You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@mesos.apache.org by Vinod Kone <vi...@apache.org> on 2020/09/10 12:12:39 UTC

Review Request 72856: Fixed Website bot to work with docker user namespaces.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72856/
-----------------------------------------------------------

Review request for mesos, Andrei Sekretenko, Benjamin Mahler, and Gilbert Song.


Repository: mesos


Description
-------

ASF CI has enabled user namespaces for docker daemon on the build
machines that are used to build the website. This commit makes the
requisite changes to work with user namespacing.

Debug.

Fix.


Diffs
-----

  support/mesos-website.sh 04a664611cb882813e18d8b45da4aabb578e7d44 
  support/mesos-website/Dockerfile 611c4962d1eb99b2e8ea225bb5dcf840d973ab9c 
  support/mesos-website/entrypoint.sh 72fd72375e63f7e0dddb5472187edfdbe7a9d148 


Diff: https://reviews.apache.org/r/72856/diff/1/


Testing
-------

Tested via https://ci-builds.apache.org/job/Mesos/job/Mesos-Websitebot-test/4/console


Thanks,

Vinod Kone

Re: Review Request 72856: Fixed Website bot to work with docker user namespaces.

Posted by Vinod Kone <vi...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72856/
-----------------------------------------------------------

(Updated Sept. 10, 2020, 9:36 p.m.)


Review request for mesos, Andrei Sekretenko, Benjamin Mahler, and Gilbert Song.


Changes
-------

Added a check for file ownership.


Repository: mesos


Description
-------

ASF CI has enabled user namespaces for docker daemon on the build
machines that are used to build the website. This commit makes the
requisite changes to work with user namespacing.


Diffs (updated)
-----

  support/mesos-website.sh 04a664611cb882813e18d8b45da4aabb578e7d44 
  support/mesos-website/Dockerfile 611c4962d1eb99b2e8ea225bb5dcf840d973ab9c 
  support/mesos-website/build.sh afbec486e892b580348091dc790da651ff4b5952 
  support/mesos-website/entrypoint.sh 72fd72375e63f7e0dddb5472187edfdbe7a9d148 


Diff: https://reviews.apache.org/r/72856/diff/3/

Changes: https://reviews.apache.org/r/72856/diff/2-3/


Testing
-------

Tested via https://ci-builds.apache.org/job/Mesos/job/Mesos-Websitebot-test/4/console


Thanks,

Vinod Kone

Re: Review Request 72856: Fixed Website bot to work with docker user namespaces.

Posted by Andrei Sekretenko <as...@apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72856/#review221844
-----------------------------------------------------------


Ship it!





support/mesos-website/entrypoint.sh
Lines 21 (patched)
<https://reviews.apache.org/r/72856/#comment310921>

    Now that we are relying on --userns-remap, perhaps we should check that the mounted directories are indeed remapped? 
    
    Something like
    ```
    if [ $(stat . --format=%u) -ne $(id -u) ];
    then
      echo "
        The mounted mesos sources are not owned by the current user
        inside the containter. Please check that dockerd has
        user namespace remapping configured properly.
      "
      exit 1
    fi
    ```
    in the entrypoint.sh ?
    
    Otherwise, running this on a misconfigured dockerd will, at the very least, leave a root-owned waste (`configure`, `Makefile.in`s and, potentially, the whole `build`) in the sources dir.


- Andrei Sekretenko


On Sept. 10, 2020, 2:12 p.m., Vinod Kone wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72856/
> -----------------------------------------------------------
> 
> (Updated Sept. 10, 2020, 2:12 p.m.)
> 
> 
> Review request for mesos, Andrei Sekretenko, Benjamin Mahler, and Gilbert Song.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> ASF CI has enabled user namespaces for docker daemon on the build
> machines that are used to build the website. This commit makes the
> requisite changes to work with user namespacing.
> 
> 
> Diffs
> -----
> 
>   support/mesos-website.sh 04a664611cb882813e18d8b45da4aabb578e7d44 
>   support/mesos-website/Dockerfile 611c4962d1eb99b2e8ea225bb5dcf840d973ab9c 
>   support/mesos-website/entrypoint.sh 72fd72375e63f7e0dddb5472187edfdbe7a9d148 
> 
> 
> Diff: https://reviews.apache.org/r/72856/diff/2/
> 
> 
> Testing
> -------
> 
> Tested via https://ci-builds.apache.org/job/Mesos/job/Mesos-Websitebot-test/4/console
> 
> 
> Thanks,
> 
> Vinod Kone
> 
>