You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2019/10/29 12:56:58 UTC
[GitHub] [zeppelin] Reamer opened a new pull request #3495: [ZEPPELIN-4397]
Allow random userid for zeppelin process in container image
Reamer opened a new pull request #3495: [ZEPPELIN-4397] Allow random userid for zeppelin process in container image
URL: https://github.com/apache/zeppelin/pull/3495
### What is this PR for?
With this pull requests, we build zeppelin images, which are able to start as a random user. Random users are a security concept in some k8s products like Openshift ([reason](https://cookbook.openshift.org/users-and-role-based-access-control/why-do-my-applications-run-as-a-random-user-id.html))
In start script we write a user entry in `/etc/passwd`, because a user entry is needed for Hadoop. Logins for zeppelin are not allowed (`/bin/false`).
The zeppelin process doesn't need write access to binaries in zeppelin home folder. Only a few folder are writable.
### What type of PR is it?
Improvement
### What is the Jira issue?
* [ZEPPELIN-4397](https://issues.apache.org/jira/browse/ZEPPELIN-4397)
### How should this be tested?
* First time? Setup Travis CI as described on https://zeppelin.apache.org/contribution/contributions.html#continuous-integration
* Strongly recommended: add automated unit tests for any new or changed behavior
* Outline any manual steps to test the PR here.
### How it can be tested
- Build image
- Run image with
```bash
# the number 12345 can be random, default 1000
docker run -ti --user 12345 -p 8080:8080 -e ZEPPELIN_ADDR="0.0.0.0" my-zeppelin-image:latest
```
### Questions:
* Does the licenses files need update?
No
* Is there breaking changes for older versions?
No
* Does this needs documentation?
No
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services