Closed aiwatko closed 3 years ago
Hi! Thanks for your time to open this issue. I don't have the solution right now, but I'm going to write what I know.
This bug is caused by a change in behaviour of the docker volume driver on Macs. The current workaround is to switch back to the old driver by unticking the "Use gRPC FUSE for file sharing".
The FUSE driver makes the mounted directory owned by the user that is specified in the -u
option to docker run
command:
$ docker run -u dojo --volume $PWD:/dojo/work --entrypoint '/bin/bash' -ti kudulab/openjdk-dojo -c "ls -la /dojo/work"
total 4
drwxr-xr-x 2 dojo dojo 64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:20 ..
$ docker run --volume $PWD:/dojo/work --entrypoint '/bin/bash' -ti kudulab/openjdk-dojo -c "ls -la /dojo/work"
total 4
drwxr-xr-x 2 root root 64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:21 ..
Previous driver was different. The mounted directory was owned by the user that is running the current process.
$ docker run --volume $PWD:/dojo/work --entrypoint '/bin/bash' -ti kudulab/openjdk-dojo -c bash
root@654102fe528f:/# ls -la /dojo/work
total 4
drwxr-xr-x 2 root root 64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:28 ..
root@654102fe528f:/# su dojo
dojo@654102fe528f(openjdk-dojo):/$ ls -la /dojo/work
total 4
drwxr-xr-x 2 dojo dojo 64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:28 ..
We'll probably have to change the way dojo executes docker run
and how we handle the uid/gid problem. Ideally we should find a way which does not break existing images and extends compatibility across platforms.
I'll post more ideas later. Happy to hear other peoples thoughts on this.
I didn't notice this before. (when ran on Mac with the FUSE driver) Apparently the mounted directory is owned by dojo when entrypoint eventually switches to dojo user:
$ docker run --volume $PWD:/dojo/work -ti kudulab/openjdk-dojo -c "ls -la /dojo/work"
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/variables/50-variables.sh
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/variables/61-java-variables.sh
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/scripts/20-setup-identity.sh
/dojo/identity/.ssh does not exist
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/scripts/50-fix-uid-gid.sh
+ usermod -u 0 dojo
usermod: UID '0' already exists
+ groupmod -g 0 dojo
groupmod: GID '0' already exists
+ chown 0:0 -R /home/dojo
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/scripts/90-run-user.sh
24-10-2020 17:55:15 Dojo entrypoint info: dojo init finished (interactive shell)
total 4
drwxr-xr-x 2 dojo dojo 64 Oct 24 17:54 .
drwxr-xr-x 3 root root 4096 Oct 24 17:55 ..
Which means that mounts still have the desired owner like on the legacy driver. It's only the detection of uid/gid ran in fix-uid-gid script that's not working anymore (when ran on Mac with the FUSE driver) - it reads 0 and then chowns the /home/dojo to be owned by root which breaks some images which rely on home.
This is now fixed in Dojo image scripts version 0.10.2
For anyone running into this problem, there are 2 ways to proceed
Expected behaviour
olduid == newuid == <id>, nothing to do
Actual behaviour
After installing 2.4.0.0 Docker update, dojo fails to get the correct UID when docker "Use gRPC FUSE for file sharing" setting is turned on:
The following Docker issue might be related: https://github.com/docker/for-mac/issues/4959