chore: upgrade guidance for non-root container change#7048
chore: upgrade guidance for non-root container change#7048jstirnaman merged 10 commits intomasterfrom
Conversation
Vale Style Check Results
Warnings (4)
✅ Check passed |
|
|
Thank you @blegesse-w ! |
jstirnaman
left a comment
jstirnaman
left a comment
There was a problem hiding this comment.
Thanks @blegesse-w! I made some style changes.
I also saw Gary's notice, so we'll keep it in the back pocket for now.
jstirnaman
added
hold off
wdoconnell
left a comment
wdoconnell
left a comment
There was a problem hiding this comment.
Blocking due to release hold. Thank you!
wdoconnell
left a comment
wdoconnell
left a comment
There was a problem hiding this comment.
This is approved for tomorrow's release.
Use semantic line feeds, replace bold text with heading in callouts, explain the root cause (root-owned volumes), and use standard callout syntax for the release notes upgrade notice.
blegesse-w
force-pushed
the
chore/upgrade_guidance_for_non_root_container
branch
from
a442e5c to
2131fe7
Compare
jstirnaman
left a comment
jstirnaman
left a comment
There was a problem hiding this comment.
Just a few nits. I'll get them fixed up and merge it. Thanks!
| > [!Warning] | ||
| > #### Upgrade from Explorer v1.6.x or earlier | ||
| > | ||
| > In v1.7.0+, the Explorer container runs as a non-root user |
There was a problem hiding this comment.
| > In v1.7.0+, the Explorer container runs as a non-root user | |
| > With v1.7.0+, the Explorer container runs as a non-root user |
There was a problem hiding this comment.
Updated in 7224fd4 with the requested wording in the warning callout. Screenshot: https://github.com/user-attachments/assets/528a31a1-292d-431e-a684-fbb9b4cf3b92
| > | ||
| > In v1.7.0+, the Explorer container runs as a non-root user | ||
| > (`influxui`, uid 1500) for improved security. Because earlier versions | ||
| > ran as root, existing mounted volumes are owned by root — and the new |
There was a problem hiding this comment.
| > ran as root, existing mounted volumes are owned by root — and the new | |
| > ran as root, existing mounted volumes are owned by root and the new |
There was a problem hiding this comment.
Applied in 7224fd4 with the suggested root-ownership sentence update. Screenshot: https://github.com/user-attachments/assets/528a31a1-292d-431e-a684-fbb9b4cf3b92
| > ``` | ||
| > | ||
| > To prevent or resolve this error, change ownership of your mounted | ||
| > directories to uid 1500 before you start the container: |
There was a problem hiding this comment.
| > directories to uid 1500 before you start the container: | |
| > directories to uid 1500 before you start the container--for example: |
There was a problem hiding this comment.
Applied in 7224fd4; this now uses the requested phrasing before the example commands. Screenshot: https://github.com/user-attachments/assets/528a31a1-292d-431e-a684-fbb9b4cf3b92
| > [!Important] | ||
| > Without a mounted `./db` directory, application data is lost when the container is deleted. | ||
|
|
||
| > [!Warning] |
There was a problem hiding this comment.
@copilot For lines 216-241, keep a brief warning callout. Make the remainder a regular section for setting file permissions.
There was a problem hiding this comment.
Done in 7224fd4: kept the warning callout brief and moved the rest into a regular “Set file permissions for upgrades” section. Screenshot: https://github.com/user-attachments/assets/528a31a1-292d-431e-a684-fbb9b4cf3b92
| > before you start the container: | ||
| > | ||
| > ```bash | ||
| > sudo chown -R 1500:1500 /path/to/your/db | ||
| > sudo chown -R 1500:1500 /path/to/your/config | ||
| > ``` | ||
| > | ||
| > The container exits with an error message if it detects root-owned | ||
| > files. Fresh installations are unaffected. |
There was a problem hiding this comment.
@copilot Replace the detailed callout with "See" reference to the install page
There was a problem hiding this comment.
Done in 7224fd4: replaced the detailed callout with a concise See-reference to the install page section. Screenshot: https://github.com/user-attachments/assets/bfe00a17-3975-43c2-aa72-ae49debc24e8
Summary
Closes #
Adds documentation for the breaking change in Explorer v1.7.0 where the container now runs as non-root user (uid 1500).
Related: influxdata/influxdb3_ui#1620
Checklist
npx hugo --quiet)Suggested reviewers (click to expand)
Based on files changed, consider requesting review from:
InfluxDB 3
InfluxDB v2 / v1 / Enterprise v1
Other Products
Shared / Cross-Product
/content/shared/