podman support rootless containers

prometheus and grafana can use external directories and files, using a rootless containers requires that the user inside the container would have the same user and group id as the owner of that external directory.
scylladb · Aug 3, 2020 · 1a4d31f · 1a4d31f
1 parent 7387224
commit 1a4d31f
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/start-all.sh b/start-all.sh
@@ -26,6 +26,14 @@ else
     GROUPID=`id -g`
     USER_PERMISSIONS="-u $UID:$GROUPID"
 fi
+
+group_args=()
+is_podman="$(docker --help | grep -o podman)"
+if [ ! -z "$is_podman" ]; then
+    group_args+=(--userns=keep-id)
+fi
+
+
 PROMETHEUS_RULES="$PWD/prometheus/prometheus.rules.yml"
 VERSIONS=$DEFAULT_VERSION
 usage="$(basename "$0") [-h] [--version] [-e] [-d Prometheus data-dir] [-L resolve the servers from the manger running on the given address] [-G path to grafana data-dir] [-s scylla-target-file] [-n node-target-file] [-l] [-v comma separated versions] [-j additional dashboard to load to Grafana, multiple params are supported] [-c grafana environment variable, multiple params are supported] [-b Prometheus command line options] [-g grafana port ] [ -p prometheus port ] [-a admin password] [-m alertmanager port] [ -M scylla-manager version ] [-D encapsulate docker param] [-r alert-manager-config] [-R prometheus-alert-file] [-N manager target file] [-A bind-to-ip-address] [-C alertmanager commands] [-Q Grafana anonymous role (Admin/Editor/Viewer)] [-S start with a system specific dashboard set] -- starts Grafana and Prometheus Docker instances"
@@ -223,6 +231,7 @@ fi
 
 docker run -d $DOCKER_PARAM $USER_PERMISSIONS \
      $DATA_DIR \
+     "${group_args[@]}" \
      -v $PWD/prometheus/build/prometheus.yml:/etc/prometheus/prometheus.yml:Z \
      -v $PROMETHEUS_RULES:/etc/prometheus/prometheus.rules.yml:Z \
      $SCYLLA_TARGET_FILE \

diff --git a/start-grafana.sh b/start-grafana.sh
@@ -90,6 +90,12 @@ if [ $? -eq 0 ]; then
     exit 1
 fi
 
+group_args=()
+is_podman="$(docker --help | grep -o podman)"
+if [ ! -z "$is_podman" ]; then
+    group_args+=(--userns=keep-id)
+fi
+
 if [ "`id -u`" -ne 0 ]; then
     GROUPID=`id -g`
     USER_PERMISSIONS="-u $UID:$GROUPID"
@@ -127,6 +133,7 @@ docker run -d $DOCKER_PARAM -i $USER_PERMISSIONS $PORT_MAPPING \
      -e "GF_AUTH_ANONYMOUS_ENABLED=$GRAFANA_AUTH_ANONYMOUS" \
      -e "GF_AUTH_ANONYMOUS_ORG_ROLE=$ANONYMOUS_ROLE" \
      -e "GF_PANELS_DISABLE_SANITIZE_HTML=true" \
+     "${group_args[@]}" \
      -v $PWD/grafana/build:/var/lib/grafana/dashboards:z \
      -v $PWD/grafana/plugins:/var/lib/grafana/plugins:z \
      -v $PWD/grafana/provisioning:/var/lib/grafana/provisioning:z $EXTERNAL_VOLUME \