Thanks for the reply Peter, You are right, last night when I tried mapping just /opt/nifi from NiFi version 1.7.1 the container wasn't happy starting up and I couldn't figure out what folders were needed to store state and manage any configurations.
Just to be clear, should I be mapping the following volumes to local folders that have read/write access for host user ID 1000 (or a Linux group that user 1000 is a member of) for the internal docker user nifi (UID 1000) to be able to access? I guess there is no way to change the UID of docker user nifi without doing a custom docker build. For security/LDAP, I'm assuming I can just pass the environment variables through as documented on the README.md? VOLUME ${NIFI_LOG_DIR} \ ${NIFI_HOME}/conf \ ${NIFI_HOME}/database_repository \ ${NIFI_HOME}/flowfile_repository \ ${NIFI_HOME}/content_repository \ ${NIFI_HOME}/provenance_repository \ ${NIFI_HOME}/state I'm trying to automate the docker config using docker-compose via ansible, so normally I use a framework like this: - name: Create local host nifi state directories in /data/nifi/ file: path: "{{ item }}" state: directory owner: 1000 group: 1000 mode: 0775 with_items: - /data/nifi - /data/nifi/conf - /data/nifi/state - /data/nifi/database_repository - /data/nifi/flowfile_repository - /data/nifi/content_repository - /data/nifi/provenance_repository - name: Build NiFi Docker Image docker_service: project_name: nifi definition: version: '2' services: nifi: image: apache/nifi:{{ nifi_version }} container_name: nifi restart: on-failure # environment: volumes: # take uid/gid lists from host to give same user/group permissions mapping as host # - /etc/passwd:/etc/passwd # - /etc/group:/etc/group # Give NiFi access to read/write in /data - /data:/data # Expose NiFi config and state directories - /data/nifi/conf:/opt/nifi/conf - /data/nifi/state:/data/nifi/state - /data/nifi/database_repository:/opt/nifi/database_repository - /data/nifi/flowfile_repository:/opt/nifi/flowfile_repository - /data/nifi/content_repository:/opt/nifi/content_repository - /data/nifi/provenance_repository:/opt/nifi/provenance_repository ports: - 8080:8080 - 8443:8443 - 10000:10000 On Thu, 25 Oct 2018 at 11:02, Peter Wilcsinszky <peterwilcsins...@gmail.com> wrote: > Hi Stephen, > > I don't recommend mounting /opt/nifi directly as it will copy all the NiFi > binaries over to the volume as well, which is unnecessary I beleive. The > latest dockerfile that will be used to build the docker image for the > upcoming release already declares volumes that I recommend to leverage: > > https://github.com/apache/nifi/blob/master/nifi-docker/dockerhub/Dockerfile#L73 > > However if you have special needs you can always tweak the dockerfile and > build you own image from it. > > On Wed, Oct 24, 2018 at 10:04 PM Stephen Greszczyszyn <sgres...@gmail.com> > wrote: > >> Hi there, >> >> I'm trying to get a working configuration for the official vanilla NiFi >> docker image where it can read existing SFTP incoming data as well as allow >> me to pass in any necessary configuration files. >> >> The problem seems to be that by default the docker container picks up >> userID 1000 to run the nifi process, which is OK since I mapped my >> /etc/passwd and /etc/group volumes and I'm managing the directory >> read/write access through my underlying OS (Ubuntu 18.04). >> >> Where I am having problems is mapping the docker NiFi /opt/nifi directory >> to a local directory, despite the permissions looking OK. I've even set my >> local /data/nifi directory to chmod 777, but the docker container fails to >> start. >> >> Any suggestions on how to resolve this? Also any best practices for >> mapping the NiFi internal docker volumes to the local OS would be >> appreciated. >> >> Thanks, >> >> Stephen >> >