Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

docker/celery exits because celery is run as root

See original GitHub issue

Note: for support questions, please use the cookiecutter-django tag on stackoverflow. This repository’s issues are reserved for feature requests and bug reports. If you need quick professional paid support for your project, contact support@cookiecutter.io.

  • **I’m submitting a … **

    • bug report
    • feature request
    • support request => Please do not submit support request here, see note at the top of this template.

  • Do you want to request a feature or report a bug?

Bug

  • What is the current behavior?

Celery is running as root in its docker container, and is configured to accept messages serialized with pickle. Its automatic checks are causing it to exit.

celeryworker_1  | Running a worker with superuser privileges when the
celeryworker_1  | worker accepts messages serialized with pickle is a very bad idea!
celeryworker_1  |
celeryworker_1  | If you really want to continue then you have to set the C_FORCE_ROOT
celeryworker_1  | environment variable (but please think about this before you do).
celeryworker_1  |
celeryworker_1  | User information: uid=0 euid=0 gid=0 egid=0
celeryworker_1  |
xxxx_celeryworker_1 exited with code 1
  • If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem

base cookiecutter install with both docker and celery enabled

  • What is the expected behavior?

celery should run, not terminate

  • What is the motivation / use case for changing the behavior?

task queues

  • Please tell us about your environment:

github master of cookiecutter-django as of 8/27/2017

  • Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)

Two solutions, both of them are reasonably docker-friendly.

  1. Celery could be run as a non-root user (e.g. as ‘app’ or ‘daemon’)
  2. Add the C_FORCE_ROOT environment variable to the celery container.

I -personally- believe that even in containers, apps should not run as root, as its a good security practice, but I know others think I’m a luddite. I’ve spent plenty of years fixing security mistakes.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:11
  • Comments:12 (2 by maintainers)

github_iconTop GitHub Comments

12reactions
mjj55409commented, Sep 26, 2017

It’s only running locally where it’s a problem. In my dev.yml I added C_FORCE_ROOT to the environment for the celery worker:

 celeryworker:
    environment:
      - C_FORCE_ROOT=true
    depends_on:
      - redis
      - postgres
      - mailhog
    ports: []
    command: /start-celeryworker-dev.sh
4reactions
sfdyecommented, Sep 27, 2017

@amcorreia

This is what I did to enable flower in my project, inlocal.yml add:

flower:
    <<: *django
    ports:
      - "5555:5555"
    depends_on:
      - redis
      - postgres
      - celeryworker
      - celerybeat
    command: /start-celeryflower.sh

And then in your compose/local/django/flower add a start.sh

#!/usr/bin/env bash

set -o errexit
set -o pipefail
set -o nounset
set -o xtrace

celery -A scantist.taskapp flower

Lastly, in django’s Dockerfile

COPY ./compose/local/django/celery/flower/start.sh /start-celeryflower.sh
RUN sed -i 's/\r//' /start-celeryflower.sh
RUN chmod +x /start-celeryflower.sh
Read more comments on GitHub >

github_iconTop Results From Across the Web

docker/celery exits because celery is run as root #1304 - GitHub
Celery is running as root in its docker container, and is configured to accept messages serialized with pickle. Its automatic checks are causing ......
Read more >
Docker + Celery tells me not to run as root, but once I don't, I ...
If you want to specify a uid , you use the multi command, not worker , and you run the multi command as...
Read more >
Dockerizing Celery and Django - TestDriven.io
Instead of having to run each process (e.g., Django, Celery worker, Celery beat, Flower, ... Start by adding a docker-compose.yml file to the...
Read more >
Celery on Docker: From the Ground up | distributedpython
A Docker container is an isolated process that runs in user space and shares the OS kernel. Multiple containers can run on the...
Read more >
Getting Up and Running Locally With Docker — Cookiecutter ...
The steps below will get you up and running with a local development environment. All of these commands assume you are in the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add circle CI testing in the template

Next page

Favor Docker Compose 3.x+ secrets feature over .env files