docker builder and container USER

[Scott Armit]

Versions:

Packer = 0.10

Docker = 1.10.2

OS = CentOS 7 

Jenkins provides an official LTS docker container (https://hub.docker.com/_/jenkins/). They show how to layer your own customizations to this container via a Dockerfile. That involves changing the user to 'root' because the base container runs as 'jenkins'. From their docs:

FROM jenkins
# if we want to install via apt
USER root
RUN apt-get update && apt-get install -y ruby make more-thing-here
USER jenkins # drop back to the regular jenkins user - good practice

Using packer, and the docker builder, I can specify a "run_command" to the jenkins container and that can include, "-u", "root". However, once I've built my new container using provisioning (Ansible, Shell, whatever), my new docker image will start as the 'root' user, which I don't want. Is there anyway in packer to switch back to a user within the docker builder?

To clarify further, without switching to the 'root' user as part of packer's "run_command", you'll get a packer error due to permissions:

Retryable error: Error uploading script: Upload failed with non-zero exit status: 2

That's from this simple packer.json:

{
    "builders":[
        {
            "type": "docker",
            "image": "jenkins",
            "pull": true,
            "commit": true
        }
    ],


    "provisioners":[
        {
            "type": "shell",
            "inline": ["echo Hello"]
        }
    ]
}

Note that I could add this line to the "builders" section and the error goes away, but then I have the issue that the saved container image will run as "root":

"run_command": ["-u", "root", "-d", "-i", "-t", "{{.Image}}", "/bin/bash"]

Finally, we've found this plugin which looks to allow us to add post-processing to docker builds in order to change the user: https://github.com/avishai-ish-shalom/packer-post-processor-docker-dockerfile

Is there another way in packer to manipulate the docker user without an add-on plug-in/customization? Thanks so much for any info.

[Ethan S.]

If you read the Docker documentation in some cases it is suggested to chmod all the directories you need to run over to the user you wish to run them as (after the user has been created of course) and then you can change to that USER as part of your Docker file and when it starts it should use the USER you specified. You can also create an ONBUILD stanza that simply changes the user when the Docker container gets run/built and replace the root user with the USER you want to use.