1

I am trying to start kafka inside a container via podman-compose. I am using /opt/kafka/kafka_2.12-2.4.1/bin/kafka-server-start.sh which is fine. However, I am mounting a directory that contains the properties file /home/vagrant/repos/kafkazookeeper/config:/home/kafka/config. Right now, this properties file has owner/group permissions of nobody/nobody. On the host, the kafka user is kafka:x:1001:1001::/home/kafka:/bin/bash but in the container, the kafka user is kafka:x:1000:0::/opt/kafka/:/bin/bash

I've tried using --uidmap 1001:kafka in the docker-compose.yaml but that didn't work. Any thoughts are greatly appreciated.

user9538117
  • 27
  • 4

1 Answers1

3

I would highly recommend reading this article: https://www.redhat.com/sysadmin/rootless-podman-makes-sense

Users and their UIDs in a container get mapped onto a different set of users and UIDs on the host. This is controlled by /etc/subuid and /etc/subgid and you can see the actual mappings when you run podman unshare cat /proc/self/uid_map.

If you run the container under the kafka user on the host, the kafka user is going to be mapped to root inside the container. You cannot map the kafka user inside the container to the kafka user outside the container because root is already mapped to it and you can't map two different UIDs in the container to a single one on the host.

I think you can either set the permissions on the config files to be readable by everybody. Or you can create another user on the host, map it to the kafka user inside the container using --uidmap and then use the newly created user to control the configuration.

Eduard Semsch
  • 59
  • 7