You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello there!
While developing using compose, my primary deploy target is swarm so I am using file secrets most of the time.
Finding
While trying to make the development process more convenient using compose, I started overriding also the file: directive in the root-level secrets with environment: using the compose.override.yml.
Recently I noticed the following error while the USER running in the container is not root but, e.g. node using the node:alpine image: Error response from daemon: getent unable to find entry "node" in passwd database
Question(s)
Is this the expected result I have to deal with because compose just mimics the features of swarm?
Has someone a hint how to make running the desired non-root user plus environment feeded secrets work, while dealing with the differences between "stack deploy" and "compose up"?
version: "3.8"secrets:
api_pass:
environment: SOME_API_PASSservices:
backend:
image: node:alpineenvironment:
- API_PASS_FILE=/run/secrets/api_passsecrets:
- source: api_passcommand:
- sh
- -c
- set -x; ls -la /run/secrets; iduser: nodename: test-compose-secrets-environment
Run docker compose up with SOME_API_PASS env set inline
❯ SOME_API_PASS=SOME_API_PASS docker compose -f compose.yaml up
[+] Running 1/2
✔ Network test-compose-secrets-environment_default Created 0.0s
⠋ Container test-compose-secrets-environment-backend-1 Creating 0.0s
Error response from daemon: getent unable to find entry "node"in passwd database
Seeing an error?! Try again...
❯ SOME_API_PASS=SOME_API_PASS docker compose -f compose.yaml up
Attaching to test-compose-secrets-environment-backend-1
test-compose-secrets-environment-backend-1 | + ls -la /run/secrets
test-compose-secrets-environment-backend-1 | ls: /run/secrets: No such file or directory
test-compose-secrets-environment-backend-1 | uid=1000(node) gid=1000(node) groups=1000(node)
test-compose-secrets-environment-backend-1 | + id
test-compose-secrets-environment-backend-1 exited with code 0
Comment out user: node directive so that user is root
--- a/compose.yaml+++ b/compose.yaml@@ -15,6 +15,6 @@ services:
- sh
- -c
- set -x; ls -la /run/secrets; id
- user: node+ # user: node
name: test-compose-secrets-environment
Run compose up again running the container as root
❯ SOME_API_PASS=SOME_API_PASS docker compose -f compose.yaml up
[+] Running 1/1
✔ Container test-compose-secrets-environment-backend-1 Recreated 0.1s
Attaching to test-compose-secrets-environment-backend-1
test-compose-secrets-environment-backend-1 | + ls -la /run/secrets
test-compose-secrets-environment-backend-1 | /run/secrets:
test-compose-secrets-environment-backend-1 | total 12
test-compose-secrets-environment-backend-1 | drwxr-xr-x 2 root root 4096 May 22 13:36 .
test-compose-secrets-environment-backend-1 | drwxr-xr-x 1 root root 4096 May 22 13:36 ..
test-compose-secrets-environment-backend-1 | -r-------- 1 root root 13 May 22 13:36 api_pass
test-compose-secrets-environment-backend-1 | + id
test-compose-secrets-environment-backend-1 | uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
test-compose-secrets-environment-backend-1 exited with code 0
Compose Version
❯ docker compose version ; docker-compose version
Docker Compose version v2.17.3
Docker Compose version v2.17.3
same issue applies to a plain docker cp command asking engine to apply uid/gid:
$ docker cp ./foo test-backend-1:/tmp/test -a
Successfully copied 1.54kB to test-backend-1:/tmp/test
Error response from daemon: getent unable to find entry "node" in passwd database
Description
Background
Hello there!
While developing using compose, my primary deploy target is swarm so I am using file secrets most of the time.
Finding
While trying to make the development process more convenient using compose, I started overriding also the
file:
directive in the root-level secrets withenvironment:
using thecompose.override.yml
.Recently I noticed the following error while the USER running in the container is not
root
but, e.g.node
using thenode:alpine
image: Error response from daemon: getent unable to find entry "node" in passwd databaseQuestion(s)
Is this the expected result I have to deal with because compose just mimics the features of swarm?
Has someone a hint how to make running the desired non-root user plus environment feeded secrets work, while dealing with the differences between "stack deploy" and "compose up"?
Steps To Reproduce
From: https://github.com/jawys/test-compose-secrets-environment
compose.yaml
SOME_API_PASS
env set inlineuser: node
directive so that user is rootCompose Version
Docker Environment
Anything else?
The text was updated successfully, but these errors were encountered: