问题描述

jupyter:image: flink:1.19-pyprivileged: trueuser: rootports:- "9999:8888"volumes:- /data/docker_data/jupyter:/workcommand: sh -c "cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563"networks:- flink-net

为什么容器内执行的命令用户是flink

root@22c47eeae6cf:/opt/flink# ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
flink          1       0  0 06:10 ?        00:00:00 sh -c cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563
flink         78       1  0 06:10 ?        00:00:01 /usr/bin/python3 /usr/local/bin/jupyter-notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee

原因分析

docker-compose.yml 中指定了 command，但是没有指定 entrypoint
实际启动容器时仍使用了镜像里的entry-point，command只是作为entry-point.sh 脚本的参数

在entry-point脚本中切换了用户

解决方案

修改docker-compose.yml 中的entrypoint

  jupyter:image: flink:1.19-pyprivileged: trueuser: rootports:- "9999:8888"volumes:- /data/docker_data/jupyter:/workentrypoint: shcommand:- "-c"- "cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563"networks:- flink-net

结果正确

[root@localhost data]# docker exec -it data_jupyter_1 bash
root@95fbecd2211a:/opt/flink# ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 06:44 ?        00:00:00 sh -c cd / && jupyter notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494ee71fdaa8c4a563
root           7       1  6 06:44 ?        00:00:01 /usr/bin/python3 /usr/local/bin/jupyter-notebook --ip 0.0.0.0 --port 8888 --allow-root --NotebookApp.password=sha1:6587feaef3b1:6b243404e4cfaafe611fdf494eeroot          10       0  0 06:44 pts/0    00:00:00 bash
root          18      10  0 06:44 pts/0    00:00:00 ps -ef