How can I fix the permissions using docker on a bluemix volume?

Question

In a container, I am trying to start mysqld.

I was able to create an image and push to the registry but when I want to start it, the /var/lib/mysql volu

Answer 1

In IBM Containers, the user namespace is enabled for docker engine. The "Permission denied " issue appears to be because the NFS is not allowing mapped user, from container, to perform the operation.

On my local setup, on the docker host, mounted a NFS (exported with no_root_squash option). and attached the volume to container using -v option. When the container is spawned from docker with disabled user namespace, I am able to change the ownership for bind-mount inside the container. But With user namespace enabled docker, I am getting chown: changing ownership of ‘/mnt/volmnt’: Operation not permitted

The volume created by cf (cf ic volume create ...) is a NFS, to verify just try mount -t nfs4 from container. When, the user namespace is enabled for docker engine. The effective root inside the container is a non-root user out side the container process and NFS is not allowing the mapped non-root user to perform the chown operation on the volume inside the container.

Here is the work-around, you may want to try

1. In the Dockerfile

   1.1 Create user mysql with UID 1010, or any free ID, before MySql installation. Other Container or new Container can access mysql data files on Volume with UID 1010

   RUN groupadd --gid 1010 mysql

   RUN useradd --uid 1010 --gid 1010 -m --shell /bin/bash mysql

   1.2 Install MySqlL but do not initialize database

   RUN apt-get update && apt-get install -y mysql-server && rm -rf /var/lib/mysql && rm -rf /var/lib/apt/lists/*

2. In the entry point script

   2.1 Create mysql Data directory under bind-mount as user mysql and then link it as /var/lib/mysql

   Suppose the volume is mounted at /mnt/db inside the container (ice run -v :/mnt/db --publish 3306... or cf ic run --volume :/mnt/db ...). Define mountpath env var

   MOUNTPATH="/mnt/db"

   Add mysql to group "root"

   adduser mysql root

   Set permission for mounted volume so that root group members can create directory and files

   chmod 775 $MOUNTPATH

   Create mysql directory under Volume

   su -c "mkdir -p /mnt/db/mysql" mysql

   su -c "chmod 700 /mnt/db/mysql" mysql

   Link the directory to /var/lib/mysql

   ln -sf /mnt/db/mysql /var/lib/mysql

   chown -h mysql:mysql /var/lib/mysql

   Remove mysql from group root

   deluser mysql root

   chmod 755 $MOUNTPATH

   2.2 For first time, initialize database as user mysql

   su -c "mysql_install_db --datadir=/var/lib/mysql" mysql

   2.3 Start the mysql server as user mysql

   su -c "/usr/bin/mysqld_safe" mysql