Menu
I have a Django (2.1.2) Docker project that I try to include Celery (4.2.1) which will exit 0 in the end due to permission errors.
docker-compose.yml
...
celery:
build: .
command: celery worker -A core --workdir /opt/services/web_app/src -l info
volumes:
- .:/opt/services/web_app/src
depends_on:
- database1
- redis
After i build with 'docker-compose build' and then run 'docker-compose up' I get this error message:
celery_1 | /usr/local/lib/python3.7/site-packages/celery/platforms.py:796:
celery_1 | RuntimeWarning: You're running the worker with superuser privileges: this
celery_1 | is absolutely not recommended!
celery_1 |
celery_1 | Please specify a different user using the --uid option
So.. I didn't even know Docker had "users" so I added this to my 'Dockerfile' at the bottom before expose.
...
RUN groupadd -g 999 celery && \
useradd -r -u 999 -g celery celery
USER celery
EXPOSE 8000
and then updated the 'Dockerfile' with the user:
...
celery:
build: .
command: celery worker -A core --workdir /opt/services/web_app/src -l info --uid=celery
volumes:
- .:/opt/services/web_app/src
depends_on:
- database1
- redis
and when I run it now I get error message:
celery_1 | File "/usr/local/lib/python3.7/site-packages/celery/platforms.py", line 502,
celery_1 | in initgroups return os.initgroups(username, gid)
celery_1 | PermissionError: [Errno 1] Operation not permitted
785
The Docker daemon binds to a Unix socket, not a TCP port. By default it's the root user that owns the Unix socket, and other users can only access it using sudo . The Docker daemon always runs as the root user.
Rootless Docker in Docker To run Rootless Docker inside “rootful” Docker, use the docker:<version>-dind-rootless image instead of docker:<version>-dind . The docker:<version>-dind-rootless image runs as a non-root user (UID 1000).
This code adds a Celery worker to the list of services defined in docker-compose. Now our app can recognize and execute tasks automatically from inside the Docker container once we start Docker using docker-compose up . The celery worker command starts an instance of the celery worker, which executes your tasks.
uid, you use the multi command, not worker, and you run the multi command as root. If you want to use worker just run the command without uid.1 and run this as root in docker if this is just for local development.n.b., you may also need to update file permissions in case your celery task writes anything to the filesystem (like log files, or temp files).
67
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
