Use volumes for /var/log/nginx and /etc/ssl/private so that changing ownership

sticks. refs #8080

diff --git a/lib/arvbox/docker/Dockerfile.base b/lib/arvbox/docker/Dockerfile.base
index cdbface3997320903c323b32abe4e4f0730f4e7a..108ed533789afbf354c3d001c5558e1d5412d26b 100644 (file)
--- a/lib/arvbox/docker/Dockerfile.base
+++ b/lib/arvbox/docker/Dockerfile.base
@@ -13,6 +13,8 @@ RUN apt-get update && \
 
 RUN curl -sSL https://get.docker.com/ | sh
 VOLUME /var/lib/docker
+VOLUME /var/log/nginx
+VOLUME /etc/ssl/private
 
 RUN rm -rf /var/lib/postgresql && mkdir -p /var/lib/postgresql
 

diff --git a/lib/arvbox/docker/createusers.sh b/lib/arvbox/docker/createusers.sh
index 4a8abfd46d8bc4e97cb802a37146113517db5e67..b77c9c27071021d40af771e61a12e0907a51bc98 100755 (executable)
--- a/lib/arvbox/docker/createusers.sh
+++ b/lib/arvbox/docker/createusers.sh
@@ -21,21 +21,12 @@ if ! grep "^arvbox:" /etc/passwd >/dev/null 2>/dev/null ; then
     useradd --groups docker,fuse crunch
 
     chown arvbox:arvbox -R /usr/local /var/lib/arvados /var/lib/gems \
-          /var/lib/passenger /var/lib/postgresql /etc/ssl/private
+          /var/lib/passenger /var/lib/postgresql \
+          /var/lib/nginx /var/log/nginx /etc/ssl/private
 
     mkdir -p /var/lib/gems/ruby/2.1.0
     chown arvbox:arvbox -R /var/lib/gems/ruby/2.1.0
 
-    chown arvbox:arvbox -R /var/lib/nginx
-
-    # There's something weird about /var/log/nginx that prevents a non-root
-    # arvbox user from writing to it, even after the ownership has been
-    # changed.  As a workaround, delete it and recreate it.
-
-    rm -r /var/log/nginx
-    mkdir -p /var/log/nginx
-    chown arvbox:arvbox -R /var/log/nginx
-
     mkdir -p /tmp/crunch0 /tmp/crunch1
     chown crunch:crunch -R /tmp/crunch0 /tmp/crunch1