chore: Update the Airflow entrypoint script and remove the UID & GID check

CHANGELOG.md

@@ -69,6 +69,7 @@ All notable changes to this project will be documented in this file.
 - containerdebug updated to 0.2.0 ([#1128])
 - Build Hadoop as `stackable` and configure the Stackable Nexus build-repo for the `root` user ([#1133])
 - patchable: The base branch is now configured as the git upstream branch ([#1131]).
+- airflow: Updates the entrypoint script and removes the check for GID == 0 ([#1138])
 
 ### Fixed
 
@@ -158,6 +159,7 @@ All notable changes to this project will be documented in this file.
 [#1131]: https://github.com/stackabletech/docker-images/pull/1131
 [#1133]: https://github.com/stackabletech/docker-images/pull/1133
 [#1137]: https://github.com/stackabletech/docker-images/pull/1137
+[#1138]: https://github.com/stackabletech/docker-images/pull/1138
 
 ## [25.3.0] - 2025-03-21
 

airflow/stackable/utils/entrypoint.sh

@@ -19,9 +19,9 @@
 
 # Stackable notes:
 # Source of this file is the upstream Apache Airflow project
-# https://github.com/apache/airflow/blob/main/scripts/docker/entrypoint_prod.sh
-# It was last synced from the upstream repo on 2023-07-31 and is up-to-date as of commit 86193f5
-
+# https://github.com/apache/airflow/blob/dc271d0c604ca1836ee4f943726b2d436547700f/scripts/docker/entrypoint_prod.sh
+# It was last synced from the upstream repo on 2025-06-01 and is up-to-date as of commit dc271d0c604ca1836ee4f943726b2d436547700f
+# Changes we made are denoted with a comment "STACKABLE PATCH BEGIN" and # STACKABLE PATCH END
 
 AIRFLOW_COMMAND="${1:-}"
 
@@ -34,9 +34,12 @@ set -euo pipefail
 # The side effect of this is slightly (in the range of 100s of milliseconds) slower load for any
 # binary started and a little memory used for Heap allocated by initialization of libstdc++
 # This overhead is not happening for binaries that already link dynamically libstdc++
+
+# STACKABLE PATCH BEGIN
+# The path to this file is different on UBI
 # LD_PRELOAD="/usr/lib/$(uname -m)-linux-gnu/libstdc++.so.6"
-# Stackable: The path to this file is different on UBI
 LD_PRELOAD=/usr/lib64/libstdc++.so.6
+# STACKABLE PATCH END
 export LD_PRELOAD
 
 function run_check_with_retries {
@@ -161,13 +164,17 @@ function create_www_user() {
         exit 1
     fi
 
-    airflow users create \
-       --username "${_AIRFLOW_WWW_USER_USERNAME="admin"}" \
-       --firstname "${_AIRFLOW_WWW_USER_FIRSTNAME="Airflow"}" \
-       --lastname "${_AIRFLOW_WWW_USER_LASTNAME="Admin"}" \
-       --email "${_AIRFLOW_WWW_USER_EMAIL="airflowadmin@example.com"}" \
-       --role "${_AIRFLOW_WWW_USER_ROLE="Admin"}" \
-       --password "${local_password}" || true
+    if airflow config get-value core auth_manager | grep -q "FabAuthManager"; then
+        airflow users create \
+           --username "${_AIRFLOW_WWW_USER_USERNAME="admin"}" \
+           --firstname "${_AIRFLOW_WWW_USER_FIRSTNAME="Airflow"}" \
+           --lastname "${_AIRFLOW_WWW_USER_LASTNAME="Admin"}" \
+           --email "${_AIRFLOW_WWW_USER_EMAIL="airflowadmin@example.com"}" \
+           --role "${_AIRFLOW_WWW_USER_ROLE="Admin"}" \
+           --password "${local_password}" || true
+    else
+        echo "Skipping user creation as auth manager different from Fab is used"
+    fi
 }
 
 function create_system_user_if_missing() {
@@ -193,7 +200,7 @@ function set_pythonpath_for_root_user() {
     # Now also adds applications installed as local user "airflow".
     if [[ $UID == "0" ]]; then
         local python_major_minor
-        python_major_minor="$(python --version | cut -d " " -f 2 | cut -d "." -f 1-2)"
+        python_major_minor=$(python -c 'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}")')
         export PYTHONPATH="${AIRFLOW_USER_HOME_DIR}/.local/lib/python${python_major_minor}/site-packages:${PYTHONPATH:-}"
         >&2 echo "The container is run as root user. For security, consider using a regular user account."
     fi
@@ -204,9 +211,9 @@ function wait_for_airflow_db() {
     run_check_with_retries "airflow db check"
 }
 
-function upgrade_db() {
-    # Runs airflow db upgrade
-    airflow db upgrade || true
+function migrate_db() {
+    # Runs airflow db migrate
+    airflow db migrate || true
 }
 
 function wait_for_celery_broker() {
@@ -272,7 +279,10 @@ function check_uid_gid() {
 # not set when PIP is run by Airflow later on
 unset PIP_USER
 
-check_uid_gid
+# STACKABLE PATCH BEGIN
+# Disable check for uid & gid (https://github.com/stackabletech/issues/issues/645)
+# check_uid_gid
+# STACKABLE PATCH END
 
 # Set umask to 0002 to make all the directories created by the current user group-writeable
 # This allows the same directories to be writeable for any arbitrary user the image will be
@@ -292,8 +302,12 @@ if [[ "${CONNECTION_CHECK_MAX_COUNT}" -gt "0" ]]; then
     wait_for_airflow_db
 fi
 
+if [[ -n "${_AIRFLOW_DB_UPGRADE=}" ]] || [[ -n "${_AIRFLOW_DB_MIGRATE=}" ]] ; then
+    migrate_db
+fi
+
 if [[ -n "${_AIRFLOW_DB_UPGRADE=}" ]] ; then
-    upgrade_db
+    >&2 echo "WARNING: Environment variable '_AIRFLOW_DB_UPGRADE' is deprecated please use '_AIRFLOW_DB_MIGRATE' instead"
 fi
 
 if [[ -n "${_AIRFLOW_WWW_USER_CREATE=}" ]] ; then
@@ -310,10 +324,13 @@ if [[ -n "${_PIP_ADDITIONAL_REQUIREMENTS=}" ]] ; then
     >&2 echo "         https://airflow.apache.org/docs/docker-stack/build.html"
     >&2 echo
     >&2 echo "         Adding requirements at container startup is fragile and is done every time"
-    >&2 echo "         the container starts, so it is onlny useful for testing and trying out"
+    >&2 echo "         the container starts, so it is only useful for testing and trying out"
     >&2 echo "         of adding dependencies."
     >&2 echo
-    pip install --root-user-action ignore --no-cache-dir "${_PIP_ADDITIONAL_REQUIREMENTS}"
+    # STACKABLE PATCH BEGIN
+    # Add double quotes to silence Shellcheck warning SC2086
+    pip install --root-user-action ignore "${_PIP_ADDITIONAL_REQUIREMENTS}"
+    # STACKABLE PATCH END
 fi