Create volumes automatically for NATS/Prometheus

Fixes: #223 Tested by checking the logs of Prometheus and NATS was tested by running async requests with hey then restarting faasd, which deletes the NATS and queue-worker containers. The work left over in the queue was restarted as expected. Pre-created volumes are read from docker-compose.yaml and only numeric user IDs are supported at this time. Users can still specify a textual username, if they create the source directory for a mount before restarting faasd, it won't try to overwrite the directory. Add comment for workingDirectoryPermission Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
2025-06-27 09:13:23 +00:00 · 2021-12-20 13:32:06 +00:00
parent 8fbdd1a461
commit 5aed707354
2 changed files with 42 additions and 2 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -20,21 +20,36 @@ services:

  nats:
    image: docker.io/library/nats-streaming:0.22.0
+# nobody
+    user: "65534"
    command:
      - "/nats-streaming-server"
      - "-m"
      - "8222"
-      - "--store=memory"
+      - "--store=file"
+      - "--dir=/nats"
      - "--cluster_id=faas-cluster"
+    volumes:
+# Data directory
+      - type: bind
+        source: ./nats
+        target: /nats
    # ports:
    #    - "127.0.0.1:8222:8222"

  prometheus:
    image: docker.io/prom/prometheus:v2.14.0
+# nobody
+    user: "65534"
    volumes:
+# Config directory
      - type: bind
        source: ./prometheus.yml
        target: /etc/prometheus/prometheus.yml
+# Data directory
+      - type: bind
+        source: ./prometheus
+        target: /prometheus
    cap_add:
      - CAP_NET_RAW
    ports:
--- a/pkg/supervisor.go
+++ b/pkg/supervisor.go
@ -8,6 +8,8 @@ import (
 	"os"
 	"path"
 	"sort"
+	"strconv"
+	"strings"

 	"github.com/alexellis/k3sup/pkg/env"
 	"github.com/compose-spec/compose-go/loader"
@ -26,7 +28,8 @@ import (
 )

 const (
-	workingDirectoryPermission = 0644
+	// workingDirectoryPermission user read/write/execute, group and others: read-only
+	workingDirectoryPermission = 0744
 )

 type Service struct {
@ -145,6 +148,28 @@ func (s *Supervisor) Start(svcs []Service) error {
 					Type:        "bind",
 					Options:     []string{"rbind", "rw"},
 				})
+
+				// Only create directories, not files.
+				// Some files don't have a suffix, such as secrets.
+				if len(path.Ext(mnt.Src)) == 0 &&
+					!strings.HasPrefix(mnt.Src, "/var/lib/faasd/secrets/") {
+					// src is already prefixed with wd from an earlier step
+					src := mnt.Src
+					fmt.Printf("Creating local directory: %s\n", src)
+					if err := os.MkdirAll(src, workingDirectoryPermission); err != nil {
+						if !errors.Is(os.ErrExist, err) {
+							fmt.Printf("Unable to create: %s, %s\n", src, err)
+						}
+					}
+					if len(svc.User) > 0 {
+						uid, err := strconv.Atoi(svc.User)
+						if err == nil {
+							if err := os.Chown(src, uid, -1); err != nil {
+								fmt.Printf("Unable to chown: %s to %d, error: %s\n", src, uid, err)
+							}
+						}
+					}
+				}
 			}
 		}