You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Thomas Decaux (Jira)" <ji...@apache.org> on 2022/06/03 08:59:00 UTC

[jira] [Created] (ZEPPELIN-5747) Docker image is missing a zeppelin user

Thomas Decaux created ZEPPELIN-5747:
---------------------------------------

             Summary: Docker image is missing a zeppelin user
                 Key: ZEPPELIN-5747
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5747
             Project: Zeppelin
          Issue Type: Improvement
          Components: docker
    Affects Versions: 0.10.1
            Reporter: Thomas Decaux


h3. Problem

The Docker image dont define any user.

Run as "no root" is a best practice to run container, especially on kubernetes with securityContext, such as :
{code:java}
podSecurityContext:  
  runAsNonRoot: true  
  runAsUser: 1000  
  runAsGroup: 1000  
  fsGroup: 1000 {code}
Zeppelin will run fine, but spark will not:
{code:java}
org.apache.hadoop.security.KerberosAuthException: failure to login: javax.security.auth.login.LoginException: java.lang.NullPointerException: invalid null input: name
	at com.sun.security.auth.UnixPrincipal.<init>(UnixPrincipal.java:71) {code}
h3. Solution

The Dockerfile should create a "zeppelin" user, with home = "/opt/zeppelin", uid = 1000
h3. Workaround

On kubernetes, it's possible to share a volume mounted as /etc/passwd and use an initContainer to add the user.

 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)