Dockerfile build fails when uid/gid is large

[lucastheisen]

When running a build with a large UID/GID the build will eventually fail because it runs out of space. This appears to be realated to this upstream moby/docker bug. Specifically when creating a user with useradd the /var/log/lastlog gets huge because it is a sparse file based on UID and docker doesn't appear to handle that correctly. This comment provides a workaround that works for us. While working through this bug, we put in a little effort to clean up the Dockerfile, mostly a bunch of readability items, but also some size reduction by not chown in a separate layer. Our Dockerfile looks like this:

FROM tomcat:9.0-jdk11-openjdk-slim-buster

ENV JAVA_HOME=/usr/local/openjdk-11
ENV GS_VERSION=2.20.4
ENV WAR_URL="https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip"
ENV STABLE_PLUGIN_BASE_URL=https://liquidtelecom.dl.sourceforge.net
ENV DOWNLOAD_ALL_STABLE_EXTENSIONS=1
ENV DOWNLOAD_ALL_COMMUNITY_EXTENSIONS=1
# these uid/gid's are in the range allowed for our openshift namespace
ENV GEOSERVER_UID=1001470000
ENV GEOSERVER_GID=1001470000
ENV USER=geoserveruser
ENV GROUP_NAME=geoserverusers
ENV HTTPS_PORT=8443
ENV DEBIAN_FRONTEND=noninteractive

RUN set -e; \
    apt-get -y update; \
    apt-get -y --no-install-recommends \
      install \
      fonts-cantarell \
      lmodern ttf-aenigma \
      ttf-georgewilliams \
      ttf-bitstream-vera \
      ttf-sjfonts tv-fonts \
      libapr1-dev libssl-dev \
      gdal-bin \
      libgdal-java \
      wget \
      zip \
      unzip \
      curl \
      xsltproc \
      certbot \
      cabextract \
      gettext \
      postgresql-client \
      figlet; \
    dpkg-divert --local --rename --add /sbin/initctl; \
    (echo "Yes, do as I say!" | apt-get remove --force-yes login); \
    apt-get clean; \
    rm -rf /var/lib/apt/lists/*; \
    : ;

ENV GEOSERVER_DATA_DIR=/opt/geoserver/data_dir \
    GDAL_DATA=/usr/local/gdal_data \
    LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/usr/local/gdal_native_libs:/usr/local/tomcat/native-jni-lib:/usr/lib/jni:/usr/local/apr/lib:/opt/libjpeg-turbo/lib64:/usr/lib:/usr/lib/x86_64-linux-gnu" \
    FOOTPRINTS_DATA_DIR=/opt/footprints_dir \
    GEOWEBCACHE_CACHE_DIR=/opt/geoserver/data_dir/gwc \
    CERT_DIR=/etc/certs \
    RANDFILE=/etc/certs/.rnd \
    FONTS_DIR=/opt/fonts \
    GEOSERVER_HOME=/geoserver \
    EXTRA_CONFIG_DIR=/settings

RUN set -e; \
    groupadd --system  --gid "${GEOSERVER_GID}" "${GROUP_NAME}"; \
    # --no-log-init required for large UID because of this bug:
    #   https://github.com/moby/moby/issues/5419
    useradd \
      --no-log-init \
      --create-home \
      --home-dir "/home/${USER}" \
      --uid "${GEOSERVER_UID}" \
      --gid "${GEOSERVER_GID}" \
      --shell /bin/bash \
      --groups "${GROUP_NAME}" \
      "${USER}"; \
    mkdir --parents \
      "${GEOSERVER_DATA_DIR}" \
      "${CERT_DIR}" \
      "${FOOTPRINTS_DATA_DIR}" \
      "${FONTS_DIR}" \
      "${GEOWEBCACHE_CACHE_DIR}" \
      "${GEOSERVER_HOME}" \
      "${EXTRA_CONFIG_DIR}" \
      /community_plugins \
      /stable_plugins \
      /plugins \
      /geo_data; \
    : ;

COPY --chown="${GEOSERVER_UID}:${GEOSERVER_GID}" build_data/stable_plugins.txt /plugins/stable_plugins.txt
COPY --chown="${GEOSERVER_UID}:${GEOSERVER_GID}" build_data/community_plugins.txt /community_plugins/community_plugins.txt
COPY --chown="${GEOSERVER_UID}:${GEOSERVER_GID}" build_data/letsencrypt-tomcat.xsl "${CATALINA_HOME}/conf/ssl-tomcat.xsl"
COPY --chown="${GEOSERVER_UID}:${GEOSERVER_GID}" resources /tmp/resources
COPY --chown="${GEOSERVER_UID}:${GEOSERVER_GID}" scripts /scripts

RUN set -e; \
    echo $GS_VERSION > /scripts/geoserver_version.txt; \
    chmod +x /scripts/*.sh; \
    /scripts/setup.sh; \
    apt-get clean; \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*; \
    chown --recursive "${GEOSERVER_UID}:${GEOSERVER_GID}" \
      "${CATALINA_HOME}" \
      "${FOOTPRINTS_DATA_DIR}" \
      "${GEOSERVER_DATA_DIR}" \
      "${CERT_DIR}" \
      "${FONTS_DIR}" \
      "${GEOSERVER_HOME}" \
      "${EXTRA_CONFIG_DIR}" \
      /scripts \
      /tmp \
      "/home/${USER}" \
      /community_plugins \
      /plugins \
      /usr/share/fonts \
      /geo_data; \
    chmod o+rw "${CERT_DIR}"; \
    : ;

EXPOSE "${HTTPS_PORT}"

USER "${GEOSERVER_UID}"
RUN echo 'figlet -t "Kartoza Docker GeoServer"' >> ~/.bashrc

WORKDIR "${GEOSERVER_HOME}"

CMD ["/bin/bash", "/scripts/entrypoint.sh"]

This should work for this project as well...

[NyakudyaA]

Thanks , will try it out and do a PR

[NyakudyaA]

This has been addressed in develop