[FOLIO-2710] [Rancher] Pipeline for oai-pmh fails: cannot be run as root Created: 30/Jul/20  Updated: 12/Aug/20  Resolved: 11/Aug/20

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: TBD
Reporter: Dmytro Popov Assignee: Stanislav Miroshnichenko
Resolution: Done Votes: 0
Labels: dev-environment
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint: DevOps: sprint 92, DevOps: Sprint 95
Development Team: FOLIO DevOps

 Description   

Namespace: gulfstream

The specifics about this module is it needs an embedded database during build stage to generate java classes. It tries to initiate a new process for an embedded database, but apparently, it does that under root.

The pipeline for oai-pmh fails in mvn package -DskipTests with the message:

INFO] Using system properties proxy configuration: null:null. no proxy: null
[INFO] Starting PostgreSQL...
[INFO] Detected a Linux x86_64 system
[INFO] Extracting Postgres...
[INFO] Postgres binaries at /tmp/embedded-pg/PG-785b618641f5eefce5b5079f2c9458dd
initdb: cannot be run as root
Please log in (using, e.g., "su") as the (unprivileged) user that will
own the server process.

Pipeline definition:


stages:
- name: Build
  steps:
  - runScriptConfig:
      image: maven:3-openjdk-8
      shellScript: mvn package -DskipTests
- name: Build Docker with DIND
  steps:
  - publishImageConfig:
      dockerfilePath: ./Dockerfile
      buildContext: .
      tag: docker.dev.folio.org/mod-oai-pmh:gulfstream-latest
      pushRemote: true
      registry: docker.dev.folio.org
- name: Deploy
  steps:
  - applyAppConfig:
      catalogTemplate: p-d9vmc:gulfstream-helmcharts-mod-oai-pmh
      version: 0.1.9
      answers:
        image.repository: docker.dev.folio.org/mod-oai-pmh
        image.tag: gulfstream-latest
      name: mod-oai-pmh
      targetNamespace: gulfstream
timeout: 60
branch:
  include:
  - develop
notification: {}

https://github.com/folio-org/mod-oai-pmh/blob/f8eaeb2c598dadf1cc2e5c52ea5cf62237c49d1d/.rancher-pipeline.yml



 Comments   
Comment by Marc Johnson [ 11/Aug/20 ]

The specifics about this module is it needs an embedded database during build stage to generate java classes.

Why is there a need for a database in order to perform code generation?

Comment by Dmytro Popov [ 11/Aug/20 ]

Yes, we're using jooq and liquibase. As it happens, these two need to spin up an in-memory H2 database during mvn build to generate java pojos.

Comment by Marc Johnson [ 11/Aug/20 ]

Yes, we're using jooq and liquibase. As it happens, these two need to spin up an in-memory H2 database during mvn build to generate java pojos.

Ok, that's unfortunate :-/

Comment by Stanislav Miroshnichenko [ 11/Aug/20 ]

Using non-root maven image in 'runScriptConfig' step, such as 'grizzlysoftware/maven-non-root:3.6.2-11.0.4-jdk-stretch' starts up Postgres successfully.

Closing ticket.

Comment by Dmytro Popov [ 11/Aug/20 ]

This image fixed it: grizzlysoftware/maven-non-root:3.6.2-8u222-jdk-stretch

Comment by Marc Johnson [ 11/Aug/20 ]

Stanislav Miroshnichenko Dmytro Popov

Using non-root maven image in 'runScriptConfig' step, such as 'grizzlysoftware/maven-non-root:3.6.2-11.0.4-jdk-stretch' starts up Postgres successfully.

What does that step do?

Comment by Stanislav Miroshnichenko [ 11/Aug/20 ]

That step is running shell script 'mvn package -DskipTests' in defined docker container.

Comment by Marc Johnson [ 11/Aug/20 ]

Stanislav Miroshnichenko

That step is running shell script 'mvn package -DskipTests' in defined docker container.

Ah, is this part of a pipeline to build artefacts from a branch of a module?

If so, could it run in the same executing context (I'm not sure if this is docker) as a mainline or regular build would (as these also do steps like this)?

Comment by Stanislav Miroshnichenko [ 11/Aug/20 ]

Marc Johnson, every build step in Rancher pipeline is running in docker image.
Step 'runScriptConfig' is a part of branch artefact building.
I'm not sure if I understand your question, my answer is that regular build steps (do you mean other steps in pipeline?) are using another docker containers.
Let's move to Slack to discuss, please.
Thank you.

Generated at Thu Feb 08 23:22:40 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.