search

lando / lagoon

The Official Lagoon Lando Plugin
https://docs.lando.dev/lagoon
GNU General Public License v3.0
2 stars 4 forks source link

Lando changes uid/gid of the solr user, causing lando restart to fail #79

Open tobybellwood opened 6 days ago

tobybellwood commented 6 days ago

You can see here, in this example that the /tmp/ready file (part of the lagoon entrypoints has been created by the solr user (uid:8983 and gid:8983) - but by the time the pod is running, the solr user is now 1000:1000 - and no longer has access to the file/folders created in the entrypoint/startup.

This means that any subsequent lando restarts fail at the entrypoint not being writable by the new solr user. Even when the entrypoint is bypassed (by run_as_root rm /tmp/ready) solr failed to start because of folder access permissions.

Do you have any idea why this uid/gid rewriting is being done - is there some lando-ism I'm missing?

Here are some vitals:

 NAME      drupal-solr                                        
 LOCATION  /home/tobybellwood/sites/drupal9-solr              
 SERVICES  cli, nginx, php, mariadb, solr, mailhog, lagooncli 
 URLS                                                         
  ✔ NGINX URLS
    ✔ http://localhost:32774 [302]
    ✔ http://nginx.drupal-solr.lndo.site:8000/ [302]
    ✔ https://nginx.drupal-solr.lndo.site:444/ [302]
    ✔ http://drupal-solr.lndo.site:8000/ [302]
    ✔ https://drupal-solr.lndo.site:444/ [302]
  ✔ SOLR URLS
    ✔ http://localhost:32773 [302]
  ✔ MAILHOG URLS
    ✔ http://localhost:32771 [200]
    ✔ http://inbox.drupal-solr.lndo.site:8000/ [200]

tobybellwood@pop-os:~/sites/drupal9-solr$ lando ssh -s solr
[drupal-solr]solr:/app$ ls -al /tmp/ready
-rw-rw-r-- 1 8983 8983 0 Jun 27 05:31 /tmp/ready
[drupal-solr]solr:/app$ ls -al /var/solr
ls: cannot open directory '/var/solr': Permission denied
[drupal-solr]solr:/app$ ls -al /var | grep solr
drwxrwx--- 5 8983  8983 4096 Jun 27 05:31 solr
[drupal-solr]solr:/app$ whoami
solr
[drupal-solr]solr:/app$ id
uid=1000(solr) gid=1000(solr) groups=1000(solr)

I've also replicated this in our varnish example - as this is another service that uses a named user

reynoldsalec commented 6 days ago

@tobybellwood Lando maps the host user's uid/gid onto the container user, see https://github.com/lando/core/blob/main/scripts/user-perms.sh#L94 and the associated helper . Typically that should mean uid/gid is 501 on a Mac.

My guess is that, in this case, the /tmp/ready file is being created before that mapping occurs.

@pirog you have any suggestions on how to sidestep this issue on Lando 3 services?