search

kudulab / dojo

Containerize your development and operations environment
Apache License 2.0
296 stars 19 forks source link

Dojo fails to get the correct UID with Docker "Use gRPC FUSE for file sharing" setting turned on #21

Closed aiwatko closed 3 years ago

aiwatko commented 3 years ago

Expected behaviour

olduid == newuid == <id>, nothing to do

Actual behaviour

After installing 2.4.0.0 Docker update, dojo fails to get the correct UID when docker "Use gRPC FUSE for file sharing" setting is turned on:

+ usermod -u 0 dojo
usermod: UID '0' already exists
+ groupmod -g 0 dojo
groupmod: GID '0' already exists

The following Docker issue might be related: https://github.com/docker/for-mac/issues/4959

xmik commented 3 years ago

Hi! Thanks for your time to open this issue. I don't have the solution right now, but I'm going to write what I know.

tomzo commented 3 years ago

This bug is caused by a change in behaviour of the docker volume driver on Macs. The current workaround is to switch back to the old driver by unticking the "Use gRPC FUSE for file sharing".

FUSE driver behaviour

The FUSE driver makes the mounted directory owned by the user that is specified in the -u option to docker run command:

$ docker run -u dojo --volume $PWD:/dojo/work --entrypoint '/bin/bash' -ti kudulab/openjdk-dojo -c "ls -la /dojo/work"
total 4
drwxr-xr-x 2 dojo dojo   64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:20 ..
$ docker run --volume $PWD:/dojo/work --entrypoint '/bin/bash' -ti kudulab/openjdk-dojo -c "ls -la /dojo/work"
total 4
drwxr-xr-x 2 root root   64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:21 ..

osxfs driver behaviour

Previous driver was different. The mounted directory was owned by the user that is running the current process.

$ docker run --volume $PWD:/dojo/work --entrypoint '/bin/bash' -ti kudulab/openjdk-dojo -c bash
root@654102fe528f:/# ls -la /dojo/work
total 4
drwxr-xr-x 2 root root   64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:28 ..
root@654102fe528f:/# su dojo
dojo@654102fe528f(openjdk-dojo):/$ ls -la /dojo/work
total 4
drwxr-xr-x 2 dojo dojo   64 Oct 20 19:20 .
drwxr-xr-x 3 root root 4096 Oct 20 19:28 ..

Next steps

We'll probably have to change the way dojo executes docker run and how we handle the uid/gid problem. Ideally we should find a way which does not break existing images and extends compatibility across platforms.

I'll post more ideas later. Happy to hear other peoples thoughts on this.

tomzo commented 3 years ago

I didn't notice this before. (when ran on Mac with the FUSE driver) Apparently the mounted directory is owned by dojo when entrypoint eventually switches to dojo user:

$ docker run --volume $PWD:/dojo/work -ti kudulab/openjdk-dojo -c "ls -la /dojo/work"
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/variables/50-variables.sh
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/variables/61-java-variables.sh
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/scripts/20-setup-identity.sh
/dojo/identity/.ssh does not exist
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/scripts/50-fix-uid-gid.sh
+ usermod -u 0 dojo
usermod: UID '0' already exists
+ groupmod -g 0 dojo
groupmod: GID '0' already exists
+ chown 0:0 -R /home/dojo
24-10-2020 17:55:15 Dojo entrypoint info: Sourcing: /etc/dojo.d/scripts/90-run-user.sh
24-10-2020 17:55:15 Dojo entrypoint info: dojo init finished (interactive shell)
total 4
drwxr-xr-x 2 dojo dojo   64 Oct 24 17:54 .
drwxr-xr-x 3 root root 4096 Oct 24 17:55 ..

Which means that mounts still have the desired owner like on the legacy driver. It's only the detection of uid/gid ran in fix-uid-gid script that's not working anymore (when ran on Mac with the FUSE driver) - it reads 0 and then chowns the /home/dojo to be owned by root which breaks some images which rely on home.

tomzo commented 3 years ago

This is now fixed in Dojo image scripts version 0.10.2

For anyone running into this problem, there are 2 ways to proceed