Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broken permissions after update bundle from 2.4.2 to 2.8.2 #635

Open
palage4a opened this issue Sep 22, 2021 · 1 comment
Open

Broken permissions after update bundle from 2.4.2 to 2.8.2 #635

palage4a opened this issue Sep 22, 2021 · 1 comment
Labels
customer

Comments

@palage4a
Copy link

There is a service that ran on the enterprise bundle version 2.4.2, the image of which was built via source ./sdk/env.sh && cartridge pack docker --sdk-path ./sdk/ ... and started like:

docker run -it -d \
        --name ${CONTAINER_NAME} \
        -e TARANTOOL_ALIAS=storage-A-0 \
        -e TARANTOOL_INSTANCE_NAME=storage-A-0 \
        -e TARANTOOL_WORKDIR=/var/lib/tarantool/storage-A-0 \
        -e TARANTOOL_DATA_DIR=/var/lib/tarantool \
				....
        --volume named-volume:/var/lib/tarantool \
        <image>

Then the service was updated bundle to version 2.8.2, also packed and ran it and got an error permission denied in the docker for the missing .tarantool.cookie because it was looking for it at /var/lib/tarantool/storage-A-0/.tarantool.cookie instead of looking for it in /var/lib/tarantool/<service-name>.storage-A-0/.tarantool.cookie as he did before.

After removing TARANTOOL_WORKDIR from environment variables, I restarted it and got the same permission denied error, cuz earlier images were launched with USER tarantool:taranool, and now with USER 1200:1200.

After chown 1200:1200 /path/to/named/volume everything worked.

Maybe need test and fix that case?

Info about containers

2.4.2 version

# docker inspect  --format='{{json .Config}}' <container-name> |jq
{
  "Hostname": "6026d11930e4",
  "Domainname": "",
  "User": "tarantool:tarantool",
  "AttachStdin": false,
  "AttachStdout": false,
  "AttachStderr": false,
  "Tty": true,
  "OpenStdin": true,
  "StdinOnce": false,
  "Env": [
    "TARANTOOL_ALIAS=storage-A-0",
    "TARANTOOL_WORKDIR=/var/lib/tarantool/storage-A-0",
    "TARANTOOL_DATA_DIR=/var/lib/tarantool",
    "TARANTOOL_INSTANCE_NAME=storage-A-0",
    ...
  ],
  "Cmd": [
    "/bin/sh",
    "-c",
    "TARANTOOL_WORKDIR=/var/lib/tarantool/<service-name>.${TARANTOOL_INSTANCE_NAME}     TARANTOOL_PID_FILE=/var/run/tarantool/<service-name>.${TARANTOOL_INSTANCE_NAME}.pid     TARANTOOL_CONSOLE_SOCK=/var/run/tarantool/<service-name>.${TARANTOOL_INSTANCE_NAME}.control \ttarantool /usr/share/tarantool/<service-name>/init.lua"
  ],
  "Image": "a7e03a99fe21",
  "Volumes": null,
  "WorkingDir": "",
  "Entrypoint": null,
  "OnBuild": null,
  "Labels": {
    "org.label-schema.build-date": "20201204",
    "org.label-schema.license": "GPLv2",
    "org.label-schema.name": "CentOS Base Image",
    "org.label-schema.schema-version": "1.0",
    "org.label-schema.vendor": "CentOS"
  }
}

2.8.2

# docker inspect  --format='{{json .Config}}' <container-name> |jq
{
  "Hostname": "3d31c59eaf93",
  "Domainname": "",
  "User": "1200:1200",
  "AttachStdin": false,
  "AttachStdout": false,
  "AttachStderr": false,
  "Tty": true,
  "OpenStdin": true,
  "StdinOnce": false,
  "Env": [
    "TARANTOOL_DATA_DIR=/var/lib/tarantool",
    "TARANTOOL_ALIAS=storage-A-0",
    "TARANTOOL_INSTANCE_NAME=storage-A-0",
    ...
    "CARTRIDGE_RUN_DIR=/var/run/tarantool",
    "CARTRIDGE_DATA_DIR=/var/lib/tarantool"
  ],
  "Cmd": [
    "/bin/sh",
    "-c",
    "bash -c \"mkdir -p ${CARTRIDGE_RUN_DIR} ${CARTRIDGE_DATA_DIR} && \tTARANTOOL_WORKDIR=${TARANTOOL_WORKDIR:-${CARTRIDGE_DATA_DIR}/<service-name>.${TARANTOOL_INSTANCE_NAME}} \tTARANTOOL_PID_FILE=${TARANTOOL_PID_FILE:-${CARTRIDGE_RUN_DIR}/<service-name>.${TARANTOOL_INSTANCE_NAME}.pid} \tTARANTOOL_CONSOLE_SOCK=${TARANTOOL_CONSOLE_SOCK:-${CARTRIDGE_RUN_DIR}/<service-name>.${TARANTOOL_INSTANCE_NAME}.control} \ttarantool /usr/share/tarantool/<service-name>/init.lua\""
  ],
  "Image": "<image-url>",
  "Volumes": null,
  "WorkingDir": "",
  "Entrypoint": null,
  "OnBuild": null,
  "Labels": {
    "org.label-schema.build-date": "20201204",
    "org.label-schema.license": "GPLv2",
    "org.label-schema.name": "CentOS Base Image",
    "org.label-schema.schema-version": "1.0",
    "org.label-schema.vendor": "CentOS"
  }
}
@Totktonada
Copy link
Member

It is unintended effect of commit ec6201c (fix for #481), which was released in cartridge-cli-2.8.0.

We should describe an additional upgrade step for upgrading on or over 2.8.0 release in 2.8.0 release notes (on the releases page), in the CHANGELOG.md file and add the 'Troubleshooting' section into the documentation (preferably after PR #634):

  • chown -R 1200:1200 /path/to/volume

@TarantoolBot TarantoolBot removed the teamE label Jun 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
customer
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Totktonada @sharonovd @TarantoolBot @palage4a