search

kudulab / dojo

Containerize your development and operations environment
Apache License 2.0
296 stars 19 forks source link

Mac OSX support #8

Closed tomzo closed 4 years ago

tomzo commented 5 years ago

We should provide the same experience on Mac as on Linux. Currently most of dojo images won't work because of fix-uid-gid scripts trying to work around the mapping. This is caused by osx driver trying to be smart about ownership of the mounted volumes.

osxfs docker driver behaviour

Basically the current user in the container always owns the mounted volume.

This snippet illustrates the problem:

Tomaszs-MacBook-Pro:code tomzo$ mkdir sandbox
Tomaszs-MacBook-Pro:code tomzo$ cd sandbox/
Tomaszs-MacBook-Pro:sandbox tomzo$ touch example.txt
Tomaszs-MacBook-Pro:sandbox tomzo$ docker run -ti -v $(pwd):/test openjdk:8u212 bash
root@ab58926a5f07:/# ls /test -la
total 4
drwxr-xr-x 3 root root   96 Sep 12 15:10 .
drwxr-xr-x 1 root root 4096 Sep 12 15:10 ..
-rw-r--r-- 1 root root    0 Sep 12 15:10 example.txt
root@ab58926a5f07:/# useradd dojo
root@ab58926a5f07:/# su dojo
$ ls -la /test  
total 4
drwxr-xr-x 3 dojo dojo   96 Sep 12 15:10 .
drwxr-xr-x 1 root root 4096 Sep 12 15:10 ..
-rw-r--r-- 1 dojo dojo    0 Sep 12 15:10 example.txt
$

More detailed explanation - https://stackoverflow.com/questions/43097341/docker-on-macosx-does-not-translate-file-ownership-correctly-in-volumes

Current problem

Dojo by design has to ensure that /home/dojo and /dojo/work is owned by the current user. Since /dojo/work is a mount, on a Mac, this will be owned by current user automagically. So there is only /home/dojo to take care of. Currently, as part of entrypoint setup, fix-uid-gid scripts (running as root) would read uid/gid of the /dojo/work (getting 0/0), then create and chown files in /home/dojo. This results in home files owned by the root.

Solutions?

We need a way to handle this, ideally without a big IF Linux/Mac then.

xmik commented 5 years ago

Thanks for opening this issue. Your solution in this commit looks good. I think it would be nice to also add a comment, in that file 50-fix-uid-gid.sh, explaining why we need to check uid and gid as another user.

We also have to add a test on Mac OSX.

tomzo commented 5 years ago

In order to support OSX, for all the public images we will need them to use 0.6.0 version of dojo in the image scripts.

xmik commented 5 years ago

Nice that you have clearly stated that. Have you tested any dojo docker image on Mac? There is kudulab/ansible-dojo:1.1.0 with dojo scripts 0.6.0.

tomzo commented 4 years ago

OSX experience is good since Dojo 0.6.0