Docker Installation - /opt/tyger permissions

Hi folks,

When following the current Docker installation documentation, there's a bit of a hole that can be stepped into during the api install step. The documentation mentions that /opt/tyger must exist, and advises to create via sudo: https://github.com/microsoft/tyger/blob/353c5e9849dd8bb55d94f9e346dc8684cd61c9a5/docs/introduction/installation/docker-installation.md?plain=1#L101 This unblocks the install (or at least, appears to for the user), until the data plane container is stood up - at which point it fails its health check. Logs indicate the data-plane fails to bind the tyger.data.sock with a permissions error (since the tyger dir created with sudo is owned by root), which can be fixed with chmod on the tyger dir.

Since the instructions mentioned explicitly to create with sudo, I assumed the root permissions or privileged access might be handled by docker compose or uid in the containers. It might be worth updating the documentation to mention the purpose of the /opt/tyger dir, and necessary permissions - but I also wanted to ask what permissions should be used on the /opt/tyger directory if docker were used in production. I quick-fixed my install with 777 (based on .devcontainer/prepare-host.sh), which lets the installation finish but seems less than ideal? Would prepare-host.sh be worth mentioning in the documentation or using for local, manual docker installations?


andrew@andrew-Precision-Tower-7810:~/Documents/tyger$ tyger api install -f test.yml 
2024-10-25T08:53:40.335-04:00 INF Starting Tyger API install
2024-10-25T08:53:40.335-04:00 FTL error="error creating directory /opt/tyger: mkdir /opt/tyger: permission denied"

andrew@andrew-Precision-Tower-7810:~/Documents/tyger$ sudo mkdir /opt/tyger
andrew@andrew-Precision-Tower-7810:~/Documents/tyger$ tyger api install -f test.yml 
2024-10-25T08:54:02.072-04:00 INF Starting Tyger API install
2024-10-25T08:54:02.175-04:00 FTL error="error creating database container: error creating directory /opt/tyger/database: mkdir /opt/tyger/database: permission denied"

andrew@andrew-Precision-Tower-7810:~/Documents/tyger$ sudo mkdir /opt/tyger/database
andrew@andrew-Precision-Tower-7810:~/Documents/tyger$ tyger api install -f test.yml 
2024-10-25T08:54:16.489-04:00 INF Starting Tyger API install
2024-10-25T08:54:16.823-04:00 INF Pulling image mcr.microsoft.com/cbl-mariner/base/core:2.0
2024-10-25T08:54:17.002-04:00 INF Pulling image postgres:16.2
2024-10-25T08:54:21.420-04:00 INF Done pulling image mcr.microsoft.com/cbl-mariner/base/core:2.0
2024-10-25T08:54:28.697-04:00 INF Done pulling image postgres:16.2
2024-10-25T08:54:40.740-04:00 FTL error="error creating data plane container: error creating directory /opt/tyger/data-plane: mkdir /opt/tyger/data-plane: permission denied"

andrew@andrew-Precision-Tower-7810:~/Documents/tyger$ sudo mkdir /opt/tyger/data-plane
andrew@andrew-Precision-Tower-7810:~/Documents/tyger$ tyger api install -f test.yml 
2024-10-25T08:54:51.898-04:00 INF Starting Tyger API install
2024-10-25T08:54:52.425-04:00 INF Pulling image mcr.microsoft.com/tyger/tyger-server:v0.6.9
2024-10-25T08:54:52.433-04:00 INF Pulling image mcr.microsoft.com/tyger/tyger-data-plane-server:v0.6.9
2024-10-25T08:54:57.098-04:00 INF Done pulling image mcr.microsoft.com/tyger/tyger-data-plane-server:v0.6.9
2024-10-25T08:54:57.728-04:00 INF Done pulling image mcr.microsoft.com/tyger/tyger-server:v0.6.9
2024-10-25T08:55:58.001-04:00 FTL error="error creating data plane container: timed out waiting for container to become healthy. Current status: unhealthy"

microsoft / tyger

Docker Installation - /opt/tyger permissions #146