Permissions error when running in Linux pipeline

sqitchers / docker-sqitch

Docker Image packaging for Sqitch

MIT License

35 stars 39 forks source link

Permissions error when running in Linux pipeline #25

Closed mattstobbs closed 4 years ago

mattstobbs commented 4 years ago

I am attempting to build a pipeline using Azure Devops to deploy my Sqitch scripts. The scripts work locally on my windows machine but when running in the pipeline, when the docker-sqitch.sh file is in the ubuntu pipeline, I get the error:

[Errno 13] Permission denied: '/var/.snowsql'

Any help would be appreciated.

theory commented 4 years ago

You might want to comment out where the script mounts the home directory, since it seems like it doesn't have permission to access it on Azure.

mattstobbs commented 4 years ago

Would it need to be replaced with anything else? Just commenting out that line gives the same error (although with more of a stack trace):

/home/vsts/work/_temp/cafcc5ac-9f28-4d71-8b2c-d981aff135ef.sh: line 65: snowsql: command not found Adding registry tables to db:snowflake://*** [Errno 13] Permission denied: '/home/.snowsql' Traceback (most recent call last): File "snowflake/cli/common/config.py", line 71, in write_default_config File "os.py", line 220, in makedirs PermissionError: [Errno 13] Permission denied: '/home/.snowsql' Traceback (most recent call last): File "bootstrap.py", line 1109, in File "click/core.py", line 722, in call File "click/core.py", line 697, in main File "click/core.py", line 895, in invoke File "click/core.py", line 535, in invoke File "bootstrap.py", line 330, in run File "snowflake/cli/common/util_cli.py", line 566, in initialize_logging File "os.py", line 220, in makedirs PermissionError: [Errno 13] Permission denied: '/home/.snowsql' [14] Failed to execute script bootstrap "snowsql" unexpectedly returned exit value 255

mattstobbs commented 4 years ago

Was able to resolve this by running with sudo and manually passing in the required environment variables (e.g. sudo SNOWSQL_ACCOUNT=$SNOWSQL_ACCOUNT SQITCH_IMAGE=$SQITCH_IMAGE...).

I also needed to remove the -it flag, as that gave us the error "The input device is not a TTY".

Thanks for your help and speedy response @theory! 😁

theory commented 4 years ago

I was going to suggest using sudo, though you might also get it to work without sudo by changing the script to have the docker image always run as root:

diff --git a/docker-sqitch.sh b/docker-sqitch.sh
index fe3f453..006c30c 100755
--- a/docker-sqitch.sh
+++ b/docker-sqitch.sh
@@ -47,15 +47,12 @@ do
 done

 # Determine the name of the container home directory.
-homedst=/home
-if [ $(id -u ${user}) -eq 0 ]; then
-    homedst=/root
-fi
+homedst=/root
 # Set HOME, since the user ID likely won't be the same as for the sqitch user.
 passopt+=(-e "HOME=${homedst}")

 # Run the container with the current and home directories mounted.
-docker run -it --rm --network host \
+docker run -u 0 --rm --network host \
     --mount "type=bind,src=$(pwd),dst=/repo" \
     --mount "type=bind,src=$HOME,dst=$homedst" \
     "${passopt[@]}" "$SQITCH_IMAGE" "$@"