Open marcalff opened 3 days ago
I believe the following documentation explains how to set up an environment similar to the one you’re describing. Please let me know if it doesn’t work for you. Thanks!
https://github.com/open-telemetry/weaver/blob/main/docs/docker-guide.md
Bonjour Laurent.
I also tried using:
-u $(id -u ${USER}):$(id -g ${USER})
but the docker image still wrote files with a different user, this did not work.
My UID:GID is 1000:1000 locally, the docker image creates files with 100999:100999, even when invoking docker with --user 1000:1000.
The doc also mention:
--mount 'type=bind,source=$(HOME)/.weaver,target=/tmp/weaver/.weaver' \
--mount 'type=bind,source=$(PWD)/templates,target=/home/weaver/templates,readonly' \
--mount 'type=bind,source=$(PWD)/src,target=/home/weaver/target' \
This does not work for SELinux, which is why I used:
-v ${SCRIPT_DIR}/semantic-conventions/model:/source${USE_MOUNT_OPTION} \
with USE_MOUNT_OPTION being :z
Bonjour Marc! Let me loop in @jsuereth on this thread. I recall him mentioning a workaround for SELinux, but I don’t remember the exact trick.
The SELinux part is solved, I mentioned it because what is in the doc does not work for SELinux.
To clarify, I am using podman
instead of docker
.
Running with:
podman --user 0:0 ...
actually creates files using my own local account (malff, 1000:1000), without the need to use chmod.
[malff@malff-desktop ~]$ which docker
/usr/bin/docker
[malff@malff-desktop ~]$ docker --version
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
podman version 4.9.4-rhel
I think we will update the docs to have recommendations for SELinux users. I didn't include them earlier because the :z
option on -v
volume mounts came with a load of caveats and concerning comments in docker docs, but I believe it's the ONLY option to support SELinux today. I found a still-open issue to that effect on Docker itself.
Thanks for calling this out!
Thanks @jsuereth
I was affected by 2 issues:
-v
with :z
, as you mentioned,--user ${UID}::${GID}
does not work, I had to use --user 0:0
instead.I am mostly concerned about the second, because I do not know how to write a script that will work for both docker and podman, to be checked in the opentelemetry-cpp repository.
I am trying to migrate opentelemetry-cpp to use weaver.
To do this, I am using the docker image, and looked at the scripts used in opentelemetry-rust as an example.
Using this:
I get:
This is because the docker command can not write to the
${ROOT_DIR}/wip/attributes
directory, which is owned by my user account (malff
).Doing a chmod to allow everyone to write there allows files to be written, but then they have a different ownership.
When using the docker image for build-tools, the image did write files owned by my own account, and I did not have to open permissions or to adjust file ownership, it just worked.
I am NOT willing to add a
chmod o+w
just to make the script pass, so this is blocking.How can I use weaver with docker, to generate files with the proper file ownership ?