Fix permission problems in docker

[FrankChen021]

Fixes #11278 , #11298

Description

To fix 11278, mv instruction is used to replace original ln instruction to eliminate symlink so that the docker image works with AWS Fargate. This change has been verified with the help of @mattmassicotte , reporter of that issue.

To fix 11298, /opt/shared is created in the Dockerfile so that a named volume could be used in the docker-compose. And a named volume druid_shared is used to share segments and task log files among Druid services

Because the problems we have encountered are platform independent, I test these changes on 3 different platform following the steps below

Test Steps

1. Execute command docker volume prune to clean up previous volumes
2. Launch the example docker-compose
3. Start an ingestion task | Task Successes
4. Task successes

Test Result

Host OS	Host OS Version	Docker Versoin	Test Result
CentOS	7.2.1511	20.10.6	OK
Ubuntu	20.04.2	20.10.2	OK
macOS	11.3	3.3.1	OK

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.

[jihoonson]

@FrankChen021 thank you for making this PR. I tested your change on my machine, but, unfortunately, ingestion still fails with the same error. I'm using linux mint 20.1, which is based on Ubuntu Focal. Should we update the docker-compose.yml file per your suggestion in this PR instead of documenting it?

[FrankChen021]

@jihoonson I don't know why host directory is used in the original docker-compose.yml, and I'm waiting for an answer from @clintropolis . If there's no special reason, I think it's acceptable to use a named volume in the example compose file. Before that, we have to execute a command to set the permission for linux systems.

[FrankChen021]

@jihoonson will the ingestion success after executing the following command ?

sudo docker exec --user root middlemanager chown druid:druid /opt/data

[clintropolis]

@jihoonson I don't know why host directory is used in the original docker-compose.yml, and I'm waiting for an answer from @clintropolis . If there's no special reason, I think it's acceptable to use a named volume in the example compose file. Before that, we have to execute a command to set the permission for linux systems.

Sorry for the delay, as long as the same volume for storage is shared and available to the historical, middle manager, and overlord containers then everything should be ok. The important part is that it is shared between containers, because the storage directory is used as deep storage for the example docker cluster, so the segments and task logs that the peons running in the middle manager publish can be then read by the overlord and historical. I don't think it matters too much however this happens.

[FrankChen021]

@clintropolis A named volume in docker-compose also shares contents among overlords, middle managers and historicals. At first I thought the reason why the host directory 'storge' is used has something to do with the disk size at first. Because by default, docker creates directory for a named volume under /var which usually has smaller disk size for druid data storage.

Since there's no special reasons to use a directory on the host OS to mount as a volume in docker, I think it's acceptable for us to use a named volume in the example docker-compose.yml for data storage, so that there won't be permission problems on Linux platforms. Another reason is that the docker-compose.yml is only an example, it's not recommended in production, the disk size problem of a named volume should not be a concern for us if we state it in the doc.

What do you think ? @clintropolis @jihoonson @xvrl
If you agree, I will push a new commit.

[clintropolis]

I think anything that makes the quick start work across platforms is agreeable; it is not very large data so disk size shouldn't matter afaik.

[xvrl]

Suggested change

	RUN mkdir /opt/druid/var \
	RUN mkdir /opt/druid/var /opt/data \

[xvrl]

Suggested change

	&& chmod 775 /opt/druid/var \
	&& chmod 775 /opt/druid/var /opt/data \

[xvrl]

Suggested change

	&& chown druid:druid /opt/druid/var \
	&& chown druid:druid /opt/druid/var /opt/data \

[xvrl]

can we add a comment to explain the difference between /opt/data and /opt/druid/var ?

[xvrl]

I feel druid-data and /opt/data is a little generic and doesn't really convey the idea that this is meant for shared storage. /opt/druid/var is also used for local "data" so the distinction is not very clear.

Maybe we should give it a more descriptive name such as /opt/shared, or something else if you have better suggestions, wdyt?

[FrankChen021]

Thanks @xvrl , I have submitted a new commit to resolve all your comments. Test result will be updated in this weekend.

[clintropolis]

latest changes lgtm, will try to test soon

[jihoonson]

@FrankChen021 thanks. +1 after CI. The quick start ingestion works as it is after applying this change.

As I mentioned in the dev thread, it seems to me that the real problem is this docker image is not being tested properly. I'm not sure why the tests we have today don't catch this error. Do you have any plan for follow-ups to investigate this issue and add more tests if necessary?

[FrankChen021]

As I mentioned in the dev thread, it seems to me that the real problem is this docker image is not being tested properly. I'm not sure why the tests we have today don't catch this error.

I have the same question as you. I will check it when I'm free.

[FrankChen021]

I tested these changes on 3 different host OS, all worked. See the description of this PR.