New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to read a symlink in a mounted volume from inside a Windows Container #28401

Closed
jbhurat opened this Issue Nov 14, 2016 · 20 comments

Comments

Projects
None yet
10 participants
@jbhurat
Copy link

jbhurat commented Nov 14, 2016

Description
On Windows Server 2016 host created a symlink pointing to a text file inside working directory and mounted the working directory as a volume for windowsservercore container. Accessing the symlink from Windows host works but fails from within the container

Steps to reproduce the issue:

  1. Create a text file in temp/work directory
    PS C:\wd\test> echo "Symlink Test" > test.txt
  2. Create a symlink pointing to the text file
    PS C:\wd\test> cmd /c mklink symtmp.txt test.txt
  3. Run windowsservercore container and mount the working directory as volume
    docker run --rm -v c:\wd\test:c:\wd\test -it microsoft/windowsservercore cmd

Describe the results you received:
Inside the container run

PS C:\> type C:\wd\test\symtmp.txt
type : Could not find a part of the path 'C:\wd\test\symtmp.txt'.
At line:1 char:1
+ type C:\wd\test\symtmp.txt
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\wd\test\symtmp.txt:String) [Get-Content], DirectoryNotFoundException
    + FullyQualifiedErrorId : GetContentReaderDirectoryNotFoundError,Microsoft.PowerShell.Commands.GetContentCommand

Describe the results you expected:

PS C:\wd\test> type .\symtmp.txt
Symlink Test

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

PS C:\wd> docker version
Client:
 Version:      1.12.2-cs2-ws-beta
 API version:  1.25
 Go version:   go1.7.1
 Git commit:   050b611
 Built:        Tue Oct 11 02:35:40 2016
 OS/Arch:      windows/amd64

Server:
 Version:      1.12.2-cs2-ws-beta
 API version:  1.25
 Go version:   go1.7.1
 Git commit:   050b611
 Built:        Tue Oct 11 02:35:40 2016
 OS/Arch:      windows/amd64

Output of docker info:

PS C:\wd> docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 37
Server Version: 1.12.2-cs2-ws-beta
Storage Driver: windowsfilter
 Windows:
Logging Driver: json-file
Plugins:
 Volume: local
 Network: nat null overlay transparent
Swarm: inactive
Default Isolation: process
Kernel Version: 10.0 14393 (14393.447.amd64fre.rs1_release_inmarket.161102-0100)
Operating System: Windows Server 2016 Standard Evaluation
OSType: windows
Architecture: x86_64
CPUs: 4
Total Memory: 8 GiB
Name: WIN-V1B1M3827A2
ID: YWMF:AR23:AK2D:W3KJ:W22Z:6KQ3:LTPR:TOJP:ZCD3:WM3Z:NHRA:RLM6
Docker Root Dir: C:\ProgramData\docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):

  1. Physical
  2. winver : Windows Server 2016 Version 1607 (OS Build 14393.447)
@thaJeztah

This comment has been minimized.

Copy link
Member

thaJeztah commented Nov 14, 2016

@jhowardmsft

This comment has been minimized.

Copy link
Contributor

jhowardmsft commented Nov 14, 2016

Again, this is a platform bug rather than a docker issue. Closing here and will track in an internal platform bug.

@jhowardmsft

This comment has been minimized.

Copy link
Contributor

jhowardmsft commented Nov 14, 2016

Tracked by VSO#9797437

@jbhurat

This comment has been minimized.

Copy link

jbhurat commented Nov 14, 2016

@jhowardmsft is there a link which can be used to track the progress on VSO#9797437

@jhowardmsft

This comment has been minimized.

Copy link
Contributor

jhowardmsft commented Nov 14, 2016

No - it's an internal Microsoft bug database.

@pires

This comment has been minimized.

Copy link

pires commented Jan 3, 2017

@jhowardmsft so this shouldn't be closed? It affects Docker behavior. Is it at least documented as a limitation from Microsoft?

@jhowardmsft

This comment has been minimized.

Copy link
Contributor

jhowardmsft commented Jan 3, 2017

@pires I've asked @PatrickLang to ensure it gets documented in the Microsoft documentation. The bug isn't fixed though, but there's nothing that can be done in the docker code-base itself to fix it which is why this issue is closed here.

@pires

This comment has been minimized.

Copy link

pires commented Jan 3, 2017

👍

@PatrickLang

This comment has been minimized.

Copy link

PatrickLang commented Jan 3, 2017

I'd still like to know more about how you'd like to use symlinks though. Do they need to cross to another Windows volume (drive letter or mount point, not -v), will the target be another path that's also bind mounted (Docker -v), file, folder, or both?

@jbhurat

This comment has been minimized.

Copy link

jbhurat commented Jan 4, 2017

Symlinks are used to enable atomic updates of secrets inside the containers. The directory containing secrets on the host (default: c:\var\lib\kubelet\pods\<pod-id>\volumes\kubernetes.io~secret\<default token>) is mounted inside the container (default: c:\var\run\secrets\kubernetes.io\serviceaccount) directory.

@PatrickLang

This comment has been minimized.

Copy link

PatrickLang commented Jan 27, 2017

After discussion with some Windows devs, unfortunately this won't work in Windows Server 2016. It's on the list to look at in the next version of Windows Server.

@Koubek

This comment has been minimized.

Copy link

Koubek commented Jul 4, 2017

This won`t be probably useful for your needs but you can create SymLink from the container itself. You just need to place the symlink into another folder (one that wasn`t mounted).

New-Item -Type SymbolicLink -Path c:\symtmp.txt -Value C:\wd\test\text.txt

    Directory: C:\

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a---l         7/5/2017   1:40 AM              0 symtmp.txt

Then:

PS C:\> Get-Content C:\symtmp.txt
Symlink Test

The changes propagate correctly in both directions.

@artisticcheese

This comment has been minimized.

Copy link

artisticcheese commented Aug 20, 2017

How docker swarm differs from K8 that secrets inside docker swarm which are also relying on symlinks working just fine?

@andyzhangx

This comment has been minimized.

Copy link

andyzhangx commented Aug 23, 2017

Any progress on this issue? @PatrickLang
I am now working on k8s, enabling azure disk on windows , also hit this blocking issue: in k8s, the mount disk process always use symbolic link, but in windows container, the symbolic link in host will be invalid.

@andyzhangx

This comment has been minimized.

Copy link

andyzhangx commented Aug 23, 2017

After a few tries, I found my problem solved, seems it's more like a docker config issue for me, e.g.
If I run below command line:
docker run -d -v C:\var\lib\kubelet\pods\1f197b28-87d2-11e7-9fdc-000d3a31dac4\volumes\kubernetes.io~azure-disk\pvc-0ada684f-87d2-11e7-9fdc-000d3a31dac4:c:\mnt\azure\ microsoft/iis

The volume mount failed in the container, it reports error: the parameter is incorrect. It's still quite confusing, not sure why.

If I change mapping to drive, like below, it succeeded, it's quite confusing for me. Anyway, mounting to a drive in container should succeed.
docker run -d -v C:\var\lib\kubelet\pods\1f197b28-87d2-11e7-9fdc-000d3a31dac4\volumes\kubernetes.io~azure-disk\pvc-0ada684f-87d2-11e7-9fdc-000d3a31dac4:g: microsoft/iis

@LukeDearden

This comment has been minimized.

Copy link

LukeDearden commented Sep 8, 2017

So I arrived here from this page https://kubernetes.io/docs/getting-started-guides/windows/ having attempted to mount both a secret and azurefile volume without success.

Just to be absolutely clear. Do volumemounts simply not work for windows based containers/pods in Kubernetes running on Azure Container Services?

@andyzhangx

This comment has been minimized.

Copy link

andyzhangx commented Sep 8, 2017

hi @LukeDearden Mount azure file on windows node is in progress, and it depends on new windows 2016 release. See kubernetes/kubernetes#50233

@andyzhangx

This comment has been minimized.

Copy link

andyzhangx commented Dec 8, 2017

JUST FYI:
I have already completed mount azure file & disk on Windows node in k8s upstream.
Below are the detailed steps:
https://github.com/andyzhangx/Demo/tree/master/windows/azuredisk
https://github.com/andyzhangx/Demo/tree/master/windows/azurefile

Please note that:

  1. mount azure file & disk on Windows features are only supported on Windows Server version 1709, I would recommend you to use acs-engine(above v0.9.2) to deploy such windows cluster.
  2. K8s on windows is still in preview state

You could find more details in below link:
https://github.com/andyzhangx/Demo/tree/master/windows/

@PatrickLang

This comment has been minimized.

Copy link

PatrickLang commented Jan 26, 2018

The fix for this is in the current Windows 10 Insider & Windows Server Insider builds 17074+! If you run into issues, can you open new ones in GitHub and ping me on them?

@andyzhangx

This comment has been minimized.

Copy link

andyzhangx commented Nov 19, 2018

Symlink issue with relative path is fixed, symlink with absolute path is not fixed. I opened a new issue: #38220

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment