Data Control Tower might fail to start post-upgrade with a
Permission denied error in the logs. Operations post-upgrade may fail with internal errors.
Versions of DCT 2.0.0 through 6.0.2 upgrading to DCT 7.0.0 or later running on docker-compose are subject to this error.
This bulletin applies to the following DCT versions: 2.0, 2.1.0, 2.2.0, 3.0, 4.0, 5.0, 6.0.
When restarting post-upgrade, the docker-compose logs will contain an error message including
Permission denied, for example:
mkdir: can't create directory '/etc/config/nginx/': Permission denied
This error will prevent DCT from starting up.
Additionally, operations such as log in with username/password or registering an engine will fail with an HTTP 500 internal error, with one of the following permission errors in the gateway container logs:
java.io.FileNotFoundException: /data/encryption.key (Permission denied)
The issue is due to the UID running the application containers changing from UID 1000 in DCT versions 2.0 through 6.0.2, to UID 1010 in DCT 7.0.0 and later.
Resolving the issues requires the following one-time change and no container restart is required:
Change ownership of the volume associated to the gateway container to the new UID:
docker exec -u 0 -it <gateway-container-name> chown delphix:delphix /data
If bind mounts have been used to configure DCT, they must grant permission to the user with UID 1010 (GUID 1010) to read/write files, for example:
chown 1010:1010 /path/to/nginx/bind/mount
This issue only affects upgrades from earlier versions of DCT to 188.8.131.52 and later.