c.f. https://denibertovic.com/posts/handling-permissions-with-docker-volumes/
Last active
June 14, 2018 09:12
-
-
Save tuxedocat/4b5bef0f50487aecd30eabe334e31bc7 to your computer and use it in GitHub Desktop.
Example of dockerfile (with user and group id)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BASENAME=tuxedocat/tensorflow | |
| DOCKERFILE=Dockerfile | |
| TF_VER=1.8.0 | |
| CUDA_VER=9.0 | |
| CUDNN_VER=7 | |
| PYTHON_VER=3.6.5 | |
| TAG=${TF_VER}_cuda${CUDA_VER}_cudnn${CUDNN_VER}_py${PYTHON_VER} | |
| docker build \ | |
| --build-arg TF_VER=${TF_VER} \ | |
| --build-arg CUDA_VER=${CUDA_VER} \ | |
| --build-arg CUDNN_VER=${CUDNN_VER} \ | |
| --build-arg PYTHON_VER=${PYTHON_VER} \ | |
| --build-arg HTTP_PROXY=${HTTP_PROXY} \ | |
| --build-arg HTTPS_PROXY=${HTTPS_PROXY} \ | |
| --build-arg NO_PROXY=${NO_PROXY} \ | |
| --build-arg http_proxy=${http_proxy} \ | |
| --build-arg https_proxy=${https_proxy} \ | |
| --build-arg no_proxy=${no_proxy} \ | |
| -t ${BASENAME}:${TAG} \ | |
| -f ${DOCKERFILE} \ | |
| . |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Base Image | |
| ARG CUDA_VER=9.0 | |
| ARG CUDNN_VER=7 | |
| ARG DISTRIBUTION=ubuntu16.04 | |
| FROM nvidia/cuda:${CUDA_VER}-cudnn${CUDNN_VER}-devel-${DISTRIBUTION} | |
| # System | |
| RUN apt-get update && \ | |
| apt-get install -y \ | |
| build-essential \ | |
| vim \ | |
| wget \ | |
| git && \ | |
| apt-get clean && \ | |
| rm -rf /var/lib/apt/lists/* | |
| ARG USER_ONBUILD=docker | |
| ARG UID_ONBUILD=999 | |
| ARG GROUP_ONBUILD=docker | |
| ARG GID_ONBUILD=999 | |
| RUN umask 0002 && \ | |
| sed -ri -e 's@^UMASK[[:space:]]+[[:digit:]]+@UMASK 002@g' /etc/login.defs && \ | |
| grep -E "^UMASK" /etc/login.defs && \ | |
| groupadd -g ${GID_ONBUILD} ${GROUP_ONBUILD} && \ | |
| useradd --shell /bin/bash -u ${UID_ONBUILD} -g ${GID_ONBUILD} -o -c "" -m ${USER_ONBUILD} && \ | |
| chmod -R 2775 /opt && \ | |
| chown -R ${USER_ONBUILD}:${GROUP_ONBUILD} /opt | |
| # Setup Envs | |
| ARG MINICONDA_VER=4.4.10 | |
| ARG MINICONDA_MD5=bec6203dbb2f53011e974e9bf4d46e93 | |
| ARG CONDA_DIR=/opt/conda | |
| USER docker:docker | |
| WORKDIR /opt | |
| ENV PATH=${CONDA_DIR}/bin:${PATH} | |
| RUN mkdir -p ${CONDA_DIR} && \ | |
| umask 0002 && \ | |
| wget --quiet https://repo.continuum.io/miniconda/Miniconda3-${MINICONDA_VER}-Linux-x86_64.sh && \ | |
| echo "${MINICONDA_MD5} *Miniconda3-${MINICONDA_VER}-Linux-x86_64.sh" | md5sum -c - && \ | |
| /bin/bash Miniconda3-${MINICONDA_VER}-Linux-x86_64.sh -f -b -p ${CONDA_DIR} && \ | |
| rm Miniconda3-${MINICONDA_VER}-Linux-x86_64.sh | |
| # Python and Envs | |
| ARG PYTHON_VER=3.6.5 | |
| RUN umask 0002 && \ | |
| conda update -y conda && \ | |
| conda install --no-update-deps -y python=${PYTHON_VER} && \ | |
| conda install -y \ | |
| Pillow \ | |
| graphviz \ | |
| h5py \ | |
| matplotlib \ | |
| mkl \ | |
| nose \ | |
| notebook \ | |
| pandas \ | |
| pip \ | |
| pyyaml \ | |
| scikit-learn \ | |
| six && \ | |
| conda clean -y --all | |
| # TensorFlow | |
| ARG TF_VER=1.8.0 | |
| RUN pip install --no-cache-dir \ | |
| tensorflow-gpu==${TF_VER} | |
| # RUN git clone https://github.com/tensorflow/models.git /work/tf-models | |
| # User change utility | |
| USER root | |
| ENV GOSU_VERSION 1.10 | |
| RUN set -ex; \ | |
| \ | |
| fetchDeps=' \ | |
| ca-certificates \ | |
| wget \ | |
| '; \ | |
| apt-get install -y --no-install-recommends $fetchDeps; \ | |
| rm -rf /var/lib/apt/lists/*; \ | |
| \ | |
| dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ | |
| wget --quiet -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ | |
| wget --quiet -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ | |
| \ | |
| # verify the signature | |
| export GNUPGHOME="$(mktemp -d)"; \ | |
| gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ | |
| gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ | |
| rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ | |
| \ | |
| chmod +x /usr/local/bin/gosu; \ | |
| # verify that the binary works | |
| gosu nobody true; \ | |
| \ | |
| apt-get purge -y --auto-remove $fetchDeps; \ | |
| apt-get clean | |
| COPY entrypoint.sh /usr/local/bin/entrypoint.sh | |
| ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] | |
| WORKDIR /work |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Add local user | |
| # Either use the LOCAL_USER_ID if passed in at runtime or | |
| # fallback | |
| RUN_USER=${RUN_USER:-docker} | |
| RUN_GROUP=${RUN_GROUP:-docker} | |
| RUN_UID=${RUN_UID:-9001} | |
| RUN_GID=${RUN_GID:-999} | |
| echo "Starting with USER, UID : $RUN_USER, $RUN_UID" | |
| groupadd -g ${RUN_GID} ${RUN_GROUP} >& /dev/null | |
| useradd --shell /bin/bash -u ${RUN_UID} -g ${RUN_GID} -o -c "" -m ${RUN_USER} | |
| export HOME=/home/${RUN_USER} | |
| umask 0002 | |
| exec /usr/local/bin/gosu ${RUN_USER} "$@" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Run build, and get parameters | |
| . ./build.sh >& /dev/null | |
| # Runtime parameters | |
| GPU=${GPU:-0} | |
| NVRUNTIME=--runtime=nvidia | |
| WORKDIR=${HOME}/docker-shared | |
| DATASETS=${HOME}/datasets | |
| RUN_USER=$(whoami) | |
| RUN_GROUP=docker | |
| RUN_UID=$(id -u) | |
| RUN_GID=$(getent group docker | cut -d: -f3) | |
| CONTAINER_ALIAS=$(whoami)_$(uuid -v4 | cut -d- -f1) | |
| mkdir -p ${WORKDIR} | |
| docker run ${NVRUNTIME} -it \ | |
| --name ${CONTAINER_ALIAS} \ | |
| -v ${WORKDIR}:/work/shared \ | |
| -v ${DATASETS}:/work/datasets:ro \ | |
| -v /etc/localtime:/etc/localtime:ro \ | |
| --env NVIDIA_VISIBLE_DEVICES=$GPU \ | |
| --env HTTP_PROXY=$HTTP_PROXY \ | |
| --env HTTPS_PROXY=$HTTPS_PROXY \ | |
| --env NO_PROXY=$NO_PROXY \ | |
| --env http_proxy=$http_proxy \ | |
| --env https_proxy=$https_proxy \ | |
| --env no_proxy=$no_proxy \ | |
| --env RUN_USER=$RUN_USER \ | |
| --env RUN_UID=$RUN_UID \ | |
| --env RUN_GROUP=$RUN_GROUP \ | |
| --env RUN_GID=$RUN_GID \ | |
| ${BASENAME}:${TAG} /bin/bash |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment