fix docker volume permissions

[FrankChen021]

Fixes #11166 , See description in that issue for more info.

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.

[xvrl]

I don't think creating /opt is necessary, the COPY will take care of it

[FrankChen021]

fixed

[xvrl]

nit, I would remove the -p to ensure /opt/druid exists and symlinks to a valid directory. When I did some testing, I realized that Docker for Mac gets confused when COPYing from the builder stage if /opt/druid is already created beforehand as a directory, causing it to fail to copy the symlink.

[FrankChen021]

fixed

[clintropolis]

Not sure this is the appropriate place for this question since this has been like it since the dockerfile was added afaict, but what is the reason for using the symlink for /opt/druid? Based on some comments around this issue/PR, and also looking at #11278, it seems to cause issues in some situations, so is it actually necessary for some reason or have some benefit?

[FrankChen021]

I checked the history of this file, the first commit used symlink there. I have no idea why symlink is used.

I guess:
The name of raw directory contains a version variable whose value is retrieve by executing maven command against the source directory, while the value of this version variable could not be accessed in the following stage.

[xvrl]

no need for -R here

[FrankChen021]

Yes, there's no sub-dirs under /opt/druid/var, -R is unnecessary. Fixed

[xvrl]

LGTM, assuming the docker build has been tested.

[xvrl]

@FrankChen021 I just realized we also need to update Dockerfile.java11, can you please make the same changes there? Thanks!

[FrankChen021]

Thanks for reminding, I forgot that. I've updated the Dockerfile for java11 in the new commit.
And the change of Dockerfile for java8 have been verified on my linux server.

[xvrl]

FYI @FrankChen021 I'm going to merge this. I manually tested the docker build and verified it runs, since we don't have an integration test for this.

[jihoonson]

LGTM. Thanks @FrankChen021 @xvrl.

@FrankChen021 Travis CI runs for both branches and PRs on this repo. Please create a branch on your fork next time, so that we don't waste our CI resources.

[FrankChen021]

@jihoonson Thanks for reminding, I would follow your suggestion. I thought the branch was created on my fork when I edit the file directly on github, but it didn't.

[frankiengkw]

@jihoonson @FrankChen021 I faced this permission issue in my newly setup Druid. Where can I download the latest fix/patch? Thanks.

[FrankChen021]

@frankiengkw there is a workaround you could try

[pchang388]

We ran into this issue when trying to set things up.

Sorry to bother, but could someone help me understand why "COPY --chown" did not work as expected?

total 228
drwxr-xr-x    1 druid    druid         4096 Apr 26 17:13 licenses
-rw-r--r--    1 druid    druid        71187 Apr 26 17:28 NOTICE
-rw-r--r--    1 druid    druid        70924 Apr 26 17:28 LICENSE
-rw-r--r--    1 druid    druid         8228 Apr 26 17:28 README
drwxr-xr-x    1 druid    druid         4096 Apr 26 17:32 hadoop-dependencies
drwxr-xr-x    1 druid    druid         4096 Apr 26 17:32 extensions
drwxr-xr-x    1 druid    druid         4096 Apr 26 17:32 quickstart
drwxr-xr-x    1 druid    druid         4096 Apr 26 17:32 conf
drwxr-xr-x    1 druid    druid         4096 Apr 26 17:32 bin
drwxr-xr-x    1 druid    druid        16384 Apr 26 17:32 lib
drwxr-xr-x    2 root     root          4096 May 12 20:55 var

From what I've read it should have applied the user/group permissions recursively as it copied into "/opt". Just trying to understand the issue better.

[FrankChen021]

Hi @pchang388 the /opt/druid under source directory is actually a symlink, and the COPY command replaces the target /opt/druid directory by this symbolic link. Since there's no var directory in source directory, COPY command could not copy var to the target.

[pchang388]

Hi @pchang388 the /opt/druid under source directory is actually a symlink, and the COPY command replaces the target /opt/druid directory by this symbolic link. Since there's no var directory in source directory, COPY command could not copy var to the target.

Hi @FrankChen021 - thanks I took a look back at your explanation here: #11166

Essentially:

1. There is no var/ directory in the /opt/druid from builder
2. Even though we created earlier in the "mkdir -p " step - we are overwriting the entire /opt directory from builder
3. This means var/ disappears since we did a full overwrite of the /opt directory
4. Then uses "VOLUME /opt/druid/var" - which prepares the fs for mounting to external volume
5. Since there is no longer a var/, Docker creates it using user id of the person running the build command in this case appears to be root

Makes sense and appreciate you taking the time to help me understand.