I have a charm that currently runs a daemon as a specific user.
The daemon writes out config files that could be shared across a cluster, and using juju storage for this would be ideal, especially as the shared config includes certificates etc that should not diverge across units of the app.
However, from what I can see, if I specify storage of type “filesystem”, it’s always owned by root/root and the daemon would not be able to write to it. My testing is limited to LXD so far.
Rather than run the daemon as root, is there a way to get juju to mount the storage with specific user/group ownership?
There’s currently no way to mount as anything other than root.
The juju agent simply runs “mount /devicepath /mountpoint” optionally with “-o ro” for readonly if needed.
Feel free to raise a bug as an enhancement request. I would imagine it would be done by setting up a storage pool with user/group as attributes.
I ended up cheating and just doing the following at the beginning of the config changed event handler:
# Ensure certificates and dynamic config storage is writable.
storage = self.model.storages['config'][0]
if os.path.exists(storage.location):
cmd = ['chown', '-R', 'caddy:caddy', storage.location]
subprocess.check_call(cmd)
self._stored.storage = f'{storage.location}'
else:
self._stored.storage = self.DEFAULT_STORAGE_PATH
Seems to work, Caddy is then able to write to the dedicated storage path once I later add the expected storage config entry to its config file and restart or reload the service.
