This image does not work when the image is run with a random user who does not exist in /etc/passwd.
If you run this image like 'docker run -u
I discovered this issue when trying to run it in Openshift.
Hi,
What message returned when you try to run the container with uid? And you would like to refer to Random user IDs when running Docker containers.
This is the error returned:
"Driver's SQLAllocHandle on SQL_HANDLE_HENV failed."
I am gonna read up on the link you sent regarding running docker containers as random users.
@oddbeck thanks for reporting this, I'll share this with the team. This is an issue with sqlcmd trying to authenticate an unnamed user.
Can you try adding the following lines to your dockerfile, right before CMD?
RUN useradd -r -u 1002 appuser
USER appuser
this should unblock you for now.
I am having this issue, too. Any progress on fixing?
The use of
RUN useradd -r -u 1002 appuser
USER appuser
isn't considered a standard practice. Especially in systems where the userid is specified from the outside of the container for security reasons.
Another work-around is to specify a UID of an existing user that has a home directory. For instance, nobody with UID 65534 in some images. Check /etc/passwd to see what userids are available.
Examples:
docker run --user nobody ...
docker run --user 65534 ...
One last thought. Using Dockerfile commands like:
RUN useradd -r -u 1002 appuser
USER appuser
is problematic in platforms like OpenShift.
Reason: OpenShift overrides the UID on deployment for security reasons.
So for mssql-docker to be useful in larger systems in a standard manner, this GitHub issue needs to be fixed.
@docktermj Any workaround for Openshift
@appi147 I haven't tried this on OpenShift. (I've only done Helm Charts on OpenShift with non-root containers having no actual username.)
There does seem to be a glimmer of hope for manually specifying a UID for containers on OpenShift. Reference: https://cookbook.openshift.org/users-and-role-based-access-control/how-can-i-enable-an-image-to-run-as-a-set-user-id.html So maybe forcing OpenShift to use a specific UID might work.
Caveat: Just a thought; Haven't tried it.
Might be worth starting SQL with a shell script if it isn't already, and have that will do the useradd command if it isn't already present? At least as a near term way to address this?
Has anyone managed to get it working on Openshift?
If you have access to pod terminal, try:
export $(id)
echo "default:x:$uid:0:user:/tmp:/bin/bash" >> /etc/passwd
Its a temporary workaround I found on Internet
That workaround only works if you're root @appi147
I ended up here from a pyodbc issue
The cookbook solution does work, but you need to have an OpenShift admin create a special security group for the user you'll be running as, which you won't have if you move to a cloud provider.
The suggestion does not work.
RUN useradd -r -u 1002 appuser
USER appuser
Error Message
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.
Has anyone found a way to do this? I'm blocked and questioning how I can include startup scripts during the deployment?
Hi everyone,
I managed to get it working by using the setup used in this[1] and building my own mssql-tools image (it may require copying some bits and modifying it here and there, but he solved the crux of the issue).
I hope this is helpful.
[1] https://github.com/VeerMuchandi/mssql-openshift-tools/tree/master/mssql-client
Hi everyone,
I managed to get it working by using the setup used in this[1] and building my own mssql-tools image (it may require copying some bits and modifying it here and there, but he solved the crux of the issue).
I hope this is helpful.
[1] https://github.com/VeerMuchandi/mssql-openshift-tools/tree/master/mssql-client
Hello there!
I did something similar but using Alpine. I ended up with a 17 MB's image 馃槂
If you want to take a look, here you have the GitHub repository:
https://github.com/dbamaster/mssql-tools-alpine
Cheers,