[RTFACT-17335] Artifactory in Docker cannot start with a custom user id Created: 16/Aug/18  Updated: 25/Mar/19  Resolved: 06/Dec/18

Status: Resolved
Project: Artifactory Binary Repository
Component/s: None
Affects Version/s: 6.2.0
Fix Version/s: 6.6.0

Type: Bug Priority: High
Reporter: Eldad Assis Assignee: Eldad Assis
Resolution: Fixed Votes: 3
Labels: artifactory, docker, permissions
Environment:

Artifactory Docker with custom user id


Issue Links:
Relationship
relates to RTFACT-17131 introduce possibility to define group... Resolved
relates to RTFACT-12721 Provide an option to map UID of the "... Resolved
Trigger
was triggered by RTFACT-15224 Running Artifactory docker container ... Resolved
Regression:
Yes
Assigned QA: Konstantin Shenderov

 Description   

As an Artifactory in Docker deployer, I want to be able to set custom user and group ids to match existing user mappings on my system.

The new Artifactory (6.2.0) lost this ability due to permissions on the file system.

Running with:

$ docker run ... --user 1717:1818 docker.bintray.io/jfrog/artifactory-pro:6.2.0

Fails with the following error:

2018-08-16 10:11:24  [120 entrypoint-artifactory.sh] Testing directory (/opt/jfrog/artifactory) has read/write permissions
/entrypoint-artifactory.sh: line 125: /opt/jfrog/artifactory/test-permissions: Permission denied
2018-08-16 10:11:24  [141 entrypoint-artifactory.sh] ###########################################################
2018-08-16 10:11:24  [142 entrypoint-artifactory.sh] /opt/jfrog/artifactory is NOT writable!
2018-08-16 10:11:24  [143 entrypoint-artifactory.sh] Directory: /opt/jfrog/artifactory, permissions: 755, owner: artifactory, group: artifactory
2018-08-16 10:11:24  [144 entrypoint-artifactory.sh] Mounted directory must be writable by user 'artifactory' (id 1030)
2018-08-16 10:11:24  [145 entrypoint-artifactory.sh] ###########################################################
2018-08-16 10:11:24   [40 entrypoint-artifactory.sh] ERROR: Directory /opt/jfrog/artifactory has bad permissions for user 'artifactory'

NOTE - Artifactory entrypoint does start with user id 1717 and group id 1818, but the file system created during the docker build stage is assigned to the user id 1030 that was also created at build time.

 



 Comments   
Comment by Eldad Assis [ 20/Aug/18 ]

Until a solution is provided, the way to do this is to build a custom Docker image using our Dockerfile.
Follow the following steps to do so

# Get Artifactory zip and save as standalone.zip
$ curl -L -o standalone.zip https://jfrog.bintray.com/artifactory-pro/org/artifactory/pro/jfrog-artifactory-pro/6.2.0/jfrog-artifactory-pro-6.2.0.zip

# Run the Docker image in the backgroud to extract files from it
$ docker run -d --rm --name artifactory docker.bintray.io/jfrog/artifactory-pro:6.2.0

# Extract docker file
$ docker cp artifactory:/docker/artifactory-pro/Dockerfile.artifactory .

# Extract entrypoint
$ docker cp artifactory:/entrypoint-artifactory.sh .

# Extract default db driver
$ docker cp artifactory:/opt/jfrog/artifactory/tomcat/lib/postgresql-9.4.1212.jar .

# Extract needed plugin
$ mkdir -p plugins && docker cp artifactory:/tmp/plugins/internalUser.groovy ./plugins

# Stop the running Artifactory
$ docker stop artifactory

# Edit Dockerfile.artifactory and set ARTIFACTORY_USER_ID to your need
$ sed -i.back 's/ARTIFACTORY_USER_ID=1030/ARTIFACTORY_USER_ID=7777/g' Dockerfile.artifactory

# Build the new Docker image
$ docker build -t my.reg/artifactory-pro:6.2.0-new -f Dockerfile.artifactory .
Comment by Krzysztof Malinowski [ 20/Aug/18 ]

While this is some kind of workaround, please note that it is not suitable in the long term. We have 3 sites, each running with a different user id, which means that the workaround requires creating 3 separate images.

Comment by Eldad Assis [ 21/Aug/18 ]

Yes Krzysztof Malinowski - we will provide a solution on our side. I added this comment as a temporary work around for you and others that might face similar issues.

Comment by Alex Dvorkin [ 22/Nov/18 ]

Konstantin Shenderov please wait until RTFACT-17881 is merged and re-do all the related testing. Sorry for the inconvenience.

Generated at Sat Aug 24 23:26:52 UTC 2019 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.