Closed nilsnolde closed 1 year ago
actually all docker containers require a UID of 1000 it seems, not that it matters much
Yeah for sure, permissions inside permissions, can be a nightmare.
I thought I'd fixed this last year, we haven't had many reports recently. How it's supposed to work is that the pelias
command detects your UID automatically so you shouldn't have to do anything.
can't see much in the pelias commands other than the deprecated DOCKER_USER
.
the pelias command detects your UID automatically so you shouldn't have to do anything.
but how would that work even? it detects your UID but it can't take that for the docker-internal user, that would have to be decided in the image building when creating the user. we could change the permissions with the pelias
command to 1000:1000 but not without sudo. (also would be strange, my data dir would then be owned by the host user overpass
:D).
I think everyone got lucky so far, always having run this with the machine's first user:)
I had a similar use case before and had to change our valhalla image to accommodate for that: https://github.com/gis-ops/docker-valhalla/blob/a503d556a75661a644c25b16fa82eafa89b3f963/Dockerfile#L44-L50
definitely not arguing that's an option for your docker recipes, it's also a total nightmare.
You can specify the docker user at runtime too
huh.. let me research hahah :sweat_smile:
ah right, totally forgot about that..
I guess that's what DOCKER_USER
was for?
thanks!! didn't find that! yes, that should definitely do it. I'll just quietly close this issue and admit my idiot mistake of not using the provided docker-compose.yml..
Haha all good, permissions are the most common issue we get, I might spend some more time on the pelias system check
command to see if it can detect issues like this automatically.
there's some bug reports around that already, e.g. https://github.com/pelias/docker/issues/214 (AccessDenied, the container can't write into the
$DATA_DIR/elasticsearch
directory)the problem seems to me that the ES container internally has the
elasticsearch
user with UID/GID 1000 doing all the operations. while myDATA_DIR
is owned by the same user I run docker with and happens to have UID/GID 1003. so the container can't create any data/directories insideDATA_DIR
with its 775 permission bits.urgh, this is a mess with docker user management.. been there a few times.. essentially, IMO there's no fool-proof way that'll work in all situations without at least one root command. so maybe the way it works right now is the best we can do..
for now I'll make the
DATA_DIR
777. no idea what else to try (made my local docker user part of group 1000, but thenpelias elastic start
changes the permissions back to 1003/1003).