Increase write access to /conf and /data within docker container for …

…GID=0 This permits the container to be started in systems like OpenShift which do not permit UID=0 by default. VOLUME in Dockerfile-worker is removed as it inherits from the one in Dockerfile
matrix-org · Nov 25, 2021 · e18ce18 · e18ce18
1 parent 608d538
commit e18ce18
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -82,6 +82,14 @@ COPY --from=builder /install /usr/local
 COPY ./docker/start.py /start.py
 COPY ./docker/conf /conf
 
+RUN mkdir /data
+
+# Set permissions for GID=0 to be able to interact with /conf and /data
+# Allows container to be deployed in OpenShift without UID 0
+# https://docs.openshift.com/container-platform/4.7/openshift_images/create-images.html#images-create-guide-openshift_create-images
+RUN chgrp -R 0 /conf /data && \
+    chmod -R g+rw /conf /data
+
 VOLUME ["/data"]
 
 EXPOSE 8008/tcp 8009/tcp 8448/tcp

diff --git a/docker/Dockerfile-workers b/docker/Dockerfile-workers
@@ -14,9 +14,6 @@ COPY ./docker/conf-workers/* /conf/
 # Expose nginx listener port
 EXPOSE 8080/tcp
 
-# Volume for user-editable config files, logs etc.
-VOLUME ["/data"]
-
 # A script to read environment variables and create the necessary
 # files to run the desired worker configuration. Will start supervisord.
 COPY ./docker/configure_workers_and_start.py /configure_workers_and_start.py