• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Question How may I run docker commands in Deploy actions of Git?

Marchiuz

New Pleskian
Server operating system version
AlmaLinux 8.4 x86_64
Plesk version and microupdate number
Plesk Obsidian 18.0.41.1
From what I understand, the deployment actions are performed in some specific chroot environment, how may I allow this environment to run docker commands? Docker is in /usr/bin
 
Still looking for an answer for this. It seems like a pretty common task - to run additional commands after deployment, how come there's so little information about it?
 
Only root/sudoers have access to docker by default.

Technically, you can:

1) grant the subscription's system user (at Web Hosting Access) with shell access. Then modify user by adding the docker group, for example:
# usermod -aG docker jdoe

and call the commands in deployment actions afterward.

2) with deployment actions write some content(the commands, for example) to a file, which is checked by some background script(for example, powered with inotifywait) and executed by background script on behalf of root.

P.S. in both cases, especially the second one you should mind that the whole docker service will be exposed to that user.
 
Only root/sudoers have access to docker by default.

Technically, you can:

1) grant the subscription's system user (at Web Hosting Access) with shell access. Then modify user by adding the docker group, for example:
# usermod -aG docker jdoe

and call the commands in deployment actions afterward.

2) with deployment actions write some content(the commands, for example) to a file, which is checked by some background script(for example, powered with inotifywait) and executed by background script on behalf of root.

P.S. in both cases, especially the second one you should mind that the whole docker service will be exposed to that user.
Thanks for suggestions.
This doesn't sound like a safe option, shouldn't there be a more standard way of doing this, having in mind that this is probably quite a casual task?
 
Not quite casual, when containers are ran as root by default.

Nonetheless, you can deploy a container manually as non-root user:

I'd recommend testing that scenario on a staging server first.
 
Back
Top