K
Q

Jupyterlab docker container error on starting the container

7/18/2020

I have created a notebook Docker file as below to running the JupyterHub and JupyterLab 

FROM ubuntu:16.04
RUN apt-get update
RUN apt-get install sudo
RUN sudo useradd -m admin
RUN sudo echo -e "admin\nadmin\n" | passwd admin
RUN sudo echo "admin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

USER admin
RUN sudo apt-get update && sudo apt-get install -y --no-install-recommends apt-utils
RUN sudo apt-get update \
    && sudo apt-get install -y build-essential \
    && sudo apt-get install -y libffi-dev  \
    && sudo apt-get install -y libmysqlclient-dev  \
    && sudo apt-get install -y libsasl2-dev  \
    && sudo apt-get install -y openjdk-8-jdk  \
    && sudo apt-get install -y openssh-server  \
    && sudo apt-get install -y python-dev  \
    && sudo apt-get install -y unzip  \
    && sudo apt-get install -y wget  \
    && sudo apt-get install -y mysql-client \
    && sudo apt-get install -y git

RUN sudo apt-get install -y libssl-dev libxml2-dev libxslt1-dev zlib1g-dev libkrb5-dev

RUN sudo apt-get update 
RUN sudo apt-get install -y python3-pip
RUN sudo apt-get install -y python-pip
RUN sudo apt-get install -y python3-venv
RUN sudo python3 -m venv /opt/jupyterhub/
RUN sudo /opt/jupyterhub/bin/python3 -m pip install --upgrade pip
RUN sudo /opt/jupyterhub/bin/python3 -m pip install wheel
RUN sudo /opt/jupyterhub/bin/python3 -m pip install jupyterhub jupyterlab
RUN sudo /opt/jupyterhub/bin/python3 -m pip install ipywidgets

RUN sudo apt-get install -y curl
RUN sudo apt-get install -y nodejs npm 
RUN sudo curl -sL https://deb.nodesource.com/setup_10.x -o nodesource_setup.sh
RUN sudo bash nodesource_setup.sh
RUN sudo apt-get install -y nodejs 

RUN sudo npm install -g -y configurable-http-proxy
RUN sudo mkdir -p /opt/jupyterhub/etc/jupyterhub/
RUN cd /opt/jupyterhub/etc/jupyterhub/
RUN sudo /opt/jupyterhub/bin/jupyterhub --generate-config
RUN sudo mkdir -p /opt/jupyterhub/etc/systemd

RUN sudo chown -R admin:admin /opt/jupyterhub

RUN sudo echo "c.Spawner.default_url = '/lab' " >> /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py
RUN sudo echo "c.Authenticator.admin_users = {'admin'} " >> /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py
RUN sudo echo "c.LocalAuthenticator.create_system_users=True" >> /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py

RUN sudo echo -e '[Unit]\nDescription=JupyterHub\nAfter=syslog.target network.target\n\n[Service]\nUser=root\nEnvironment="PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/jupyterhub/bin"\nExecStart=/opt/jupyterhub/bin/jupyterhub -f /opt/jupyterhub/etc/jupyterhub/jupyterhub_config.py\n\n[Install]\nWantedBy=multi-user.target' >> /opt/jupyterhub/etc/systemd/jupyterhub.service

RUN sudo cp /opt/jupyterhub/etc/systemd/jupyterhub.service /etc/systemd/system/jupyterhub.service  
RUN sudo systemctl enable jupyterhub.service
#RUN sudo chown -R admin:admin /home/admin/.cache/pip
RUN sudo /opt/jupyterhub/bin/python3 -m pip install --upgrade setuptools
RUN sudo /opt/jupyterhub/bin/python3 -m pip install ipython==3.2.3
RUN sudo /opt/jupyterhub/bin/python3 -m pip install zipp==1.2.0
RUN sudo /opt/jupyterhub/bin/python3 -m pip install git+https://github.com/as-sher/sparkmagic.git#subdirectory=sparkmagic
RUN sudo /opt/jupyterhub/bin/jupyter-kernelspec install /opt/jupyterhub/lib/python3.5/site-packages/sparkmagic/kernels/sparkkernel
RUN sudo /opt/jupyterhub/bin/jupyter-kernelspec install /opt/jupyterhub/lib/python3.5/site-packages/sparkmagic/kernels/pysparkkernel
RUN sudo sed -i 's|root:x:0:0:root:/root:/bin/bash|root:x:0:0:root:/root:/sbin/nolgin|g' /etc/passwd

WORKDIR /home/admin
#USER root
EXPOSE 8000 2222
CMD SUDO SYSTEMCTL START JUPYTERHUB.SERVICE

When I am running this container as a root user, it is working, but when I am running this with admin (sudo user), I am getting the following error 

Failed to mount tmpfs at /run/lock: Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.
Freezing execution.

So my concern is that I have to run this container on Kubernetes and I don't want to run it as a root user and with privileged flag.

Is there any way in which I can run the existing docker with non-root user or if we can run the jupyter service without adding systemd.

-- Albus
docker
jupyter-notebook
kubernetes
python-3.x
systemd

Similar Questions

How to scale k8s pods according to rabbitmq queue message rate?
How to refer whole structure from values.yaml instead of specifying one by one?
How to periodically delete pod in Kubernetes cluster on GCP
Synchronize HTTP requests between several service instances in Kubernetes
How to expose a API that is running in a Pod and limit access?

1 Answer

7/20/2020

There are some ways you can try in order to run Docker as a non-root user.

  1. Manage Docker as a non-root user:

If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.

  • Create a docker group if there isn’t one:

$ sudo groupadd docker

  • Add your user to the docker group:

$ sudo usermod -aG docker [non-root user]

  • Log out and log back in so that your group membership is re-evaluated.
  1. Run the Docker daemon as a non-root user (Rootless mode):

Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime. Rootless mode does not require root privileges even during the installation of the Docker daemon, as long as the prerequisites are met.

Notice however that the second option is currently available as an experimental feature. You can find all the necessary details in the linked docs.

Please let me know if that helped.

-- Wytrzymały Wiktor
Source: StackOverflow