From fde416c7a1695aafd00652a8b9edfaac3e8c5eaf Mon Sep 17 00:00:00 2001 From: Julian Simioni Date: Tue, 26 Feb 2019 20:16:44 -0800 Subject: [PATCH 1/2] Attempt to catch cases of incorrect datadir ownership If the Elasticsearch datadir is not owned by the user specified in $DOCKER_USER, Elasticsearch will fail to start. Since https://github.com/pelias/docker/pull/55 the helper scripts attempt to remedy this situation if the `pelias` script is run as root (which is not recommended but is often done). However, if the `pelias` script is not run as root and the permissions are incorrect, this situation cannot be automatically fixed. This code attempts to detect that case and recommend the proper command to run (with sudo) and set proper directory permissions. Connects https://github.com/pelias/docker/issues/31 Connects https://github.com/pelias/docker/issues/73 --- cmd/elastic.sh | 15 +++++++++++++++ pelias | 2 ++ 2 files changed, 17 insertions(+) diff --git a/cmd/elastic.sh b/cmd/elastic.sh index 701c19c9..b5bb3b34 100644 --- a/cmd/elastic.sh +++ b/cmd/elastic.sh @@ -3,10 +3,25 @@ set -e; function elastic_schema_drop(){ compose_run 'schema' node scripts/drop_index "$@" || true; } function elastic_schema_create(){ compose_run 'schema' ./bin/create_index; } + +# perform pre-start checks and start the elasticsearch container function elastic_start(){ mkdir -p $DATA_DIR/elasticsearch # attemp to set proper permissions if running as root chown $DOCKER_USER $DATA_DIR/elasticsearch 2>/dev/null || true + + # record the owner of the Elasticsearch directory + elasticsearch_owner_uid=$($CMD_STAT --format '%u' $DATA_DIR/elasticsearch) + + # grab just the first part of the $DOCKER_USER variable which may have format uid:gid (or just uid) + desired_owner_uid=(${DOCKER_USER//:/ }) + + # check permissions, and if $DOCKER_USER cannot read the data dir, quit with error + if [[ "$desired_owner_uid" != "$elasticsearch_owner_uid" ]]; then + echo "user $DOCKER_USER cannot access elasticsearch directory at $DATA_DIR" + echo "please run 'sudo chown $DOCKER_USER $DATA_DIR/elasticsearch'" + exit 1 + fi compose_exec up -d elasticsearch } diff --git a/pelias b/pelias index 0f383f55..e26cb6c8 100755 --- a/pelias +++ b/pelias @@ -5,9 +5,11 @@ set -e # compatible with the linux tools. Force OSX users to install the GNU # compatible versions (prefixed with 'g', such as 'greadlink', 'gsed' etc.). export CMD_READLINK='readlink' +export CMD_STAT='stat' if [[ "$OSTYPE" == "darwin"* ]]; then if [ -x "$(command -v greadlink)" ]; then CMD_READLINK='greadlink'; + CMD_STAT='gstat'; else 2>&1 echo 'OSX: you must install the gnu standard tooling using:' 2>&1 echo 'brew install coreutils' From b9f45676726996ca30122f8930ef140a0dd4c503 Mon Sep 17 00:00:00 2001 From: Julian Simioni Date: Tue, 15 Sep 2020 13:54:34 -0400 Subject: [PATCH 2/2] Attempt to run command to fix permissions --- cmd/elastic.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cmd/elastic.sh b/cmd/elastic.sh index b5bb3b34..c9eb2ba0 100644 --- a/cmd/elastic.sh +++ b/cmd/elastic.sh @@ -18,9 +18,10 @@ function elastic_start(){ # check permissions, and if $DOCKER_USER cannot read the data dir, quit with error if [[ "$desired_owner_uid" != "$elasticsearch_owner_uid" ]]; then - echo "user $DOCKER_USER cannot access elasticsearch directory at $DATA_DIR" - echo "please run 'sudo chown $DOCKER_USER $DATA_DIR/elasticsearch'" - exit 1 + cmd="sudo chown $DOCKER_USER $DATA_DIR/elasticsearch" + echo "User $DOCKER_USER cannot access elasticsearch directory at $DATA_DIR" + echo "attempting to fix permissins by running '$cmd'. You may be asked for your password." + $cmd fi compose_exec up -d elasticsearch }