Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mac OSX support #8

Closed
tomzo opened this issue Sep 12, 2019 · 4 comments
Closed

Mac OSX support #8

tomzo opened this issue Sep 12, 2019 · 4 comments

Comments

@tomzo
Copy link
Member

tomzo commented Sep 12, 2019
edited

We should provide the same experience on Mac as on Linux. Currently most of dojo images won't work because of fix-uid-gid scripts trying to work around the mapping.
This is caused by osx driver trying to be smart about ownership of the mounted volumes.

osxfs docker driver behaviour

Basically the current user in the container always owns the mounted volume.

This snippet illustrates the problem:

Tomaszs-MacBook-Pro:code tomzo$ mkdir sandbox
Tomaszs-MacBook-Pro:code tomzo$ cd sandbox/
Tomaszs-MacBook-Pro:sandbox tomzo$ touch example.txt
Tomaszs-MacBook-Pro:sandbox tomzo$ docker run -ti -v $(pwd):/test openjdk:8u212 bash
root@ab58926a5f07:/# ls /test -la
total 4
drwxr-xr-x 3 root root   96 Sep 12 15:10 .
drwxr-xr-x 1 root root 4096 Sep 12 15:10 ..
-rw-r--r-- 1 root root    0 Sep 12 15:10 example.txt
root@ab58926a5f07:/# useradd dojo
root@ab58926a5f07:/# su dojo
$ ls -la /test	
total 4
drwxr-xr-x 3 dojo dojo   96 Sep 12 15:10 .
drwxr-xr-x 1 root root 4096 Sep 12 15:10 ..
-rw-r--r-- 1 dojo dojo    0 Sep 12 15:10 example.txt
$

More detailed explanation - https://stackoverflow.com/questions/43097341/docker-on-macosx-does-not-translate-file-ownership-correctly-in-volumes

Current problem

Dojo by design has to ensure that /home/dojo and /dojo/work is owned by the current user.
Since /dojo/work is a mount, on a Mac, this will be owned by current user automagically.
So there is only /home/dojo to take care of. Currently, as part of entrypoint setup, fix-uid-gid scripts (running as root) would read uid/gid of the /dojo/work (getting 0/0), then create and chown files in /home/dojo. This results in home files owned by the root.

Solutions?

We need a way to handle this, ideally without a big IF Linux/Mac then.
tomzo added a commit to tomzo/dojo that referenced this issue Sep 13, 2019
@tomzo
uid/gid update for OSX kudulab#8
a4c3f57
@xmik
Copy link
Member

xmik commented Sep 13, 2019

Thanks for opening this issue. Your solution in this commit looks good. I think it would be nice to also add a comment, in that file 50-fix-uid-gid.sh, explaining why we need to check uid and gid as another user.

We also have to add a test on Mac OSX.

@tomzo
Copy link
Member Author

tomzo commented Sep 13, 2019

In order to support OSX, for all the public images we will need them to use 0.6.0 version of dojo in the image scripts.

@xmik
Copy link
Member

xmik commented Sep 13, 2019

Nice that you have clearly stated that. Have you tested any dojo docker image on Mac? There is kudulab/ansible-dojo:1.1.0 with dojo scripts 0.6.0.

sradnev added a commit to sradnev/dojo that referenced this issue Sep 16, 2019
@sradnev
Add TMPDIR to default blacklist for OSX support kudulab#8
5e7db35 
MacOSX has a weird TMPDIR which gets passed on to the docker environment and leads to problems with some applications (e.g. discovered in terraform and gocd).
tomzo added a commit that referenced this issue Sep 16, 2019
@tomzo
Merge pull request #10 from sradnev/tmpdir-fix
bfdd465 
Add TMPDIR to default blacklist for OSX support #8
tomzo added a commit that referenced this issue Sep 16, 2019
@tomzo
fixup to TMPDIR update #8
43f2806
@tomzo tomzo closed this as completed Dec 23, 2019
@tomzo
Copy link
Member Author

tomzo commented Dec 23, 2019

OSX experience is good since Dojo 0.6.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomzo @xmik