Running vagga in docker for mac

[tailhook]

Assuming you have a docker set up, you can run vagga in docker with the following command-line:

docker run --volume=$(pwd):/work --workdir=/work --privileged \
    -i -t --rm tailhook/vagga:latest \
    /vagga/bin/vagga --ignore-owner-check command

To make it easier to use, you should add the alias to your ~/.bashrc:

alias vagga='docker run --volume=$(pwd):/work --workdir=/work --privileged \
    -i -t --rm tailhook/vagga:latest \
    /vagga/bin/vagga --ignore-owner-check'

Then you can run vagga just by running as always:

vagga command

However, this will probably not work in docker for the following reasons (simiarly to vagrant issues):

1. [ ] Filesystem in .vagga might be not support hardlinks, or it might not be efficient to store images directly in host system (which we do when mount /work)
2. [ ] Images will not be cached, we need to figure out a good place to put container caches (can we make a volume for that?) should it be the data container or something like this?
3. [ ] We need to figure out userid which owns files inside the docker for mac container, so we can remove --ignore-owner-check (on the other side I'm assuming that even files owned by root will be written as normal user in OS X)
4. [ ] Any other usability issues (hanging processes? leftover images?)
5. [ ] Any other issues

[lilianmoraru]

alias vagga=...

[tailhook]

Sure. Thanks!

[tailhook]

Notes to myself:

1. Alpine mostly works. But we have issues with setuid processes:

$ docker run --volume=$(pwd):/work --workdir=/work --privileged -i -t --rm tailhook/vagga:latest /vagga/bin/vagga --ignore-owner-check server
(1/1) Installing alpine-keys (1.1-r0)
OK: 0 MiB in 1 packages
fetch http://mirror.leaseweb.com/alpine/v3.2/main/x86_64/APKINDEX.tar.gz
(1/15) Installing musl (1.1.11-r2)
(2/15) Installing busybox (1.23.2-r0)
ERROR: Failed to set ownership on bin/bbsuid.apk-new: Permission denied
ERROR: Failed to preserve modification time on bin/bbsuid.apk-new: Permission denied
Executing busybox-1.23.2-r0.post-install
(3/15) Installing alpine-baselayout (2.3.2-r0)
Executing alpine-baselayout-2.3.2-r0.pre-install
Executing alpine-baselayout-2.3.2-r0.post-install
(4/15) Installing openrc (0.15.1-r3)
ERROR: Failed to set ownership on lib/rc/sh/functions.sh.apk-new: Permission denied
ERROR: Failed to set ownership on lib/rc/sh/rc-mount.sh.apk-new: Permission denied
ERROR: Failed to set ownership on lib/rc/sh/rc-functions.sh.apk-new: Permission denied
ERROR: Failed to set ownership on lib/libeinfo.so.1.apk-new: Permission denied
ERROR: Failed to set ownership on lib/librc.so.1.apk-new: Permission denied
Executing openrc-0.15.1-r3.post-install
(5/15) Installing alpine-conf (3.2.1-r6)
(6/15) Installing zlib (1.2.8-r1)
(7/15) Installing libcrypto1.0 (1.0.2h-r1)
ERROR: Failed to set ownership on lib/libcrypto.so.1.0.0.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libubsec.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libatalla.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libcapi.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libgost.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libcswift.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libchil.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libgmp.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libnuron.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/lib4758cca.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libsureware.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libpadlock.so.apk-new: Permission denied
ERROR: Failed to set ownership on usr/lib/engines/libaep.so.apk-new: Permission denied
(8/15) Installing libssl1.0 (1.0.2h-r1)
ERROR: Failed to set ownership on lib/libssl.so.1.0.0.apk-new: Permission denied
(9/15) Installing apk-tools (2.6.3-r0)
(10/15) Installing busybox-initscripts (2.2-r28)
Executing busybox-initscripts-2.2-r28.post-install
(11/15) Installing scanelf (0.9.1-r0)
(12/15) Installing musl-utils (1.1.11-r2)
(13/15) Installing libc-utils (0.7-r0)
(14/15) Installing alpine-keys (1.1-r0)
(15/15) Installing alpine-base (3.2.3-r0)
Executing busybox-1.23.2-r0.trigger
var/cache/misc/busybox-1.23.2-r0.trigger: line 19: /bin/bbsuid: Permission denied
4 errors; 6 MiB in 15 packages
ERROR:vagga::builder: Error building container "redis": step Alpine("v3.2") failed: Apk exited with status: exited with code 4
ERROR:vagga::wrapper: Error executing _build: Builder exited with code 1
Command <Command "/proc/self/exe" ("vagga_wrapper") "_build" "redis"; environ: {"TERM"="xterm","RUST_LOG"="warn","_VAGGA_HOME"="/",}; uid_map=[UidMap { inside_uid: 0, outside_uid: 0, count: 1 }, UidMap { inside_uid: 1, outside_uid: 1, count: 65535 }]; gid_map=[GidMap { inside_gid: 0, outside_gid: 0, count: 1 }, GidMap { inside_gid: 1, outside_gid: 1, count: 65535 }]> exited with code 124

This is really similar to running uids: [1], gids: [1]. I think that ownerwhip issue is ignored by apk, but setuid is not. Possible solution is something like fakeroot. Ok just keep containers in a volume rather than host system.

1. In ubuntu (xenial) we have some issue with unpacking tar:

ERROR:vagga::builder: Error building container "redis": step Ubuntu("xenial") failed: Error writing "/vagga/root/usr/share/man/man7/PAM.7.gz": Symbolic link loop (os error 40)
ERROR:vagga::wrapper: Error executing _build: Builder exited with code 1
Command <Command "/proc/self/exe" ("vagga_wrapper") "_build" "redis"; environ: {"TERM"="xterm","_VAGGA_HOME"="/","RUST_LOG"="warn"}; uid_map=[UidMap { inside_uid: 0, outside_uid: 0, count: 1 }, UidMap { inside_uid: 1, outside_uid: 1, count: 65535 }]; gid_map=[GidMap { inside_gid: 0, outside_gid: 0, count: 1 }, GidMap { inside_gid: 1, outside_gid: 1, count: 65535 }]> exited with code 124

The --ignore-owner-check is not needed. As volume is mounted as root.

(credits to @vmagamedov)

[vmagamedov]

Images will not be cached, we need to figure out a good place to put container caches (can we make a volume for that?) should it be the data container or something like this?

Docker named volumes can be used for this https://docs.docker.com/engine/reference/commandline/volume_create/

[tailhook]

Another update, if we don't export container outside it works fine:

(this is just a hack, to keep .vagga in the volume)

$ docker run --volume=/Users/vm/ws/vagga/vagga.yaml:/work/vagga.yaml --workdir=/work --privileged -i -t --rm tailhook/vagga:latest /vagga/bin/vagga server

But obviously, we loose exporting the data to IDE this way.

We can do some compromise solution, like export only /usr/lib/python3.5/site-packages. There are no differently owned files there AFAIK.

[tailhook]

Ubuntu failure is actually simple, because OS X system is case insensitive, the files:

lrwxrwxrwx 1 pc users     8 Jun 11 02:06 pam.7.gz -> PAM.7.gz
-rw-r--r-- 1 pc users  2142 Jun 11 02:06 PAM.7.gz

Do not work well. Error may manifest itself two ways (depending on the order of files in tar):

Error writing "/vagga/root/usr/share/man/man7/PAM.7.gz": Symbolic link loop (os error 40)
Error writing "/vagga/root/usr/share/man/man7/pam.7.gz": File exists (os error 17)