It might be worthwhile to do a patch release. While there is a workaround, it is not very convenient for someone running the docker image in kubernetes. Especially for query nodes that rarely get deployed with persistent storage, you now have to define a volume or mount point of some sort. This makes it very cumbersome to upgrade, and someone may not hit this issue until after they have upgraded all their data nodes, once they upgrade brokers.
Once https://github.com/apache/druid/pull/11167 is merged, we can backport it. On Wed, Apr 28, 2021 at 11:39 PM frank chen <frankc...@apache.org> wrote: > Yes, this problem is not bound to macOS, It also exists on my linux server > running CentOS 7.2.1511 with Docker 19.03.4, build 9013bf583a. > > I think the reason why the images work on some environments is pointed by > Jihoon: the docker volume that was created a long time ago with proper > ownership. > > Since there's an easy workaround, I think it's acceptable for me to fix > this problem in the next release 0.22.0 > > Jihoon Son <jihoon...@apache.org> 于2021年4月29日周四 上午7:46写道: > > > I added this issue and the workaround suggested here in the release > > notes: > > > https://github.com/apache/druid/releases/tag/druid-0.21.0#21-docker-volume-ownership > > . > > > > On Wed, Apr 28, 2021 at 4:23 PM Jihoon Son <jihoon...@apache.org> wrote: > > > > > > The workaround Xavier suggested seems working for me. > > > I think this workaround can work for the users who don't use the > > docker-compose. > > > For the users who use the docker-compose, I think the easiest > > > workaround is that they first create docker volumes using an old image > > > and then run the 0.21.0 image. > > > You can do this by running these commands. > > > > > > $ cd ${PREV_SRC_DIR} > > > $ docker-compose -f distribution/docker/docker-compose.yml create > > > $ cd ${0.21.0_SRC_DIR} > > > $ docker-compose -f distribution/docker/docker-compose.yml up > > > > > > This workaround seems easy enough to me. Also, given that code freeze > > > for the 0.22.0 release is coming, I think this workaround could be > > > enough for now. > > > Does anyone strongly think that we should do a patch release to fix > this? > > > > > > On Wed, Apr 28, 2021 at 2:00 PM Jihoon Son <jihoon...@apache.org> > wrote: > > > > > > > > I could reproduce it. It seems that my previous testing passed > because > > > > of the docker volume that was created a long time ago with a proper > > > > ownership. > > > > It also seems not particular to the specific OS version because I > > > > could reproduce the same issue in linux as well. I used the ubuntu > > > > linux of the kernel version of 5.4.0-70 and docker 20.10.5. > > > > I'm now looking for an easy workaround. Please let me know if you > know > > > > such a workaround. > > > > Otherwise, maybe we should do a patch release. > > > > > > > > > > > > On Wed, Apr 28, 2021 at 10:35 AM Xavier Léauté > > > > <xav...@confluent.io.invalid> wrote: > > > > > > > > > > I'm running 3.3.1 on Big Sur, so this might be particular to the > > specific > > > > > OS version? > > > > > > > > > > On Wed, Apr 28, 2021 at 10:33 AM Jihoon Son <jihoon...@apache.org> > > wrote: > > > > > > > > > > > Interesting. I also used Docker Desktop 3.3.1 on the Catalina > macOS > > > > > > for my testing. The current docker image worked fine for me. > > > > > > It sounds good to me to add this as a known issue in the release > > > > > > notes, but I hope it to be more specific. > > > > > > Do you have more details about the issue such as in what > conditions > > > > > > you could see it? > > > > > > > > > > > > On Wed, Apr 28, 2021 at 9:48 AM Xavier Léauté > > > > > > <xav...@confluent.io.invalid> wrote: > > > > > > > > > > > > > > Hi Frank, > > > > > > > > > > > > > > I am noticing a similar problem when running on Docker for Mac. > > > > > > > > > > > > > > This appears to be specific to macOS, and how docker > initializes > > the > > > > > > volume > > > > > > > mount point permissions. > > > > > > > As a workaround you can pass a volume at the command-line, > which > > somehow > > > > > > > sets the right ownership. > > > > > > > > > > > > > > We might want to add a known issue related to that in the > > release notes. > > > > > > > > > > > > > > On Mon, Apr 26, 2021 at 7:54 PM frank chen < > frankc...@apache.org> > > wrote: > > > > > > > > > > > > > > > I did two tests this morning. > > > > > > > > 1. Docker Desktop was downgraded to 3.2.0/3.0.0, this problem > > still > > > > > > exists > > > > > > > > 2. Druid cluster successfully started based on 0.20.0 image > on > > the same > > > > > > > > macbook. > > > > > > > > > > > > > > > > And I see there's a change about Docker file by #10506 > > (included in > > > > > > 0.21.0 > > > > > > > > release) which has something to do with the chown command > from > > the > > > > > > > > discussion. > > > > > > > > > > > > > > > > I'm not an expert on Dockfile, hope someone could check this > > problem. > > > > > > > > > > > > > > > > > > > > > > > > Jihoon Son <jihoon...@apache.org> 于2021年4月27日周二 上午12:56写道: > > > > > > > > > > > > > > > > > Frank, thanks for looking into it. > > > > > > > > > > > > > > > > > > I'm not sure why it fails in your testing environment. But > > it seems > > > > > > > > > like an issue in running the docker image rather than an > > issue in the > > > > > > > > > image itself because it passed tests in other people's > > environment. > > > > > > As > > > > > > > > > a result, it doesn't seem a release blocker to me, so I > will > > go ahead > > > > > > > > > and finish this vote. Please file this issue on GitHub so > > that we can > > > > > > > > > track it. > > > > > > > > > > > > > > > > > > On Mon, Apr 26, 2021 at 7:16 AM frank chen < > > frankc...@apache.org> > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > I tried to start druid in docker on two MacBookPro(both > > are running > > > > > > > > > BigSur > > > > > > > > > > 11.2.3), both failed due to the same reason. > > > > > > > > > > > > > > > > > > > > To determine what happened, DRUID_DIRS_TO_CREATE was set > > in the > > > > > > > > > environment > > > > > > > > > > file to skip the directory creation so that druid nodes > > could > > > > > > start up, > > > > > > > > > > and then I checked the directories inside container, > found > > that > > > > > > owner > > > > > > > > of > > > > > > > > > > directory 'var' is root while others are 'druid'. > > > > > > > > > > > > > > > > > > > > /opt/apache-druid-0.21.0 # ls -l > > > > > > > > > > > > > > > > > > > > total 196 > > > > > > > > > > > > > > > > > > > > -rw-r--r-- 1 druid druid 70924 Apr 16 02:42 > > LICENSE > > > > > > > > > > > > > > > > > > > > -rw-r--r-- 1 druid druid 71187 Apr 16 02:42 > > NOTICE > > > > > > > > > > > > > > > > > > > > -rw-r--r-- 1 druid druid 8228 Apr 16 02:42 > > README > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 2 druid druid 4096 Apr 16 02:46 > > *bin* > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 5 druid druid 4096 Apr 16 02:46 > > *conf* > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 51 druid druid 4096 Apr 16 02:46 > > > > > > *extensions* > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 3 druid druid 4096 Apr 16 02:46 > > > > > > > > > > *hadoop-dependencies* > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 2 druid druid 12288 Apr 16 02:46 > > *lib* > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 4 druid druid 4096 Apr 16 02:28 > > *licenses* > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 4 druid druid 4096 Apr 16 02:46 > > > > > > *quickstart* > > > > > > > > > > > > > > > > > > > > drwxr-xr-x 2 root root 4096 Apr 26 13:21 > > *var* > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Since container is running as user 'druid', it has no > > permission to > > > > > > > > > create > > > > > > > > > > directories under 'var' directory. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I see the command (see: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/apache/druid/blob/0296f205511a2c75f150d978f4cb74757736c54f/distribution/docker/Dockerfile#L51 > > > > > > > > > > ) > > > > > > > > > > > > > > > > > > > > in Dockerfile has set the owner of all directories to > > 'druid', but > > > > > > has > > > > > > > > no > > > > > > > > > > idea why owner of 'var' is still 'root'. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I don't know whether this problem happens only on macOS > > with Docker > > > > > > > > > Desktop > > > > > > > > > > 3.3.1. > > > > > > > > > > > > > > > > > > > > BTW, there's a bug in Docker Desktop 3.3.0 which I sent > an > > email > > > > > > to the > > > > > > > > > dev > > > > > > > > > > last week. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Jihoon Son <jihoon...@apache.org> 于2021年4月24日周六 > 上午1:27写道: > > > > > > > > > > > > > > > > > > > > > Frank, thanks for your testing. > > > > > > > > > > > > > > > > > > > > > > Both tests pass on my side. > > > > > > > > > > > For the dependency check, the NVD database seems back > > now and > > > > > > working > > > > > > > > > > > fine. I sometimes see that the maven dependency check > > plugin > > > > > > fails > > > > > > > > > > > with a false report when you have stale files left over > > from > > > > > > previous > > > > > > > > > > > builds. Can you try again after running 'mvn clean'? > > > > > > > > > > > For the docker, I'm not sure why those processes could > > not create > > > > > > > > > > > directories inside the container. Can you check if > there > > is some > > > > > > > > > > > permission issue? > > > > > > > > > > > > > > > > > > > > > > On Fri, Apr 23, 2021 at 3:43 AM frank chen < > > frankc...@apache.org > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > Hi Jihoon, > > > > > > > > > > > > > > > > > > > > > > > > Here're check results on my environment. And there > are > > 3 > > > > > > problems: > > > > > > > > > > > > 1) CVE warning > > > > > > > > > > > > 2) dependency check failure > > > > > > > > > > > > 3) docker startup failure > > > > > > > > > > > > > > > > > > > > > > > > src package: > > > > > > > > > > > > - verified signature/checksum > > > > > > > > > > > > - LICENSE/NOTICE present > > > > > > > > > > > > - CVE check reports vulnerabilities warning as > follows > > > > > > > > > > > > One or more dependencies were identified with known > > > > > > vulnerabilities > > > > > > > > > in > > > > > > > > > > > > druid-core: > > > > > > > > > > > > commons-io-2.6.jar > (pkg:maven/commons-io/commons-io@2.6 > > , > > > > > > > > > > > > cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : > > CVE-2021-29425 > > > > > > > > > > > > cron-scheduler-0.1.jar > > > > > > > > (pkg:maven/io.timeandspace/cron-scheduler@0.1 > > > > > > > > > , > > > > > > > > > > > > cpe:2.3:a:cron_project:cron:0.1:*:*:*:*:*:*:*) : > > CVE-2017-9525, > > > > > > > > > > > > CVE-2019-9704, CVE-2019-9705 > > > > > > > > > > > > guava-16.0.1.jar > > (pkg:maven/com.google.guava/guava@16.0.1, > > > > > > > > > > > > cpe:2.3:a:google:guava:16.0.1:*:*:*:*:*:*:*) : > > CVE-2018-10237, > > > > > > > > > > > CVE-2020-8908 > > > > > > > > > > > > hibernate-validator-5.2.5.Final.jar > > > > > > > > > > > > (pkg:maven/org.hibernate/hibernate-validator@5.2.5. > > Final, > > > > > > > > > > > > > > cpe:2.3:a:hibernate:hibernate-validator:5.2.5:*:*:*:*:*:*:*, > > > > > > > > > > > > > > cpe:2.3:a:redhat:hibernate_validator:5.2.5:*:*:*:*:*:*:*) : > > > > > > > > > > > CVE-2020-10693 > > > > > > > > > > > > log4j-core-2.8.2.jar > > > > > > > > > (pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2 > > > > > > > > > > > , > > > > > > > > > > > > cpe:2.3:a:apache:log4j:2.8.2:*:*:*:*:*:*:*) : > > CVE-2020-9488 > > > > > > > > > > > > netty-3.10.6.Final.jar > > (pkg:maven/io.netty/netty@3.10.6.Final, > > > > > > > > > > > > cpe:2.3:a:netty:netty:3.10.6:*:*:*:*:*:*:*) : > > CVE-2021-21290, > > > > > > > > > > > > CVE-2021-21295, CVE-2021-21409 > > > > > > > > > > > > netty-transport-4.1.48.Final.jar > > > > > > > > > > > > (pkg:maven/io.netty/netty-transport@4.1.48.Final, > > > > > > > > > > > > cpe:2.3:a:netty:netty:4.1.48:*:*:*:*:*:*:*) : > > CVE-2021-21290, > > > > > > > > > > > > CVE-2021-21295, CVE-2021-21409 > > > > > > > > > > > > > > > > > > > > > > > > - Dependency check failed due to "An error occurred > > with the > > > > > > .NET > > > > > > > > > > > > AssemblyAnalyzer", no more exception message is shown > > > > > > > > > > > > > > > > > > > > > > > > binary package: > > > > > > > > > > > > - verified signature/checksum > > > > > > > > > > > > - LICENSE, NOTICE and README files are present > > > > > > > > > > > > - ingested from kafka and ran some queries, and no > > exception > > > > > > log > > > > > > > > > output > > > > > > > > > > > in > > > > > > > > > > > > Druid services log files > > > > > > > > > > > > > > > > > > > > > > > > docker: > > > > > > > > > > > > - failed to start cluster with docker-compose.yml in > > > > > > > > > distribution/docker > > > > > > > > > > > > directory based on apache/druid:0.21.0-rc1 image, all > > druid > > > > > > nodes > > > > > > > > > > > > unexpected exit with messages like > > > > > > > > > > > > middlemanager | mkdir: can't create directory > > 'var/tmp': > > > > > > > > > Permission > > > > > > > > > > > > denied > > > > > > > > > > > > middlemanager | mkdir: can't create directory > > 'var/druid/': > > > > > > > > > Permission > > > > > > > > > > > > denied > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Jihoon Son <jihoon...@apache.org> 于2021年4月17日周六 > > 上午8:59写道: > > > > > > > > > > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > > > > > > > > > I have created a build for Apache Druid 0.21.0, > > release > > > > > > > > > > > > > candidate 1. > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks for everyone who has helped contribute to > the > > > > > > release! You > > > > > > > > > can > > > > > > > > > > > read > > > > > > > > > > > > > the proposed release notes here: > > > > > > > > > > > > > https://github.com/apache/druid/issues/10752 > > > > > > > > > > > > > > > > > > > > > > > > > > The release candidate has been tagged in GitHub as > > > > > > > > > > > > > druid-0.21.0-rc1 > > (733697c25ff22045f14016d83b123fa18556dec8), > > > > > > > > > > > > > available here: > > > > > > > > > > > > > > > > > > > https://github.com/apache/druid/releases/tag/druid-0.21.0-rc1 > > > > > > > > > > > > > > > > > > > > > > > > > > The artifacts to be voted on are located here: > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/druid/0.21.0-rc1/ > > > > > > > > > > > > > > > > > > > > > > > > > > A staged Maven repository is available for review > at: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachedruid-1023/ > > > > > > > > > > > > > > > > > > > > > > > > > > Staged druid.apache.org website documentation is > > available > > > > > > here: > > > > > > > > > > > > > > > > > > > https://druid.staged.apache.org/docs/0.21.0/design/index.html > > > > > > > > > > > > > > > > > > > > > > > > > > A Docker image containing the binary of the release > > > > > > candidate can > > > > > > > > > be > > > > > > > > > > > > > retrieved via: > > > > > > > > > > > > > docker pull apache/druid:0.21.0-rc1 > > > > > > > > > > > > > > > > > > > > > > > > > > artifact checksums > > > > > > > > > > > > > src: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022 > > > > > > > > > > > > > bin: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1 > > > > > > > > > > > > > docker: > > > > > > > > > > > > > 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78 > > > > > > > > > > > > > > > > > > > > > > > > > > Release artifacts are signed with the following > key: > > > > > > > > > > > > > > > https://people.apache.org/keys/committer/jihoonson.asc > > > > > > > > > > > > > > > > > > > > > > > > > > This key and the key of other committers can also > be > > found > > > > > > in the > > > > > > > > > > > project's > > > > > > > > > > > > > KEYS file here: > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/release/druid/KEYS > > > > > > > > > > > > > > > > > > > > > > > > > > (If you are a committer, please feel free to add > > your own > > > > > > key to > > > > > > > > > that > > > > > > > > > > > file > > > > > > > > > > > > > by following the instructions in the file's > header.) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Verify checksums: > > > > > > > > > > > > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz > | > > \ > > > > > > > > > > > > > cut -d ' ' -f1) \ > > > > > > > > > > > > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo) > > > > > > > > > > > > > > > > > > > > > > > > > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz > | > > \ > > > > > > > > > > > > > cut -d ' ' -f1) \ > > > > > > > > > > > > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo) > > > > > > > > > > > > > > > > > > > > > > > > > > Verify signatures: > > > > > > > > > > > > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \ > > > > > > > > > > > > > apache-druid-0.21.0-src.tar.gz > > > > > > > > > > > > > > > > > > > > > > > > > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \ > > > > > > > > > > > > > apache-druid-0.21.0-bin.tar.gz > > > > > > > > > > > > > > > > > > > > > > > > > > Please review the proposed artifacts and vote. Note > > that > > > > > > Apache > > > > > > > > has > > > > > > > > > > > > > specific requirements that must be met before +1 > > binding > > > > > > votes > > > > > > > > can > > > > > > > > > be > > > > > > > > > > > cast > > > > > > > > > > > > > by PMC members. Please refer to the policy at > > > > > > > > > > > > > > > http://www.apache.org/legal/release-policy.html#policy for > > > > > > more > > > > > > > > > > > details. > > > > > > > > > > > > > > > > > > > > > > > > > > As part of the validation process, the release > > artifacts can > > > > > > be > > > > > > > > > > > generated > > > > > > > > > > > > > from source by running: > > > > > > > > > > > > > mvn clean install -Papache-release,dist -Dgpg.skip > > > > > > > > > > > > > > > > > > > > > > > > > > The RAT license check can be run from source by: > > > > > > > > > > > > > mvn apache-rat:check -Prat > > > > > > > > > > > > > > > > > > > > > > > > > > This vote will be open for at least 72 hours. The > > vote will > > > > > > pass > > > > > > > > > if a > > > > > > > > > > > > > majority of at least three +1 PMC votes are cast. > > > > > > > > > > > > > > > > > > > > > > > > > > [ ] +1 Release this package as Apache Druid 0.21.0 > > > > > > > > > > > > > [ ] 0 I don't feel strongly about it, but I'm okay > > with the > > > > > > > > release > > > > > > > > > > > > > [ ] -1 Do not release this package because... > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > > > > > To unsubscribe, e-mail: > > dev-unsubscr...@druid.apache.org > > > > > > > > > > > > > For additional commands, e-mail: > > dev-h...@druid.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > > > To unsubscribe, e-mail: > dev-unsubscr...@druid.apache.org > > > > > > > > > > > For additional commands, e-mail: > > dev-h...@druid.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > > > > > > > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > > > > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > >
