diff --git a/Dockerfile b/Dockerfile index 012f08cca..e3f3c1f83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,12 +23,6 @@ # to add packages to the image. # --build-arg EXTRA_JETTY_PACKAGES=vim # -# To build an image that runs jetty as another user (e.g. to access mounted filesystems) -# you can use the JETTY_RUN_AS_USER_AND_GROUP_IDS and JETTY_RUN_AS_USER_AND_GROUP_NAMES args -# which should both be specified and formatted as :. -# --build-arg JETTY_RUN_AS_USER_AND_GROUP_IDS=999:999 -# --build-arg JETTY_RUN_AS_USER_AND_GROUP_NAMES=jetty:jetty -# # To run a container with the Jetty server hosting compiled render web services: # docker run -it --rm janelia-render:latest-ws @@ -98,12 +92,6 @@ FROM jetty:10.0.13-jre11 as render-ws # other packages can be added from build command (e.g. docker build ... --build-arg EXTRA_JETTY_PACKAGES=vim ) ARG EXTRA_JETTY_PACKAGES -# allow jetty run-as user to be changed (e.g. to access externally mounted filesystems) -ARG JETTY_RUN_AS_USER_AND_GROUP_IDS=999:999 -ARG JETTY_RUN_AS_USER_AND_GROUP_NAMES=jetty:jetty -ENV JETTY_RUN_AS_USER_AND_GROUP_IDS="$JETTY_RUN_AS_USER_AND_GROUP_IDS" \ - JETTY_RUN_AS_USER_AND_GROUP_NAMES="$JETTY_RUN_AS_USER_AND_GROUP_NAMES" - USER root RUN apt-get update && apt-get install -y curl coreutils $EXTRA_JETTY_PACKAGES @@ -148,5 +136,5 @@ ENV JAVA_OPTIONS="-Xms3g -Xmx3g -server -Djava.awt.headless=true" \ WEB_SERVICE_MAX_TILE_SPECS_TO_RENDER="20" \ WEB_SERVICE_MAX_IMAGE_PROCESSOR_GB="" -USER $JETTY_RUN_AS_USER_AND_GROUP_IDS +USER jetty ENTRYPOINT ["/render-docker/render-run-jetty-entrypoint.sh"] diff --git a/docs/src/site/markdown/render-ws-docker.md b/docs/src/site/markdown/render-ws-docker.md index 0627e31b0..4a3076dad 100644 --- a/docs/src/site/markdown/render-ws-docker.md +++ b/docs/src/site/markdown/render-ws-docker.md @@ -14,12 +14,6 @@ docker build -t janelia-render:latest-ws --target render-ws . # To help debug image build issues, you can use the EXTRA_JETTY_PACKAGES arg # to add packages to the image. --build-arg EXTRA_JETTY_PACKAGES=vim - -# To build an image that runs jetty as another user (e.g. to access mounted filesystems) -# you can use the JETTY_RUN_AS_USER_AND_GROUP_IDS and JETTY_RUN_AS_USER_AND_GROUP_NAMES args -# which should both be specified and formatted as :. ---build-arg JETTY_RUN_AS_USER_AND_GROUP_IDS=999:999 ---build-arg JETTY_RUN_AS_USER_AND_GROUP_NAMES=jetty:jetty ``` You can speed up future builds by building and tagging the build environment: diff --git a/render-ws/src/main/scripts/jetty/configure_web_server.sh b/render-ws/src/main/scripts/jetty/configure_web_server.sh index 805f2694d..c85bf77fa 100755 --- a/render-ws/src/main/scripts/jetty/configure_web_server.sh +++ b/render-ws/src/main/scripts/jetty/configure_web_server.sh @@ -67,24 +67,6 @@ sed -i ' rm -rf "${SWAGGER_UI_SOURCE_DIR}" # ------------------------------------------------------------------------------------------- -# ensure jetty run-as user exists and that the run-as user owns the jetty base and tmp directories +# make jetty base and tmp directories accessible to all so that containers can be run as different external users -# JETTY_RUN_AS_USER_AND_GROUP_IDS format is user-id:group-id -JETTY_RUN_AS_USER_ID=${JETTY_RUN_AS_USER_AND_GROUP_IDS%%:*} -JETTY_RUN_AS_GROUP_ID=${JETTY_RUN_AS_USER_AND_GROUP_IDS##*:} - -# JETTY_RUN_AS_USER_AND_GROUP_NAMES format is user-name:group-name -JETTY_RUN_AS_USER_NAME=${JETTY_RUN_AS_USER_AND_GROUP_NAMES%%:*} -JETTY_RUN_AS_GROUP_NAME=${JETTY_RUN_AS_USER_AND_GROUP_NAMES##*:} - -if id "${JETTY_RUN_AS_USER_ID}" &>/dev/null; then - echo "configure_web_server: user ${JETTY_RUN_AS_USER_ID} already exists in image" -else - echo "configure_web_server: need to create group id ${JETTY_RUN_AS_GROUP_ID} with name ${JETTY_RUN_AS_GROUP_NAME} in image" - groupadd -g "${JETTY_RUN_AS_GROUP_ID}" "${JETTY_RUN_AS_GROUP_NAME}" - - echo "configure_web_server: need to create user id ${JETTY_RUN_AS_USER_ID} with name ${JETTY_RUN_AS_USER_NAME} in image ..." - useradd --uid "${JETTY_RUN_AS_USER_ID}" --gid "${JETTY_RUN_AS_GROUP_ID}" --shell /bin/bash "${JETTY_RUN_AS_USER_NAME}" -fi - -chown -R "${JETTY_RUN_AS_USER_AND_GROUP_IDS}" "${JETTY_BASE_DIR}" "${TMPDIR}" \ No newline at end of file +chmod -R 777 "${JETTY_BASE_DIR}" "${TMPDIR}" \ No newline at end of file