AgentDVR does not seem to respect Docker PUID/PGID

[Orange-418]

After composing the container, AgentDVR service does not appear to respect the PUID=1000 PGID=1000 announced in the docker-compose (or cli).

It appears to save files as root onto the shared volumes regardless, and does not even create a corresponding user inside the container.

This can be worked around by manually creating the group and user in the Dockerfile, and then forcing the container to use it in the composition commands as follows:

# Bottom of Dockerfile in latest-image-builder

RUN groupadd -f -g 1000 agentdvr && \
    useradd -m -d /home/agentdvr -s /bin/bash -g 1000 -u 1000 agentdvr || true && \
    chown -R agentdvr:agentdvr /AgentDVR && \
    chmod 777 -R /AgentDVR

# Corresponding docker-compose.yml file
---
services:
  ispyagentdvr:
    image: mekayelanik/ispyagentdvr:latest
    container_name: ispyagentdvr
    user: "1000:1000"
    environment:
      - PUID=1000
      - PGID=1000
      - WEBUI_PORT=8090 
      - TZ=Asia/Dhaka
    volumes:
      - /path/to/config:/AgentDVR/Media/XML
      - /path/to/recordings:/AgentDVR/Media/WebServerRoot/Media
      - /path/to/commands:/AgentDVR/Commands
    ports:
      - 8090:8090
      - 3478:3478/udp
      - 50000-50010:50000-50010/udp
    restart: unless-stopped

[Orange-418]

There may be a better way, but I'm not presently skilled enough to perform it, if there is.

[MekayelAnik]

Thank you for submitting the issue. The issue is true & I am aware about it. Currently I don't have the time to fix this but it's in the todo list for very near future. As soon as I resolve this issue, I will let you know.

Regards

[Orange-418]

Thanks for confirming I’m not going crazy haha. I have some time coming up soon, I’ll see if there’s more I can do to lend a hand towards it.

Appreciate all you do, your repositories have been a huge help to me.

[Orange-418]

I created a fix, ran it locally with no problems, file writes outside the container were written as correct user afterwards. Created a pull request.

[MekayelAnik]

@Orange-418 You have done a great job, much better than what I could have done. Thank you for your kind Contribution I have added your fix to the repo. The changes will be reflected on the AgentDVR v5.3.7.0, which will be rolled out within few hours.

Regards

[MekayelAnik]

@Orange-418 A new issue have arisen. The new user 'agentdvr' is unable to use the GPU encode/decode. This will create a huge chaos in the current deployments, in which they are using GPU Accelerated Encode/Decode. Won't be rolling this out in v5.3.7.0. Sorry. I have to make this ok for GPU access or if you have a something in mind, please share. You can check the current state in puid-pgid-bug-fix

[MekayelAnik]

After more than 6 hours of Debug+testing+pulling out quite a bit my hair, Alhamdulillah!!! all is working after a mere chmod 0666 /dev/dri/renderD128

Thanks for your great help. Next image will have the FIX. A credit is also given to u in the code. Regards

[Orange-418]

Haha, you updated this as I was about to suggest a fix. Another possible solution may be:

changing this portion

if id "agentdvr" &>/dev/null; then
    # Switch to agentdvr and execute the Agent binary
    chown -R agentdvr:agentdvr '/AgentDVR'
    su -m agentdvr -c '/AgentDVR/Agent'

to:

if id "agentdvr" &>/dev/null; then
    # Switch to agentdvr and execute the Agent binary
    chown -R agentdvr:agentdvr '/AgentDVR'
    groupadd -g 44 render
    usermod -a -G video,render agentdvr
    chown render:render /dev/dri/renderD128
    su -m agentdvr -c '/AgentDVR/Agent'

Similar to your fix. This would give agentdvr user access to the appropriate /dev/dri objects, and create a render group which reflects base OS, and adds user to that as well.

[Orange-418]

After more than 6 hours of Debug+testing+pulling out quite a bit my hair, Alhamdulillah!!! all is working after a mere chmod 0666 /dev/dri/renderD128

Thanks for your great help. Next image will have the FIX. A credit is also given to u in the code. Regards

Really appreciate the credit! I'm a college student so it helps with my portfolio!

If you run into additional problems down the line, please consider the fix I placed above, it may help since it assigns agentdvr to the video group who owns other objects in the dev/dri other than renderD128

[MekayelAnik]

@Orange-418 Many many thanks for your further suggestions. But it can't be done, at least on my case as the GID of group video in my machine is 44 & I had added agentdvr user to the video group already, but no luck. The solution had to be robust enough, so no matter which machine is the host, everything goes smoothly (at least hypothetically). I have done some further yet very simple tweeks (haven't committed yet, but u can have a peek of that in the latest image which is deployed today), so that all the possible GPUs present in the system under /dev/dir can be accessed. Thank you for your time and effort. If you face any other issues, you are more than welcome to contribute. 😁 Btw, I'm student too. Regards