Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker example doesn't work well with uids != 1000 #156

Closed
andrewvc opened this issue Dec 1, 2020 · 1 comment · Fixed by elastic/beats#23467
Closed

Docker example doesn't work well with uids != 1000 #156

andrewvc opened this issue Dec 1, 2020 · 1 comment · Fixed by elastic/beats#23467
Assignees
@andrewvc
Labels
bug Something isn't working

Comments

@andrewvc
Copy link
Contributor

andrewvc commented Dec 1, 2020
edited by paulb-elastic
Loading

In #153 @paulb-elastic discovered that the docs only work in the rather common scenario where the your user on the host machine is 1000 which matches the heartbeat user in the container. The issue, essentially, is that the heartbeat user in docker has a uid of 1000, and if this doesn't match up with the uids of the shared mounts you'll get perms issues.

Possible solutions:

  1. Document this, recommend users users change their local file perms
  2. Start using fixuid in the container
  3. Something else???
@andrewvc andrewvc added the bug Something isn't working label Dec 1, 2020
@andrewvc andrewvc mentioned this issue Dec 1, 2020
Closed
@paulb-elastic paulb-elastic mentioned this issue Dec 4, 2020
Closed
29 tasks
@paulb-elastic
Copy link
Contributor

During tech sync we have discussed the option of using a copy on start up, as opposed to a shared volume.

In this way, the host folder would be copied into the container at start up (which only needs read permissions) and then the runtime Synthetics Agent uses that folder inside the container (not as a shared volume). It will of course be ephemeral and do the same during the next launch.

The Remote Zip URL support feature will still provide a mechanism for the suites to be updated without needing a shared volume.

Similarly, hot reloading would still be supported in that it would just periodically copy the host folder(s) to the running container at the given interval.

@andrewvc andrewvc self-assigned this Jan 4, 2021
andrewvc added a commit to andrewvc/beats that referenced this issue Jan 4, 2021
@andrewvc
[Uptime] Copy synthetics suites to tmpdir before running
6a0b645 
The rationale here is that doing so resolves any file permissions issues
that may be present due to the suite directory being shared to the
container as read only OR due to incompatible UIDs between the docker
container and the host.

Fixes elastic/synthetics#156
@andrewvc andrewvc mentioned this issue Jan 4, 2021
Closed
6 tasks
@andrewvc andrewvc mentioned this issue Jan 12, 2021
Merged
6 tasks
andrewvc added a commit to elastic/beats that referenced this issue Feb 17, 2021
@andrewvc
[Heartbeat] Refactor config system (#23467)
fb25ded 
* Refactors the config for synthetics suites to act as regular monitors under `heartbeat.monitors` rather than have the new top-level `synthetic.suites` syntax we've been using so far. 
* Changes the behavior of local suites to copy their data into the container rather than run directly off the shared docker volume
* Adds a first-class notion of aliasing to monitor types, so that `synthetics/http` monitors show up as `http`, and not as a distinct type (applies to all monitor types)
* Simplifies the types associated with monitor plugins into a new `plugin.Plugin{}` struct, rather than passing around multiple values everywhere.
* See https://github.com/elastic/beats/pull/23467/files#diff-7f1e5387c4757cca1e98483a5678e377a28ca5f9d77b267a4121a14249c96b82R7 for an example of the new config syntax

#### More on the change to copying local tests into the container

The rationale here is that doing so resolves any file permissions issues that may be present due to the suite directory being shared to the container as read only OR due to incompatible UIDs between the docker container and the host.

Fixes elastic/synthetics#156
Fixes #23823

As a note, no tests are added here due to the complexity of testing this small amount of I/O functionality, however, any issues should be caught by our E2E tests in https://github.com/elastic/synthetics/tree/master/__tests__/e2e . I've opened an issue to improve this situation here: #23346
@andrewvc andrewvc mentioned this issue Feb 17, 2021
Merged
6 tasks
andrewvc added a commit to andrewvc/beats that referenced this issue Feb 17, 2021
@andrewvc
[Heartbeat] Refactor config system (elastic#23467)
efbfb13 
* Refactors the config for synthetics suites to act as regular monitors under `heartbeat.monitors` rather than have the new top-level `synthetic.suites` syntax we've been using so far.
* Changes the behavior of local suites to copy their data into the container rather than run directly off the shared docker volume
* Adds a first-class notion of aliasing to monitor types, so that `synthetics/http` monitors show up as `http`, and not as a distinct type (applies to all monitor types)
* Simplifies the types associated with monitor plugins into a new `plugin.Plugin{}` struct, rather than passing around multiple values everywhere.
* See https://github.com/elastic/beats/pull/23467/files#diff-7f1e5387c4757cca1e98483a5678e377a28ca5f9d77b267a4121a14249c96b82R7 for an example of the new config syntax

#### More on the change to copying local tests into the container

The rationale here is that doing so resolves any file permissions issues that may be present due to the suite directory being shared to the container as read only OR due to incompatible UIDs between the docker container and the host.

Fixes elastic/synthetics#156
Fixes elastic#23823

As a note, no tests are added here due to the complexity of testing this small amount of I/O functionality, however, any issues should be caught by our E2E tests in https://github.com/elastic/synthetics/tree/master/__tests__/e2e . I've opened an issue to improve this situation here: elastic#23346

(cherry picked from commit fb25ded)
andrewvc added a commit to elastic/beats that referenced this issue Feb 17, 2021
@andrewvc
[Heartbeat] Refactor config system (#23467) (#24087)
f8b654d 
* Refactors the config for synthetics suites to act as regular monitors under `heartbeat.monitors` rather than have the new top-level `synthetic.suites` syntax we've been using so far.
* Changes the behavior of local suites to copy their data into the container rather than run directly off the shared docker volume
* Adds a first-class notion of aliasing to monitor types, so that `synthetics/http` monitors show up as `http`, and not as a distinct type (applies to all monitor types)
* Simplifies the types associated with monitor plugins into a new `plugin.Plugin{}` struct, rather than passing around multiple values everywhere.
* See https://github.com/elastic/beats/pull/23467/files#diff-7f1e5387c4757cca1e98483a5678e377a28ca5f9d77b267a4121a14249c96b82R7 for an example of the new config syntax

#### More on the change to copying local tests into the container

The rationale here is that doing so resolves any file permissions issues that may be present due to the suite directory being shared to the container as read only OR due to incompatible UIDs between the docker container and the host.

Fixes elastic/synthetics#156
Fixes #23823

As a note, no tests are added here due to the complexity of testing this small amount of I/O functionality, however, any issues should be caught by our E2E tests in https://github.com/elastic/synthetics/tree/master/__tests__/e2e . I've opened an issue to improve this situation here: #23346

(cherry picked from commit fb25ded)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewvc andrewvc

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@andrewvc @paulb-elastic