUN chmod a+x /opt/entrypoint.sh ENTRYPOINT [ "/opt/entrypoint.sh" ] -# Specify the User that the actual main process will run as -USER ${spark_uid} diff --git a/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh index cfd7a69..4efc817 100644 --- a/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh @@ -103,5 +103,13 @@ case "$1" in ;; esac +switch_spark_if_root() { + if [ $(id -u) -ne 0 ]; then + return + else + echo gosu spark + fi +} + # Execute the container CMD under tini for better hygiene -exec /usr/bin/tini -s -- "${CMD[@]}" +exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}" From 5216d1a60b9fea6eca90250fb8ec924e397d907f Mon Sep 17 00:00:00 2001 From: Yikun Jiang Date: Sat, 15 Oct 2022 22:12:32 +0800 Subject: [PATCH 2/5] Add chown --- 3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile index 774fe17..28c4154 100644 --- a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile +++ b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile @@ -33,6 +33,7 @@ RUN set -ex && \ mkdir -p /opt/spark/examples && \ mkdir -p /opt/spark/work-dir && \ touch /opt/spark/RELEASE && \ + chown -R spark:spark /opt/spark && \ rm /bin/sh && \ ln -sv /bin/bash /bin/sh && \ echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \ @@ -58,6 +59,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" spark.tgz.asc; \ \ tar -xf spark.tgz --strip-components=1; \ + chown -R spark:spark .; \ mv jars /opt/spark/; \ mv bin /opt/spark/; \ mv sbin /opt/spark/; \ From 6267b9a52dff804213d78183478a324f3cdf1491 Mon Sep 17 00:00:00 2001 From: Yikun Jiang Date: Sat, 15 Oct 2022 23:01:01 +0800 Subject: [PATCH 3/5] Apply same changes on all images --- .github/workflows/main.yml | 2 +- 3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile | 10 ++++++---- 3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh | 10 +++++++++- 3.3.0/scala2.12-java11-r-ubuntu/Dockerfile | 10 ++++++---- 3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh | 10 +++++++++- 3.3.0/scala2.12-java11-ubuntu/Dockerfile | 10 ++++++---- 3.3.0/scala2.12-java11-ubuntu/entrypoint.sh | 10 +++++++++- 7 files changed, 46 insertions(+), 16 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d73ac13..7972703 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -49,7 +49,7 @@ jobs: - ${{ inputs.scala }} java_version: - ${{ inputs.java }} - image_suffix: [python3-r-ubuntu] + image_suffix: [python3-ubuntu, ubuntu, r-ubuntu, python3-r-ubuntu] steps: - name: Checkout Spark repository uses: actions/checkout@v2 diff --git a/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile index e3d9829..85e06ce 100644 --- a/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile +++ b/3.3.0/scala2.12-java11-python3-ubuntu/Dockerfile @@ -18,10 +18,13 @@ FROM eclipse-temurin:11-jre-focal ARG spark_uid=185 +RUN groupadd --system --gid=${spark_uid} spark && \ + useradd --system --uid=${spark_uid} --gid=spark spark + RUN set -ex && \ apt-get update && \ ln -s /lib /lib64 && \ - apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \ + apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \ apt install -y python3 python3-pip && \ pip3 install --upgrade pip setuptools && \ mkdir -p /opt/spark && \ @@ -29,6 +32,7 @@ RUN set -ex && \ mkdir -p /opt/spark/examples && \ mkdir -p /opt/spark/work-dir && \ touch /opt/spark/RELEASE && \ + chown -R spark:spark /opt/spark && \ rm /bin/sh && \ ln -sv /bin/bash /bin/sh && \ echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \ @@ -54,6 +58,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" spark.tgz.asc; \ \ tar -xf spark.tgz --strip-components=1; \ + chown -R spark:spark .; \ mv jars /opt/spark/; \ mv bin /opt/spark/; \ mv sbin /opt/spark/; \ @@ -76,6 +81,3 @@ RUN chmod a+x /opt/decom.sh RUN chmod a+x /opt/entrypoint.sh ENTRYPOINT [ "/opt/entrypoint.sh" ] - -# Specify the User that the actual main process will run as -USER ${spark_uid} diff --git a/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh index cfd7a69..4efc817 100644 --- a/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh @@ -103,5 +103,13 @@ case "$1" in ;; esac +switch_spark_if_root() { + if [ $(id -u) -ne 0 ]; then + return + else + echo gosu spark + fi +} + # Execute the container CMD under tini for better hygiene -exec /usr/bin/tini -s -- "${CMD[@]}" +exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}" diff --git a/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile index 9745f54..753d585 100644 --- a/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile +++ b/3.3.0/scala2.12-java11-r-ubuntu/Dockerfile @@ -18,15 +18,19 @@ FROM eclipse-temurin:11-jre-focal ARG spark_uid=185 +RUN groupadd --system --gid=${spark_uid} spark && \ + useradd --system --uid=${spark_uid} --gid=spark spark + RUN set -ex && \ apt-get update && \ ln -s /lib /lib64 && \ - apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \ + apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \ apt install -y r-base r-base-dev && \ mkdir -p /opt/spark && \ mkdir -p /opt/spark/examples && \ mkdir -p /opt/spark/work-dir && \ touch /opt/spark/RELEASE && \ + chown -R spark:spark /opt/spark && \ rm /bin/sh && \ ln -sv /bin/bash /bin/sh && \ echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \ @@ -52,6 +56,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" spark.tgz.asc; \ \ tar -xf spark.tgz --strip-components=1; \ + chown -R spark:spark .; \ mv jars /opt/spark/; \ mv bin /opt/spark/; \ mv sbin /opt/spark/; \ @@ -74,6 +79,3 @@ RUN chmod a+x /opt/decom.sh RUN chmod a+x /opt/entrypoint.sh ENTRYPOINT [ "/opt/entrypoint.sh" ] - -# Specify the User that the actual main process will run as -USER ${spark_uid} diff --git a/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh index cfd7a69..4efc817 100644 --- a/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh @@ -103,5 +103,13 @@ case "$1" in ;; esac +switch_spark_if_root() { + if [ $(id -u) -ne 0 ]; then + return + else + echo gosu spark + fi +} + # Execute the container CMD under tini for better hygiene -exec /usr/bin/tini -s -- "${CMD[@]}" +exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}" diff --git a/3.3.0/scala2.12-java11-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-ubuntu/Dockerfile index ecbcc32..1e4c604 100644 --- a/3.3.0/scala2.12-java11-ubuntu/Dockerfile +++ b/3.3.0/scala2.12-java11-ubuntu/Dockerfile @@ -18,14 +18,18 @@ FROM eclipse-temurin:11-jre-focal ARG spark_uid=185 +RUN groupadd --system --gid=${spark_uid} spark && \ + useradd --system --uid=${spark_uid} --gid=spark spark + RUN set -ex && \ apt-get update && \ ln -s /lib /lib64 && \ - apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools && \ + apt install -y gnupg2 wget bash tini libc6 libpam-modules krb5-user libnss3 procps net-tools gosu && \ mkdir -p /opt/spark && \ mkdir -p /opt/spark/examples && \ mkdir -p /opt/spark/work-dir && \ touch /opt/spark/RELEASE && \ + chown -R spark:spark /opt/spark && \ rm /bin/sh && \ ln -sv /bin/bash /bin/sh && \ echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \ @@ -51,6 +55,7 @@ RUN set -ex; \ rm -rf "$GNUPGHOME" spark.tgz.asc; \ \ tar -xf spark.tgz --strip-components=1; \ + chown -R spark:spark .; \ mv jars /opt/spark/; \ mv bin /opt/spark/; \ mv sbin /opt/spark/; \ @@ -71,6 +76,3 @@ RUN chmod a+x /opt/decom.sh RUN chmod a+x /opt/entrypoint.sh ENTRYPOINT [ "/opt/entrypoint.sh" ] - -# Specify the User that the actual main process will run as -USER ${spark_uid} diff --git a/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh index cfd7a69..4efc817 100644 --- a/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh @@ -103,5 +103,13 @@ case "$1" in ;; esac +switch_spark_if_root() { + if [ $(id -u) -ne 0 ]; then + return + else + echo gosu spark + fi +} + # Execute the container CMD under tini for better hygiene -exec /usr/bin/tini -s -- "${CMD[@]}" +exec $(switch_spark_if_root) /usr/bin/tini -s -- "${CMD[@]}" From eb9fe82b2fb6d2d0240878ad9c9b66b334c63dec Mon Sep 17 00:00:00 2001 From: Yikun Jiang Date: Mon, 17 Oct 2022 10:33:52 +0800 Subject: [PATCH 4/5] Simplify switch_spark_if_root --- 3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh | 5 ++--- 3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh | 5 ++--- 3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh | 5 ++--- 3.3.0/scala2.12-java11-ubuntu/entrypoint.sh | 5 ++--- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh index 4efc817..4bb1557 100644 --- a/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-python3-r-ubuntu/entrypoint.sh @@ -103,10 +103,9 @@ case "$1" in ;; esac +# Switch to spark if no USER specified (root by default) otherwise use USER directly switch_spark_if_root() { - if [ $(id -u) -ne 0 ]; then - return - else + if [ $(id -u) -eq 0 ]; then echo gosu spark fi } diff --git a/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh index 4efc817..4bb1557 100644 --- a/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-python3-ubuntu/entrypoint.sh @@ -103,10 +103,9 @@ case "$1" in ;; esac +# Switch to spark if no USER specified (root by default) otherwise use USER directly switch_spark_if_root() { - if [ $(id -u) -ne 0 ]; then - return - else + if [ $(id -u) -eq 0 ]; then echo gosu spark fi } diff --git a/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh index 4efc817..4bb1557 100644 --- a/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-r-ubuntu/entrypoint.sh @@ -103,10 +103,9 @@ case "$1" in ;; esac +# Switch to spark if no USER specified (root by default) otherwise use USER directly switch_spark_if_root() { - if [ $(id -u) -ne 0 ]; then - return - else + if [ $(id -u) -eq 0 ]; then echo gosu spark fi } diff --git a/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh b/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh index 4efc817..4bb1557 100644 --- a/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh +++ b/3.3.0/scala2.12-java11-ubuntu/entrypoint.sh @@ -103,10 +103,9 @@ case "$1" in ;; esac +# Switch to spark if no USER specified (root by default) otherwise use USER directly switch_spark_if_root() { - if [ $(id -u) -ne 0 ]; then - return - else + if [ $(id -u) -eq 0 ]; then echo gosu spark fi } From 23232167301cc8eb24cb83a9bc9ddcefb22d213c Mon Sep 17 00:00:00 2001 From: Yikun Jiang Date: Mon, 17 Oct 2022 12:56:40 +0800 Subject: [PATCH 5/5] Remove unused line --- 3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile index 28c4154..5dbc973 100644 --- a/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile +++ b/3.3.0/scala2.12-java11-python3-r-ubuntu/Dockerfile @@ -84,4 +84,3 @@ RUN chmod a+x /opt/decom.sh RUN chmod a+x /opt/entrypoint.sh ENTRYPOINT [ "/opt/entrypoint.sh" ] -