allure history
Jen-Persly opened this issue · 34 comments
docker logs -f allure_allure_1
Creating history on results directory...
mkdir: cannot create directory ‘/app/allure-results/history’: Permission denied
Copying history from previous results...
cp: cannot create directory '/app/allure-results/history': Permission denied
Generating report
@Jen-Persly Can you add more details? what is the command are you running?
Can you check if you have write permissions in your local allure-results
? what directory are you mounting?
first docker-compose up -d allure
then docker-compose logs -f allure
then I found this on logs :
Creating history on results directory...
mkdir: cannot create directory ‘/app/allure-results/history’: Permission denied
Copying history from previous results...
cp: cannot create directory '/app/allure-results/history': Permission denied
Generating report
@Jen-Persly can you share your compose file section? the problem is the directory that you are mounting.
version: '3' services: allure: image: "frankescobar/allure-docker-service" environment: CHECK_RESULTS_EVERY_SECONDS: 1 KEEP_HISTORY: "TRUE" ports: - "4040:4040" - "5050:5050" volumes: - ${PWD}/allure-results:/app/allure-results
but if changes to version 2.12.1, it works
version: '3' services: allure: image: "frankescobar/allure-docker-service:2.12.1" environment: CHECK_RESULTS_EVERY_SECONDS: 1 KEEP_HISTORY: "TRUE" ports: - "4040:4040" - "5050:5050" volumes: - ${PWD}/allure-results:/app/allure-results
@Jen-Persly what version appears in the logs when it failed? remove your local latest version and try again without specifying the version.
@fescobar I think still failed.. I'm using 2.13.2
this is the complete log
`ALLURE_VERSION: 2.13.2
Generating default report
Overriding configuration
Checking Allure Results every 1 second/s
Generating report
- Serving Flask app "app" (lazy loading)
- Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead. - Debug mode: off
- Running on http://0.0.0.0:5050/ (Press CTRL+C to quit)
Report successfully generated to allure-report
127.0.0.1 - - [18/Mar/2020 10:42:46] "GET /emailable-report/render HTTP/1.1" 200 -
Status: 200
Detecting results changes...
Creating history on results directory...
mkdir: cannot create directory ‘/app/allure-results/history’: Permission denied
Copying history from previous results...
cp: cannot create directory '/app/allure-results/history': Permission denied
Generating report
Starting web server...`
@Jen-Persly can you tell me what is your current path ${PWD}/allure-results
? Go to that directory, you don't have permission to create directories/files on that directory. Try changing the directory please.
volumes: - ${PWD}/allure-results:/app/allure-results
then I think there is no problem with permission on my machine
drwxr-xr-x 3 root root 4096 Mar 18 17:41 .
drwx------ 11 root root 4096 Mar 18 17:41 ..
drwxr-xr-x 2 root root 4096 Mar 18 17:42 allure-results
-rw-r--r-- 1 root root 285 Mar 18 17:41 docker-compose.yaml
@Jen-Persly root root
that's the problem. You should never have ROOT user. In your case only the root user can create files/directories in allure-results
directory.
@Jen-Persly Also only the owner of that directory (root) can create files.
https://chmod-calculator.com/
@Jen-Persly Can I close this ticket?
We are having same problem.
We are logged in with root account and getting below message in terminal on centos 7 machine.
[root@demo ~]# docker run -p 4040:4040 -p 5050:5050 -e CHECK_RESULTS_EVERY_SECONDS=3 -e KEEP_HISTORY="TRUE" -v ${PWD}/allure-results:/app/allure-results frankescobar/allure-docker-service
ALLURE_VERSION: 2.13.2
Generating default report
Overriding configuration
Checking Allure Results every 3 second/s
Generating report
- Serving Flask app "app" (lazy loading)
- Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead. - Debug mode: off
- Running on http://0.0.0.0:5050/ (Press CTRL+C to quit)
Report successfully generated to allure-report
Detecting results changes...
Creating history on results directory...
mkdir: cannot create directory ‘/app/allure-results/history’: Permission denied
Copying history from previous results...
cp: cannot create directory '/app/allure-results/history': Permission denied
Generating report....
We tried with another account using sudo and have same issue.
Kindly help.
@tecinnobiz it’s not a good practice to run docker container with root users. But did you try adding this to your command?
--user="$(id -u):$(id -g)"
References:
https://medium.com/redbubble/running-a-docker-container-as-a-non-root-user-7d2e00f8ee15
I did the following workaround to fix the problem:-
docker exec -u 0 -it 147ffff7ce8e /bin/bash
ls -la
chgrp -R allure allure-results
chown allure:allure allure-results
ls -la
mkdir history
chgrp -R allure history
chown allure:allure history
@tecinnobiz that is not the right way to handle that. Try the command what I suggested. It’s not an issue. It’s the way that docker works.
Yes, I am trying the solution proposed by you.
I understand your point. I tried but got the following error
[root@demo allure-docker-java-junit4-example]# docker run -p 4040:4040 -p 5050:5050 -e CHECK_RESULTS_EVERY_SECONDS=3 -e KEEP_HISTORY="TRUE" -v
[1] 4422
[root@demo allure-docker-java-junit4-example]#
[root@demo allure-docker-java-junit4-example]# docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: "--user=0:0": executable file not found in $PATH": unknown.
ERRO[0001] error waiting for container: context canceled
[1]+ Exit 127 docker run -p 4040:4040 -p 5050:5050 -e CHECK_RESULTS_EVERY_SECONDS=3 -e KEEP_HISTORY="TRUE" -v
[root@demo allure-docker-java-junit4-example]#
I will try to use docker from a non root user to avoid all this challenges.
@tecinnobiz not add that part at the end, the last part is for overriding the command to start that container.
Try at the beginning like this:
docker run --user="$(id -u):$(id -g)" -p 4040:4040 -p 5050:5050 -e CHECK_RESULTS_EVERY_SECONDS=3 -e KEEP_HISTORY="TRUE" -v ${PWD}/allure-results:/app/allure-results frankescobar/allure-docker-service
Or
docker run --user="1000:1000" -p 4040:4040 -p 5050:5050 -e CHECK_RESULTS_EVERY_SECONDS=3 -e KEEP_HISTORY="TRUE" -v ${PWD}/allure-results:/app/allure-results frankescobar/allure-docker-service
For docker-compose:
https://github.com/fescobar/allure-docker-service/blob/master/README.md#override-user-container
As a conclusion, you shouldn't use directories with root
permissions. You have 2 options to do from your local machine:
- Create the directory to mount with a non-root user.
- Or change the owner of the directory to mount for a non-root user.
If you want to use the same user from the local machine in the container you need to pass --user="$(id -u):$(id -g)"
if you still using the root users. you can try like this @fescobar @tecinnobiz
docker-compose.yml
version: '3'
services:
allure:
image: "frankescobar/allure-docker-service"
environment:
CHECK_RESULTS_EVERY_SECONDS: 1
KEEP_HISTORY: "TRUE"
ports:
- "4040:4040"
- "5050:5050"
volumes:
- ${PWD}/allure-results:/app/allure-results
user: ${CURRENT_UID}
run :
`CURRENT_UID=$(id -u):$(id -g) docker-compose up -d`
Reference: 10 Docker Image Security Best Practices
https://snyk.io/blog/10-docker-image-security-best-practices/
2. Least privileged user
When a Dockerfile
doesn’t specify a USER
, it defaults to executing the container using the root user. In practice, there are very few reasons why the container should have root privileges. Docker defaults to running containers using the root user. When that namespace is then mapped to the root user in the running container, it means that the container potentially has root access on the Docker host. Having an application on the container run with the root user further broadens the attack surface and enables an easy path to privilege escalation if the application itself is vulnerable to exploitation.
To minimize exposure, opt-in to create a dedicated user and a dedicated group in the Docker image for the application; use the USER
directive in the Dockerfile
to ensure the container runs the application with the least privileged access possible.
A specific user might not exist in the image; create that user using the instructions in the Dockerfile.
The following demonstrates a complete example of how to do this for a generic Ubuntu image:
FROM ubuntu
RUN mkdir /app
RUN groupadd -r lirantal && useradd -r -s /bin/false -g lirantal lirantal
WORKDIR /app
COPY . /app
RUN chown -R lirantal:lirantal /app
USER lirantal
CMD node index.js
The example above:
- creates a system user (-r), with no password, no home directory set, and no shell
- adds the user we created to an existing group that we created beforehand (using groupadd)
- adds a final argument set to the user name we want to create, in association with the group we created
Sorry for answering in the closed issue. But I don't understood one thing. I've changed only one string in my docker-compose:
from:
image: "frankescobar/allure-docker-service"
to
image: "frankescobar/allure-docker-service:2.12.1"
and error "cannot create directory ‘/app/allure-results/history’: Permission denied" has been disappeared. And history became available.
How does this relate to setting rights?
Thank you.
@KMA71 previous versions used to use root as user. Latest versions not use root user anymore. You should use 2.13.5 the latest one on that wat you can use new features like security and the new UI https://github.com/fescobar/allure-docker-service-ui
How can i override the user container in Openshift, if i dont have admin privilege to create a service account ? im getting the permission denied error as well
How can i override the user container in Openshift, if i dont have admin privilege to create a service account ? im getting the permission denied error as well
@mhd-b that is something that you have to check in OpenShift documentation. Docker and Kubernetes support that feature as native.
Did you try using user and group 1000
like here?
https://github.com/fescobar/allure-docker-service-examples/blob/master/allure-docker-kubernetes-example/allure-deployment.yml#L20
References:
https://docs.docker.com/engine/reference/run/#user
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
Yeah i have followed the deployment config and im getting this error :
pods "allure-deployment-74fc545d6c-" is forbidden: unable to validate against any security context constraint: [spec.containers[0].securityContext.securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1001460000, 1001469999] spec.containers[1].securityContext.securityContext.runAsUser: Invalid value: 1000: must be in the ranges: [1001460000, 1001469999]]
im unable to setup the container to be ran with Allure userid 1000 as this requires admin access, hope that there is a workaround?
Is it possible to change the ownership of the allure folders?
@mhd-b then Check how to pass your current user (user from the machine where you run the container).
@mhd-b I got it working by adding fsGroup: 1000 under spec:
So the securityContext becomes:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: allure
...
i shall raise a pull request to the code example
@mhd-b if you want to add your example, add it here https://github.com/fescobar/allure-docker-service-examples in beta
branch.
Thank you.
@mhd-b I got it working by adding fsGroup: 1000 under spec:
So the securityContext becomes:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: allure
...i shall raise a pull request to the code example
I was able to fix the permission denied in Openshift by changing the ownership for the directories used by Allure.
The changed Dockerfile :
FROM frankescobar/allure-docker-service:2.13.6
USER root
RUN chown -R allure:root /app
&& chmod -R ug+rw /app
USER allure
////
Thanks @fescobar :)
My friend, you are making me run in circles.
I come from #108 and the issue that i am trying to show you clearly had problems with the projects folder.
This is not Cloud provider problem, it seems the projects folder is created by a root powered user.
Its only that folder out of all of them.
I tried reworking your docker img as mhd-b suggested but it still doesnt work.
Do you think you can make a docker img that works or should i fork ?
@peter-miroshnikov do whatever you want. This project is open source. Many people use this image without any problem.