Removal of /bin/* directory on ONBUILD RUN step in Dockerfile prevents executing commands in running image
ian-starts opened this issue · comments
Removing the /bin/* directories in the build step prevents the image user from doing anything in the container.
Is this removal on purpose?
See Dockerfile:
ONBUILD RUN chown -R imposter:imposter /opt/imposter && \
rm -rf /bin/*
In my usecase I want to use imposter as a service in a gitlab CI pipeline. Volume binds are not an option in that environment, so I want to be able to customize the contents of the config directory in the (prebuilt) image.
Not having access to /bin/* prevents me from executing any bash scripts in the running container.
A custom image is an option, but that's a lot more maintenance overhead as I'll have to maintain that image in case of future updates to imposter.
Hi @ian-starts, thanks for raising this. Sorry to hear this is causing issues.
For a container image with more userspace binaries, here's an example of a custom Docker image: https://github.com/outofcoffee/imposter/blob/main/examples/docker/Dockerfile
☝️ This example extends from the Java base image so has its various userspace tools available (and more you can install with the package manager).
I hope this is useful.
For a container image with more userspace binaries, here's an example of a custom Docker image: https://github.com/outofcoffee/imposter/blob/main/examples/docker/Dockerfile
☝️ This example extends from the Java base image so has its various userspace tools available (and more you can install with the package manager).
This may have been true at some point, but currently the Dockerfile extends from outofcoffee/imposter:
FROM outofcoffee/imposter
# your custom config
COPY config /opt/imposter/configI also found it very annoying to not have anything available to run in the container. It makes debugging and extensibility very hard. For example what if I wanted to install an additional plugin in my Dockerfile?
Doing something like
FROM outofcoffee/imposter:3.36.0
RUN imposter plugin install -d js-graal:zipWill break with unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory during build.
Hi @rnestler, sorry for providing the wrong path to the example Dockerfile.
It should've been this:
https://github.com/outofcoffee/imposter/blob/main/examples/docker-shell/Dockerfile
In this file, there's a multistage build with the final image based on the JRE base image:
FROM outofcoffee/imposter as imposter
FROM eclipse-temurin:11.0.22_7-jre-jammy
COPY --from=imposter /opt/imposter/lib /opt/imposter/lib
# your custom config
COPY config /opt/imposter/config
# optional docker healthcheck
HEALTHCHECK --interval=5s --timeout=5s --start-period=5s --retries=3 CMD curl -f http://localhost:8080/system/status || exit 1
ENTRYPOINT ["java", "-classpath", "/opt/imposter/lib/*", "io.gatehill.imposter.cmd.ImposterLauncher", "--configDir", "/opt/imposter/config"]
Hi @rnestler, sorry that you found this annoying:
I also found it very annoying to not have anything available to run in the container
To run commands in the Dockerfile without a shell, you can make use of the exec form of the RUN command (docs here).
For example:
FROM outofcoffee/imposter:3.36.0
RUN [ "imposter", "plugin", "install", "-d", "js-graal:zip" ]