问题描述
jupyter:
image: flink:1.19-py
privileged: true
user: root
ports:
- "9999:8888"
volumes:
- /data/docker_data/jupyter:/work
command: sh -c "cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563"
networks:
- flink-net
为什么容器内执行的命令用户是flink
root@22c47eeae6cf:/opt/flink# ps -ef
UID PID PPID C STIME TTY TIME CMD
flink 1 0 0 06:10 ? 00:00:00 sh -c cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563
flink 78 1 0 06:10 ? 00:00:01 /usr/bin/python3 /usr/local/bin/jupyter-notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee
原因分析
docker-compose.yml 中指定了 command,但是没有指定 entrypoint
实际启动容器时仍使用了镜像里的entry-point,command只是作为entry-point.sh 脚本的参数
在entry-point脚本中切换了用户
解决方案
修改docker-compose.yml 中的entrypoint
jupyter:
image: flink:1.19-py
privileged: true
user: root
ports:
- "9999:8888"
volumes:
- /data/docker_data/jupyter:/work
entrypoint: sh
command:
- "-c"
- "cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563"
networks:
- flink-net
结果正确
[root@localhost data]# docker exec -it data_jupyter_1 bash
root@95fbecd2211a:/opt/flink# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 06:44 ? 00:00:00 sh -c cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563
root 7 1 6 06:44 ? 00:00:01 /usr/bin/python3 /usr/local/bin/jupyter-notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494eeroot 10 0 0 06:44 pts/0 00:00:00 bash
root 18 10 0 06:44 pts/0 00:00:00 ps -ef