create passwd entry in the image, so image can run as a non-root cont…

…ainer environment
open-datastudio · Jun 8, 2020 · 94a41e2 · 94a41e2
1 parent 81da2cc
commit 94a41e2
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/.github/workflows/publish-docker-image.yml b/.github/workflows/publish-docker-image.yml
@@ -35,8 +35,13 @@ jobs:
         architecture: 'x64'
     - name: Apply Patch
       run: |-
-        # remove -s option of tini. while gvisor does not support PR_SET_CHILD_SUBREAPER
+        # Remove -s option of tini. while gvisor does not support PR_SET_CHILD_SUBREAPER
         sed -i 's/tini -s/tini/' resource-managers/kubernetes/docker/src/main/dockerfiles/spark/entrypoint.sh
+        # Add passwd entry. otherwise, entrypoint.sh will shows 'Container ENTRYPOINT failed to add passwd entry for anonymous UID'
+        # and executor will fail with  javax.security.auth.login.LoginException: java.lang.NullPointerException: invalid null input: name at com.sun.security.auth.UnixPrincipal.<init>(UnixPrincipal.java:71)
+        sed -i '/^USER/d' resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile
+        echo 'RUN groupadd --gid $spark_uid spark && useradd -ms /bin/bash spark --uid $spark_uid --gid $spark_uid' >> resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile
+        echo 'USER ${spark_uid}' >> resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile
     - name: Build distribution
       run: |-
         ./dev/make-distribution.sh --name spark --pip --r --tgz -Psparkr -Phadoop-2.7 -Phive -Phive-thriftserver -Pkubernetes