[question] How to use custom UID / GID with grafana docker image

[RaymondMouthaan]

Hello @fg2it,

Currently, I have my own docker image available on docker hub, which is based upon yours. It adds some configurations to run the image under a custom uid and gid.

However looking at the official v5.1.0, this custom uid and gid should now be supported and my own docker image wouldn't be needed anymore.

I've tried your lastest version like this:

version: "3.6"

services:
  grafana:
    image: fg2it/grafana-armhf:v5.1.0
    ports:
      - "3000:3000"
    volumes:
#      - /mnt/swarm-volumes/grafana/data:/var/lib/grafana
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
#    user: "1000"
    environment:
      - GF_UID=1000
      - GF_GID=1000
    deploy:
      replicas: 1

Within the container:

root@c3cb3da395dd:/# id grafana
uid=472(grafana) gid=472(grafana) groups=472(grafana)

root@c3cb3da395dd:/# ls -al /var/lib/grafana/
total 404
drwxrwxrwx 1 grafana grafana   4096 Apr 29 11:33 .
drwxr-xr-x 1 root    root      4096 Apr 28 22:26 ..
-rw-r--r-- 1 grafana grafana 393216 Apr 29 11:33 grafana.db
drwxrwxrwx 2 grafana grafana   4096 Apr 28 22:26 plugins

root@c3cb3da395dd:/# echo $GF_UID $GF_GID
1000 1000

So from the info above you can see that GF_UID and GF_GID didn't change the uid and gid for user grafana.

I also tried this according to grafana docker install:

version: "3.6"

services:
  grafana:
    image: fg2it/grafana-armhf:v5.1.0
    ports:
      - "3000:3000"
    volumes:
#      - /mnt/swarm-volumes/grafana/data:/var/lib/grafana
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    user: "1000"
#    environment:
#     - GF_UID=1000
#      - GF_GID=1000
    deploy:
      replicas: 1

Within the container:

root@83b148de388f:/# id grafana
uid=472(grafana) gid=472(grafana) groups=472(grafana)

root@83b148de388f:/# ls -al /var/lib/grafana/
total 404
drwxrwxrwx 1 grafana grafana   4096 Apr 29 11:40 .
drwxr-xr-x 1 root    root      4096 Apr 28 22:26 ..
-rw-r--r-- 1    1000 root    393216 Apr 29 11:40 grafana.db
drwxrwxrwx 2 grafana grafana   4096 Apr 28 22:26 plugins

So from the info above you can see that user: 1000 didn't change the uid and gid for user grafana, but it did set user 1000 on the grafana.db. The plugins directory however remains assigned to grafana user and group.

I was expecting in one of the above try-outs that all files and dirs within /var/lib/grafana would belong to grafana:grafana, where the uid and gid both could be customly set, so that persistence would be possible with an "external" user.

While writing this, I just realise that it probably is an issue upon the official grafana ...

Can you help me out on this one or do I need to submit an issue at official grafana project?

Thanks in advance. Raymond

[fg2it]

Hi @RaymondMouthaan As far as I understand, GF_UID/GF_GID are not here to customize the container at runtime. You can create image with customized GF_UID/GF_GID (docker build --build-arg GF_UID=xxx --build-arg GF_GID=yyy ...) but not at container creation time :

• Dockerfile#L4-L5 defines GF_UID/GF_GID as build arg
• Dockerfile#L31-L32 use them at image build time
• no logic in run.sh (which is exec at container start) handles GF_UID/GF_GID. So, what you see in your first trial with your compose file is normal behaviour. For the second trial, I didn't check the full consequences of user, but this is a docker option meant to run the container as the specified user, and so is a different thing.

As a I see it :

• you can open an issue at the official repo
• create your own image but based on the official Dockerfile using docker build --build-arg ...
• keep you image if it is fine

[RaymondMouthaan]

Thanks for you explanation, it clarifies a lot 👍 .

Personally I think it wouldn't be needed to build an image when one wants to use a custom uid. This would mean that every user who wants a custom uid needs to create it's own image. Would it be easier and more maintainable just to read uid from the deploy command as an env and set the grafana uid accordingly and when the env isn't supplied to use the default as defined within the image?

Anyway, I guess this is out of the scope of your project and should be discussed at the official grafana project.

[fg2it]

Anyway, I guess this is out of the scope of your project and should be discussed at the official grafana project.

Yes. I want to keep the arm image as close as possible to the official one. So I won't introduce such changes. But, if they do it, I will import that.