TB106 DCT 7.0.0 on Docker-Compose Upgrade Failure

Impact

Data Control Tower might fail to start post-upgrade with a Permission denied error in the logs. Operations post-upgrade may fail with internal errors.

Contributing Factors

Versions of DCT 2.0.0 through 6.0.2 upgrading to DCT 7.0.0 or later running on docker-compose are subject to this error.

This bulletin applies to the following DCT versions: 2.0, 2.1.0, 2.2.0, 3.0, 4.0, 5.0, 6.0.

Symptoms

When restarting post-upgrade, the docker-compose logs will contain an error message including Permission denied, for example:

mkdir: can't create directory '/etc/config/nginx/': Permission denied

This error will prevent DCT from starting up.

Additionally, operations such as log in with username/password or registering an engine will fail with an HTTP 500 internal error, with one of the following permission errors in the gateway container logs:

java.nio.file.AccessDeniedException: /data/token_key_pair

java.io.FileNotFoundException: /data/encryption.key (Permission denied)

Relief/Workaround

The issue is due to the UID running the application containers changing from UID 1000 in DCT versions 2.0 through 6.0.2, to UID 1010 in DCT 7.0.0 and later. 

Resolving the issues requires the following one-time change and no container restart is required:

1. Change ownership of the volume associated to the gateway container to the new UID:
   docker exec -u 0  -it <gateway-container-name> chown delphix:delphix /data

2. If bind mounts have been used to configure DCT, they must grant permission to the user with UID 1010 (GUID 1010) to read/write files, for example:
   chown 1010:1010 /path/to/nginx/bind/mount

Related Documents

N/A