Do I need root privilege to change timezone in iris container?
I asked the question in email and get answers from those colleagus.
Question:
I failed to change time zone on latest iris container(Ubuntu), because:
I am irisowner, no root password
There is no sudo command
I used to use below Dockfile setting to change time zone while creating a new docker image. However, those commands doesn’t work from non-root user.
FROM $IRIS_IMAGE:$IRIS_VERSION USER root RUN export DEBIAN_FRONTEND=noninteractive; \ export DEBCONF_NONINTERACTIVE_SEEN=true; \ echo 'tzdata tzdata/Areas select Asia' | debconf-set-selections; \ echo 'tzdata tzdata/Zones/Asia select Shanghai' | debconf-set-selections; \ apt-get update -qqy && apt-get install -qqy --no-install-recommends tzdata
I also know for Redhat, I could do it by copy setting file from /etc/timezone and /etc/localtime from host to container, but this doesn’t fit Ubuntu.
Answers:
use --env TZ=xxx in docker run command, by Ayumu Tanaka
$ docker run -it --name test -detach -p 1972:1972 -p 52773:52773 --env TZ=JST-9 containers.intersystems.com/intersystems/iris:2022.1.2.574.0 --check-caps false
you need to check how to set TZ in this format, such as TZ=EST+5, TZ=CST-8. And be aware that such TZ as set TZ=Asia/Shanghai
doesn't work.
To get root at runtime by Eduard Lebedyuk
like this: docker exec -u root -it iris bash
uses ntpd to keep the clock up to date by Steven Lubars
The ICM container uses ntpd to keep the clock up to date. In addition to running as root, this also requires:
--cap-add SYS_TIME
Simplely add SYS_TIME capability doesn't synchronize time, I havn't figure out where htpd is and how container sychn to host, I am not farmiliar with ICM
Besides, Nicholai Mitchko taught me trick to get passwordless sudo
Here’s a little trick to get passwordless sudo if you need it (I used this for demos when installing new things in a running container)
# Setup rootable calls from the Iris instance to install things
USER root
RUN apt-get clean -yq && apt-get update -yq && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata curl gnupg ca-certificates sudo
RUN /bin/echo -e ${ISC_PACKAGE_MGRUSER}\\tALL=\(ALL\)\\tNOPASSWD: ALL >> /etc/sudoers
RUN sudo -u ${ISC_PACKAGE_MGRUSER} sudo echo enabled passwordless sudo-ing for ${ISC_PACKAGE_MGRUSER}
USER ${ISC_PACKAGE_MGRUSER}