From e72f95393cc0c66b0cc4d726f5c45f80b916b400 Mon Sep 17 00:00:00 2001 From: Cassie Coyle Date: Fri, 19 Jul 2024 12:49:08 -0600 Subject: [PATCH] Fix Scheduler Data Dir Permissions Issue (#1432) * fix w/ @joshvanl & anton Signed-off-by: Cassandra Coyle * add a . Signed-off-by: Cassandra Coyle --------- Signed-off-by: Cassandra Coyle --- pkg/standalone/standalone.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkg/standalone/standalone.go b/pkg/standalone/standalone.go index ac9e7ae97..bc7fba008 100644 --- a/pkg/standalone/standalone.go +++ b/pkg/standalone/standalone.go @@ -643,7 +643,16 @@ func runSchedulerService(wg *sync.WaitGroup, errorChan chan<- error, info initIn "--entrypoint", "./scheduler", } if info.schedulerVolume != nil { - args = append(args, "--volume", *info.schedulerVolume+":/var/lib/dapr/scheduler") + // Don't touch this file location unless things start breaking. + // In Docker, when Docker creates a volume and mounts that volume. Docker + // assumes the file permissions of that directory if it exists in the container. + // If that directory didn't exist in the container previously, then Docker sets + // the permissions owned by root and not writeable. + // We are lucky in that the Dapr containers have a world writeable directory at + // /var/lock and can therefore mount the Docker volume here. + // TODO: update the Dapr scheduler dockerfile to create a scheduler user id writeable + // directory at /var/lib/dapr/scheduler, then update the path here. + args = append(args, "--volume", *info.schedulerVolume+":/var/lock") } if info.dockerNetwork != "" { @@ -664,7 +673,7 @@ func runSchedulerService(wg *sync.WaitGroup, errorChan chan<- error, info initIn ) } - args = append(args, image, "--etcd-data-dir=/var/lib/dapr/scheduler") + args = append(args, image, "--etcd-data-dir=/var/lock/dapr/scheduler") _, err = utils.RunCmdAndWait(runtimeCmd, args...) if err != nil {