Is docker-compose AIRFLOW_UID env variable confusing?

[bsdz]

Hi

I've been tinkering around with the docker-compose instructions here.

While customising the compose file (to support adding the airflow user to a docker group to allow access to /var/run/docker.sock) I became a little confused with the compose file's AIRFLOW_UID environment variable. The name suggests it's the UID for the "airflow" user within the containers. However, that's not possible as AIRFLOW_UID is set as a build argument for the upstream image on dockerhub.

What appears to happen instead is the USER Dockerfile instruction is overridden & a new "default" user is added to passwd file using the environment variable AIRFLOW_UID.

For example, see script below:

foo@host:~/airflow-compose-test$ curl -LfO 'https://airflow.apache.org/docs/apache-airflow/2.0.2/docker-compose.yaml'
foo@host:~/airflow-compose-test$ mkdir ./dags ./logs ./plugins
foo@host:~/airflow-compose-test$ echo -e "AIRFLOW_UID=$(id -u)\nAIRFLOW_GID=0" > .env
foo@host:~/airflow-compose-test$ cat .env 
AIRFLOW_UID=1000
AIRFLOW_GID=0
foo@host:~/airflow-compose-test$ docker-compose up airflow-init
...
airflow-init_1       | Admin user airflow created
airflow-init_1       | 2.0.2
airflow-compose-test_airflow-init_1 exited with code 0
foo@host:~/airflow-compose-test$ docker-compose run airflow-worker bash
Creating airflow-compose-test_airflow-worker_run ... done
BACKEND=postgresql+psycopg2
DB_HOST=postgres
DB_PORT=5432

default@a380ba45b47f:/opt/airflow$ id
uid=1000(default) gid=0(root) groups=0(root)
default@a380ba45b47f:/opt/airflow$ cat /etc/passwd
...
airflow:x:50000:0:,,,:/home/airflow:/bin/bash
default:x:1000:0:default user:/home/airflow:/sbin/nologin
default@a380ba45b47f:/opt/airflow$ groups
root

Is that intentional? If it is, would it perhaps be better to rename AIRFLOW_UID in the docker-compose to another name like AIRFLOW_HOST_UID or better? Admittedly, I might be missing something too.

Kind regs
Blair

[potiuk]

Yes. It is intentional. It is to allow to run arbitrary UID to run the image and make it OpenShift compatible. It is expleined in detain in the documentation https://airflow.apache.org/docs/docker-stack/entrypoint.html#allowing-arbitrary-user-to-run-the-container

[bsdz]

In any case, thanks for your reply. Here's a picture that hopefully makes what I find confusing clearer to you..

Ok. I willl make a proposal of PR to explain it better then. I will ask you to review and see if this explains better and removes the confusion

Cool.

[bsdz]

Regarding your reply to my 4th point: "i have completely no influence on what feelings my words cause". You clearly do have influence on what feelings your words cause; after all, you choose what words you use and how to put them together.

Your feelings are yours, not mine. My intentions were clear, if you mistunderstood them, apologies (again) but again, I have no influence on your feelings. There are some cultural and personal differences, and different people have different sensitivity. How other people will react on your words (especially written and when you do not know them) is something totally out of your control or knowledge).

Usually when someone apologises for unintentional misunderstanding of their words, and explains what the intentions are, that ends the discussion and there is no need to call it out again, - "assume best intentions" is important in the community.

No worries

[potiuk]

PR Created: #15592 -> Pls take a look, if this is fess confusing. Please note that there is a "suggest" button so you might directly add suggestions if you want to make a suggestion.

[potiuk]

@bsdz -> is the new description in #15592 clearer? Does it remove all the confusion? Any more points to add ?

[bsdz]

Yes, I added a suggestion. Forgot to press submit-review button yesterday. Thanks.