cartridge-cli
cartridge-cli copied to clipboard
Broken permissions after update bundle from 2.4.2 to 2.8.2
There is a service that ran on the enterprise bundle version 2.4.2, the image of which was built via source ./sdk/env.sh && cartridge pack docker --sdk-path ./sdk/ ...
and started like:
docker run -it -d \
--name ${CONTAINER_NAME} \
-e TARANTOOL_ALIAS=storage-A-0 \
-e TARANTOOL_INSTANCE_NAME=storage-A-0 \
-e TARANTOOL_WORKDIR=/var/lib/tarantool/storage-A-0 \
-e TARANTOOL_DATA_DIR=/var/lib/tarantool \
....
--volume named-volume:/var/lib/tarantool \
<image>
Then the service was updated bundle to version 2.8.2, also packed and ran it and got an error permission denied in the docker for the missing .tarantool.cookie
because it was looking for it at /var/lib/tarantool/storage-A-0/.tarantool.cookie
instead of looking for it in /var/lib/tarantool/<service-name>.storage-A-0/.tarantool.cookie
as he did before.
After removing TARANTOOL_WORKDIR
from environment variables, I restarted it and got the same permission denied error, cuz earlier images were launched with USER tarantool:taranool
, and now with USER 1200:1200
.
After chown 1200:1200 /path/to/named/volume
everything worked.
Maybe need test and fix that case?
Info about containers
2.4.2 version
# docker inspect --format='{{json .Config}}' <container-name> |jq
{
"Hostname": "6026d11930e4",
"Domainname": "",
"User": "tarantool:tarantool",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"TARANTOOL_ALIAS=storage-A-0",
"TARANTOOL_WORKDIR=/var/lib/tarantool/storage-A-0",
"TARANTOOL_DATA_DIR=/var/lib/tarantool",
"TARANTOOL_INSTANCE_NAME=storage-A-0",
...
],
"Cmd": [
"/bin/sh",
"-c",
"TARANTOOL_WORKDIR=/var/lib/tarantool/<service-name>.${TARANTOOL_INSTANCE_NAME} TARANTOOL_PID_FILE=/var/run/tarantool/<service-name>.${TARANTOOL_INSTANCE_NAME}.pid TARANTOOL_CONSOLE_SOCK=/var/run/tarantool/<service-name>.${TARANTOOL_INSTANCE_NAME}.control \ttarantool /usr/share/tarantool/<service-name>/init.lua"
],
"Image": "a7e03a99fe21",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
}
2.8.2
# docker inspect --format='{{json .Config}}' <container-name> |jq
{
"Hostname": "3d31c59eaf93",
"Domainname": "",
"User": "1200:1200",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"TARANTOOL_DATA_DIR=/var/lib/tarantool",
"TARANTOOL_ALIAS=storage-A-0",
"TARANTOOL_INSTANCE_NAME=storage-A-0",
...
"CARTRIDGE_RUN_DIR=/var/run/tarantool",
"CARTRIDGE_DATA_DIR=/var/lib/tarantool"
],
"Cmd": [
"/bin/sh",
"-c",
"bash -c \"mkdir -p ${CARTRIDGE_RUN_DIR} ${CARTRIDGE_DATA_DIR} && \tTARANTOOL_WORKDIR=${TARANTOOL_WORKDIR:-${CARTRIDGE_DATA_DIR}/<service-name>.${TARANTOOL_INSTANCE_NAME}} \tTARANTOOL_PID_FILE=${TARANTOOL_PID_FILE:-${CARTRIDGE_RUN_DIR}/<service-name>.${TARANTOOL_INSTANCE_NAME}.pid} \tTARANTOOL_CONSOLE_SOCK=${TARANTOOL_CONSOLE_SOCK:-${CARTRIDGE_RUN_DIR}/<service-name>.${TARANTOOL_INSTANCE_NAME}.control} \ttarantool /usr/share/tarantool/<service-name>/init.lua\""
],
"Image": "<image-url>",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.label-schema.build-date": "20201204",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
}