I ran this command:
docker pull mcr.microsoft.com/mssql/server:2019-latest
I then made a dockerfile to use this container image as a base image for another container
# escape=`
FROM mcr.microsoft.com/mssql/server:2019-latest
SHELL ["/bin/bash", "-c"]
COPY ./CompanyCert.crt /usr/local/share/ca-certificates/CompanyCert.crt
RUN update-ca-certificates
When I try to build that docker file, I get this error:
ln: failed to create symbolic link '/etc/ssl/certs/CompanyCert.pem': Permission denied
So I added a RUN whoami to my docker file and it returns mssql. When I run id -u it returns 10001. So it seems that the user mssql does not have root permissions.
I tried putting sudo in front of my call to update-ca-certificates but it says:
/bin/bash: sudo: command not found
I tried to RUN su - and that returns:
su: must be run from a terminal
I have successfully used the above dockerfile to install my company certificates on other containers from Microsoft, but it is failing spectacularly this time.
How can I get root access so I can install my company certificate on this SQL Server Container?
Add USER root to your Dockerfile:
FROM mcr.microsoft.com/mssql/server:2019-latest
USER root
SHELL ["/bin/bash", "-c"]
COPY ./CompanyCert.crt /usr/local/share/ca-certificates/CompanyCert.crt
RUN update-ca-certificates
Related
I am using ubuntu 22.04 lts as a sudo user.
I made a react application and then I created a image and ran it in a container successfully. But i want to go inside the container for which i ran the below command:
docker exec -it e448b7024af bash
but i got the following error:
Error response from daemon: Container e448b7024af19a0bb is not running
I ran the below command to check if container is running:
docker ps
// i got my container in the list
// also i did some actions in react application to double check if conatiner was working and it worked perfectly
below is the output for the above command:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
56f8042d2f1 react_d "docker-entrypoint.s…" 12 minutes ago Up 12 minutes 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp youthful_sammet
then based on some other solution i tried the below command:
docker run -it e448b7024af /bin/bash
and i got the following error:
Unable to find image 'e448b7024af:latest' locally
docker: Error response from daemon: pull access denied for e448b70254af, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
then i tried the following command based on some solution i found:
docker pull e448b7024af:latest
but i got the following error:
Error response from daemon: pull access denied for e448b7024af, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
i also tried:
docker exec -it 568f8042d2f1 bash
and i got the following error:
OCI runtime exec failed: exec failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown
Below is my Dockerfile:
FROM node:alpine
WORKDIR /app
COPY /package*.json ./
RUN npm install
COPY . .
CMD ["npm","run","start"]
My container is working properly but i am unable to get inside of the container. Any help is appreciated. Thanks in advance.
Based on the output from docker ps, your container id is 56f8042d2f1 and not e448b7024af which I suspect might be your image id or a container id from a previous run.
Another thing is that bash isn't installed in Alpine images by default. You can use sh instead.
You can use the more human-friendly container name of youthful_sammet in your command and do
docker exec -it youthful_sammet sh
or, if you prefer the id
docker exec -it 56f8042d2f1 sh
you are using the wrong container identifier in the docker exec command as when you do docker ps the container id is different and you are using the wrong one.
I personally use the container name as identifier it is easy to remember.
I am trying to run a SQL Server container on my mac through Docker.
I ran the following command:
docker run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=strongpassword" -p 1433:1433 --name sqlservercontainer -d mcr.microsoft.com/mssql/server:2019-latest
But the container is immediately exiting.
The docker logs for the container look like this:
SQL Server 2019 will run as non-root by default.
This container is running as user mssql.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
SQL Server 2019 will run as non-root by default.
This container is running as user mssql.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
/opt/mssql/bin/sqlservr: Error: The system directory [/.system] could not be created. File: LinuxDirectory.cpp:420 [Status: 0xC0000022 Access Denied errno = 0xD(13) Permission denied]
/opt/mssql/bin/sqlservr: Error: The system directory [/.system] could not be created. File: LinuxDirectory.cpp:420 [Status: 0xC0000022 Access Denied errno = 0xD(13) Permission denied]
Any idea what needs to be done to solve this?
If you use the sudo command to create a folder outside of your home directory structure for use by Docker then that folder is going to be owned by the root user, e.g.:
$ sudo mkdir /var/mssql-data
$ ls -la /var/mssql-data
total 0
drwxr-xr-x 2 root wheel 64B 26 May 11:31 ./
drwxr-xr-x 30 root wheel 960B 26 May 11:31 ../
When you try to launch an SQL Server container using a volume mapping with that folder the container will fail to start - because the Docker backend process doesn't have access - and you will see the "system directory could not be created" error message, e.g.:
$ docker run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=StrongPassw0rd" -p 1433:1433 -v /var/mssql-data:/var/opt/mssql --name sqlservercontainer -d mcr.microsoft.com/mssql/server:2019-latest
9d6bf76a91af08329ea07fafb67ae68410d5320d9af9db3b1bcc8387821916da
$ docker logs 9d6bf76a91af08329ea07fafb67ae68410d5320d9af9db3b1bcc8387821916da
SQL Server 2019 will run as non-root by default.
This container is running as user mssql.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
/opt/mssql/bin/sqlservr: Error: The system directory [/.system] could not be created. File: LinuxDirectory.cpp:420 [Status: 0xC0000022 Access Denied errno = 0xD(13) Permission denied]
To correct the situation you need to give your own account access to the folder and then a container using that volume mapping will start successfully:
$ sudo chown $USER /var/mssql-data
$ docker run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=StrongPassw0rd" -p 1433:1433 -v /var/mssql-data:/var/opt/mssql --name sqlservercontainer -d mcr.microsoft.com/mssql/server:2019-latest
3b6634f234024e07af253e69f23971ab3303b3cb6b7bc286463e196dae4de82e
I run SQL Server in container
docker run --network=bridge --name sql29 -h sql29 -it --rm -v h:/sql219data:/var/opt/mssql -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=sQL_19[pwd]" -p 12433:1433 -d mcr.microsoft.com/mssql/server:2019-latest
as described here:
https://learn.microsoft.com/en-us/sql/linux/tutorial-restore-backup-in-sql-server-container?view=sql-server-ver15
I see the active docker
docker ps
But if I try to create the new folder :
docker exec -it sql29 mkdir /var/opt/mssql/bkp22
then the docker disappeared.
docker ps
.........
How to understand: why the docker disappeared? Maybe the volume was mapped incorrectly?
As #Zeitounator commented, the tutorial you linked has a note saying that bind mounts don't work on Windows with the /var/opt/mssql directory:
Host volume mapping for Docker on Windows does not currently support mapping the complete /var/opt/mssql directory. However, you can map a subdirectory, such as /var/opt/mssql/data to your host machine.
You commented that your goal was to keep or restore databases between docker runs. You don't need a bind mount to do that, this is the primary purpose of a volume.
You can create a volume using docker volume create:
docker volume create sql219data
Then run your container using this volume:
docker run -v sql219data:/var/opt/mssql # ...
For debugging purposes you can remove the --rm option from your docker run command so the container won't be removed when stopped. You will then be able to read the logs of the container (even if it stopped):
docker logs sql29
# Then remove it to run the same `docker run` command again
docker rm sql29
docker run # ...
When I run latest sql server image from official documentation on linux host.
docker run -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=asdasdasdsad' -p 1433:1433 -v ./data:/var/opt/mssql/data -d mcr.microsoft.com/mssql/server:2019-latest
I get error:
ERROR: Setup FAILED copying system data file 'C:\templatedata\model_replicatedmaster.mdf' to '/var/opt/mssql/data/model_replicatedmaster.mdf': 5(Access is denied.)
This message occurs only on Linux host and with binded volumes.
I happen because lack of permission. On 2019 mssql docker move from root user images into not-root. It made that docker sql-server containers with binded volumes and run on Linux host has a permission issue (=> has no permission to write into binded volume).
There are few solution for this problem:
1. Run docker as root.
eg. compose:
version: '3.6'
services:
mssql:
image: mcr.microsoft.com/mssql/server:2019-latest
user: root
ports:
- 1433:1433
environment:
- ACCEPT_EULA=Y
- SA_PASSWORD=BLAH
volumes:
- ./data:/var/opt/mssql/data
Source: https://github.com/microsoft/mssql-docker/issues/13#issuecomment-641904197
2. Setup proper directory owner (mssql)
Check id for mssql user on docker image
sudo docker run -it mcr.microsoft.com/mssql/server id mssql
gives: uid=10001(mssql) gid=0(root) groups=0(root)
Change folder's owner
sudo chown 10001 VOLUME_DIRECTORY
Source in Spanish: https://www.eiximenis.dev/posts/2020-06-26-sql-server-docker-no-se-ejecuta-en-root/
3. Give a full access (not recommended)
Give full access to db files on host
sudo chmod 777 -R VOLUME_DIRECTORY
Unfortunately, the only way I found to fix this issue involves a few manual steps.
I used the following docker-compose file for this to work
version: '3.9'
services:
mssql:
image: mcr.microsoft.com/mssql/server:2019-latest
platform: linux
ports:
- 1433:1433
environment:
- ACCEPT_EULA=Y
- MSSQL_SA_PASSWORD=<testPASSWORDthatISlongENOUGH_1234>
volumes:
- ./mssql/data:/var/opt/mssql/data
- ./backups:/var/backups
(the data directory has to be mounted directly due to another issue with SQL server containers hosted on Windows machines)
Then you need to perform the following manual steps:
Connect to the database using SSMS
Find and select your .bak database backup file
Open a terminal in the container
In the directory that the .mdf and .ldf files are going to be created, touch files with the database name you are going to use
touch /var/opt/mssql/data/DATABASE_NAME.mdf
touch /var/opt/mssql/data/DATABASE_NAME_log.ldf
Toggle the option to replace any existing database with the restore
Restore your database
I tried to follow the instructions in this https://www.sqlservercentral.com/blogs/using-volumes-in-sql-server-2019-non-root-containers article but I could not get it to work.
This problem was also discussed in this github issue (which the bot un-helpfully closed without a proper solution).
I encoutered the same problem as you trying to run a container based on sql server on DigitalOcean. user: root also solved the issue.
I created a MSSQL docker container based on the official image provided by Microsoft (https://hub.docker.com/_/microsoft-mssql-server).
I started a bash shell inside the running container and tried to delete some files.
sudo docker exec -it sql1 "bash"
Inside the container it is using the mssql account (by default).
And there seems to be some permission issues when I tried to delete the files.
rm -f *.csv
rm: cannot remove 'xxx.csv': Operation not permitted
How can I obtain the root permission to delete the file? I am not sure what default password I can use to run rm as root.
Thanks a lot!
You can specify the user as an argument:
sudo docker exec -it --user root sql1 "bash"
If you are on docker-compose
user:
0:0