Handle USB drive mounts

[mzur]

The Biigle OTS Docker containers mount the /media/biigle directory in which USB drive mounts are created. However, if an USB drive is mounted while the container is running, it shows up with 0700 permissions and belonging to root (although it has 0777 permissions and belongs to biigle on the host machine). Only if the containers are restarted the permissions are set correctly.

See if this can be fixed. Maybe related: issue

A workaround might be to restart the containers whenever a new USB device is connected.

[mzur]

I haven't found a way to properly set the permissions in the container. I asked a question at Serverfault, maybe somebody knows more there.

Furthermore I didn't find a way to restart BIIGLE whenever a USB drive is connected. There is udev which can run a script whenever a new device appears but this runs before the drive is mounted. You can also create a systemd service that runs a script whenever a new mount is created but this can be done only for a single specific device (name).

[mzur]

I think the restart after a USB drive is connected is the way to go. We only have to restart the app and worker containers, too. Investigate the systemd solution some more.

[mzur]

I was able to implement the automatic restart as a systemd service on the BIIGLE laptop. I created the file /etc/systemd/system/biigle-restart-usb.service:

[Unit]
Description=Restart BIIGLE whenever a USB drive is inserted

[Service]
Type=oneshot
WorkingDirectory=/home/biigle/app
ExecStart=/usr/local/bin/docker-compose restart web app worker

Comments:

• The WorkingDirectory must be the directory of the docker-compose.yaml.
• The web Docker service is also restarted because else it sometimes looses the connection to app and responds with "Bad Gateway".

Then I created the file /etc/systemd/system/biigle-restart-usb.path:

[Unit]
Description=Restart BIIGLE whenever a USB disk is inserted

[Path]
PathChanged=/media/biigle

[Install]
WantedBy=multi-user.target

The service is enabled with sudo systemctl enable biigle-restart-usb.path and subsequent sudo systemctl daemon-reload.

This service will run whenever a USB disk is inserted or the permissions of a mounted drive are changed (on startup/login).

Caveats

• BIIGLE is also restarted when a USB drive is removed which is not necessary. But systemd has no mechanism to check which event triggered the PathChanged.

• Users of the BIIGLE laptop have to log in before they insert a new USB drive. Even if they just start the laptop and the drive is already plugged in, they have to log in once.

[mzur]

The Jetson did not have an automount configuration like the laptop. But I was able to implement a similar restart meachanism using usbmount. Install usbmount with sudo apt install usbmount. Then configure it in /etc/usbmount/usbmount.conf like this:

# Configuration file for the usbmount package, which mounts removable
# storage devices when they are plugged in and unmounts them when they
# are removed.

# Change to zero to disable usbmount
ENABLED=1

# Mountpoints: These directories are eligible as mointpoints for
# removable storage devices.  A newly plugged in device is mounted on
# the first directory in this list that exists and on which nothing is
# mounted yet.
MOUNTPOINTS="/media/usb0 /media/usb1"

# Filesystem types: removable storage devices are only mounted if they
# contain a filesystem type which is in this list.
FILESYSTEMS="ntfs-3g vfat ext2 ext3 ext4 hfsplus"

#############################################################################
# WARNING!                                                                  #
#                                                                           #
# The "sync" option may not be a good choice to use with flash drives, as   #
# it forces a greater amount of writing operating on the drive. This makes  #
# the writing speed considerably lower and also leads to a faster wear out  #
# of the disk.                                                              #
#                                                                           #
# If you omit it, don't forget to use the command "sync" to synchronize the #
# data on your disk before removing the drive or you may experience data    #
# loss.                                                                     #
#                                                                           #
# It is highly recommended that you use the pumount command (as a regular   #
# user) before unplugging the device. It makes calling the "sync" command   #
# and mounting with the sync option unnecessary---this is similar to other  #
# operating system's "safely disconnect the device" option.                 #
#############################################################################
# Mount options: Options passed to the mount command with the -o flag.
# See the warning above regarding removing "sync" from the options.
MOUNTOPTIONS="sync,noexec,nodev,noatime,nodiratime"

# Filesystem type specific mount options: This variable contains a space
# separated list of strings, each which the form "-fstype=TYPE,OPTIONS".
#
# If a filesystem with a type listed here is mounted, the corresponding
# options are appended to those specificed in the MOUNTOPTIONS variable.
#
# For example, "-fstype=vfat,gid=floppy,dmask=0007,fmask=0117" would add
# the options "gid=floppy,dmask=0007,fmask=0117" when a vfat filesystem
# is mounted.
FS_MOUNTOPTIONS="-fstype=vfat,uid=nvidia,gid=nvidia"

# If set to "yes", more information will be logged via the syslog
# facility.
VERBOSE=no

Comments:

• I removed a few mountpoints from MOUNTPOINTS and deleted their directories that were created during install. The Jetson has only two USB slots.
• I added ntfs-3g to FILESYSTEMS.
• I set FS_MOUNTOPTIONS so vfat drives are mounted for the nvidia user who also runs the Docker containers.

Then I added the hook /etc/usbmount/mount.d/99_restart_biigle:

#!/bin/sh

cd /home/nvidia/biigle
docker-compose restart web app worker

I disabled the restart for now by making 99_restart_biigle non-executable.

[mzur]

Interestingly, mounts created by usbmount did not show up in the Docker container at all (belonging to root or otherwise). Maybe this is caused by the older version of Docker Compose that runs on the Jetson (the one from the PPA as no other version is available for ARM). This version only supports the simple volume configuration for a service (e.g. /media:/media).

This makes sense in context of what I read about mount points and Docker so far. A new mount is created in the namespace of the host machine and therefore does not show up in the container. But why does it show up in the container on the Laptop then? I have no idea.

I'll close this as resolved. I don't believe there is a better solution than to restart the containers. Maybe I run across some better solution to restart the containers which resolves the caveats sometime.

[mzur]

See this comment for the new repository of the Jetson configuration.