[RTFACT-15224] Running Artifactory docker container without root access Created: 26/Oct/17  Updated: 14/Sep/18  Resolved: 30/Jul/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Docker
Affects Version/s: None
Fix Version/s: 6.2.0

Type: Bug Priority: Normal
Reporter: Ankush Chadha Assignee: Gal Ben Ami
Resolution: Fixed Votes: 2
Labels: artifactory, docker

Issue Links:
Relationship
relates to RTFACT-15748 entrypoint-artifactory.sh docker scri... Open
Trigger
triggered RTFACT-17335 Artifactory in Docker cannot start wi... Resolved
Assigned QA: Barak Hacham
Epic Link: Scan docker-registry within the openshift environment via Artifactory
Sprint: Leap 30, Leap 31, Leap 32, Leap 33, Leap 34

 Description   

Artifactory Docker container currently starts the entrypoint as root, which eventually runs artifactory.sh as user artifactory.
This needs to change, so the entrypoint will be triggered as artifactory user.
Move all functionality that needs root to Docker build time. Any run time issues should result in a graceful error message and termination of the container.

[OpenShift] Getting useradd error because OpenShift discourages running docker images as root. Need to add user to each OpenShift project. The fix is to remove the useradd in the docker images. Useradd in docker image is to start artifactory with artifactory:artifactory.

The following functionalities need to move out from the entrypoint the to Dockerfile:

  • Creating artifactory user
  • Chown on the data dir (will be replaced by an error)


 Comments   
Comment by Ankush Chadha [ 06/Nov/17 ]

This should be fixed though not a release blocker from OpenShift perspective. We will move this ticket from the soldev queue to the Artifactory queue. DevOps and Artifactory teams should work on this. For additional details, reach out to Eldad.

Generated at Sun Nov 17 20:26:03 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.