GitHub user jgoedeke added a comment to the discussion: Scheduler log directory
created as root
Thanks for you replies! The reason I use this approach is to have regular
security-upgrades installed into all airflow containers. In my understanding
the modification of the entrypoint utilizing gosu should not impact the
original entrypoint, here are my exact changes:
**Dockerfile**
````bash
FROM apache/airflow:slim-2.10.5-python3.11
# UID 1000 necessary for logs directory permission
RUN usermod -u 1000 airflow
# root permission necessary to start cronjob
USER root
# install and configure cron and unattended-upgrade to install daily security
upgrades
# ...
# cat <<EOF > /etc/apt/apt.conf.d/50unattended-upgrades
# Unattended-Upgrade::Origins-Pattern {
# "origin=Debian,codename=\${distro_codename},label=Debian-Security";
#
"origin=Debian,codename=\${distro_codename}-security,label=Debian-Security";
# };
# EOF
# echo "0 2 * * * unattended-upgrade" > /etc/cron.d/security-upgrade
# using dump-init as described in the docs
ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
````
**/usr/local/bin/docker-entrypoint.sh**
````bash
#!/bin/sh
service cron start
exec gosu airflow /entrypoint "$@"
````
The container is not restarted, therefore all processes should be run as
`airflow` user and from my understanding `gosu` should not have an impact. The
change of the UID with `usermod -u 1000 airflow` is also permanent and should
not have an occasional impact on runtime.
I can not set the `user` property in my docker-compose file because then the
required permission to start the cron service are missing. I have set the
`AIRFLOW_UID` to 1000 for the `airflow-init` container.
- [ ] Is there an "official" option to have regular security upgrades installed
without re-building and re-deploying airflow?
GitHub link:
https://github.com/apache/airflow/discussions/48561#discussioncomment-12673596
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]