#dagger v0.2.x in dind dev container. Mount and client write issues

1 messages · Page 1 of 1 (latest)

formal relic
#

Posted for @karmic yoke

Hello folk,
I have a writing problem with the client. But I think it's related to my environment.
I use a devcontainer for my projects, which creates a mount between my host and my machine in /workspace/my-project.
When I use dagger from my host, it works perfectly. But when I try from my dev container, I have an error:
[✗] client.filesystem."./public".write 0.2s
2:36PM FATAL failed to execute plan: task failed: client.filesystem."./public".write: error from receiver: error setting metadata for /workspaces/my-project/public/.tmp.087960590: lchown /workspaces/my-project/public/.tmp.087960590: permission denied
I think it's a problem with docker in docker when I try to write in a mounted volume.
Have you ever had this problem? If so, do you know how I can get around it?

#

@karmic yoke Could you share more about your setup?

I just did this and couldn't repro.

here's my dagger cue directory and hello.cue

my pwd before:

.
├── cue.mod
└── hello.cue

hello.cue

package hello

import (
    "dagger.io/dagger"
    "universe.dagger.io/bash"
    "universe.dagger.io/alpine"

)

dagger.#Plan & {
    client: filesystem: "./public": write: contents: actions.hello.export.files."/tmp/foo"

    actions: {
        _alpine: alpine.#Build & {
            packages: bash: _
        }

        // Hello world
        hello: bash.#Run & {
            input: _alpine.output
            script: contents: "echo Hello World > /tmp/foo"
            always: true
            export: files: "/tmp/foo": string
        }
    }
}

started a dind in daemon mode with local pwd mounted and with --privileged.

docker run -d --privileged --name docker -v ${PWD}:/workspace/my-project \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v docker-certs-ca:/certs/ca \
    -v docker-certs-client:/certs/client \
    docker:dind

then go inside, install dagger

docker exec -it <containerid> sh

apk add curl
cd /usr/local
curl -L https://dl.dagger.io/dagger/install.sh | sh

cd /workspace/my-project
dagger do hello
#

my pwd on host after:

.
├── cue.mod
├── hello.cue
└── public

cat public
Hello World
#

I'm in a plane and need to go offline, but will check back later on. Cheers!

karmic yoke
#

I have this file structure:

.
├── .devcontainer
├── cue.mod
├── dagger.cue
└── ...

in my devcontainer config I have this:

{
    "name": "Node.js & TypeScript",
    "build": {
        "dockerfile": "Dockerfile",
        "args": {
            "VARIANT": "18-bullseye"
        }
    },
    "customizations": {
        "vscode": {
            "extensions": [
                "dbaeumer.vscode-eslint",
                "kokakiwi.vscode-just",
                "mhutchie.git-graph",
                "oderwat.indent-rainbow",
                "yzhang.markdown-all-in-one",
                "DavidAnson.vscode-markdownlint",
                "stuart.unique-window-colors",
                "unifiedjs.vscode-mdx"
            ]
        }
    },
    "remoteUser": "node",
    "features": {
        "ghcr.io/devcontainers/features/docker-in-docker:1": {},
        "ghcr.io/devcontainers/features/git:1": {},
        "ghcr.io/devcontainers/features/git-lfs:1": {},
        "ghcr.io/guiyomh/features/fish": {},
        "ghcr.io/guiyomh/features/just": {},
        "ghcr.io/guiyomh/features/vim": {}
    }
}
#

Nothing special, in my Dockerfile:

ARG VARIANT=18-bullseye
FROM mcr.microsoft.com/vscode/devcontainers/typescript-node:0-${VARIANT}

# dagger
RUN cd /usr/local \
    && curl -L https://dl.dagger.io/dagger/install.sh | sh
#

And my dagger plan is:

package main

import (
    "dagger.io/dagger"

    "dagger.io/dagger/core"
    "universe.dagger.io/yarn"
)
dagger.#Plan & {
    client: filesystem: "./public": write: contents: actions.build.output
    actions: {
        // Load the documentation source code
        source: core.#Source & {
            path: "."
            exclude: [
                "node_modules",
                ".devcontainer",
                "*.cue",
                ".git",
            ]
        }
        // Build documentation
        build: yarn.#Script & {
            name:   "build:gitlab"
            source: actions.source.output
            outputDir: "./public"
        }
    }
}
karmic yoke
#

when I execute dagger do build -l DEBUG I have this result:

//....                                                                     
#13 copying files 29B 0.0s                                                                                                                                
#13 copying files 2.78kB 0.1s done                                                                                                                        
#13 ERROR: error from receiver: error setting metadata for /workspaces/how-to-awesome/public/.DS_Store: lchown /workspaces/how-to-awesome/public/.DS_Store: permi…
------                                                                                                                                                    
> exporting to client:                                                                                                                                    
------                                                                                                                                                    
7:25AM FATAL failed to execute plan: task failed: client.filesystem."./public".write: error from receiver: error setting metadata for /workspaces/how-to-awesome/public/.DS_Store: lchown 
/workspaces/how-to-awesome/public/.DS_Store: permission denied
karmic yoke
#

@formal relic I tried your example and it works for the creation of a file. But I reproduce the problem when I try to generate a directory. I have modified your example in this way.

before the execution

.
├── cue.mod
└── hello.cue

hello.cue

package hello

import (
    "dagger.io/dagger"
    "universe.dagger.io/bash"
    "universe.dagger.io/alpine"

)

dagger.#Plan & {
    client: filesystem: "./foo": write: contents: actions.hello.export.directories."/tmp/foo"

    actions: {
        _alpine: alpine.#Build & {
            packages: bash: _
        }

        // Hello world
        hello: bash.#Run & {
            input: _alpine.output
            script: contents: "mkdir -p /tmp/foo && echo Hello World > /tmp/foo/bar"
            always: true
            export: directories: "/tmp/foo": dagger.#FS
        }
    }
}

I starting the docker container as you:

docker run -d --privileged --name docker -v ${PWD}:/workspace/my-project \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v docker-certs-ca:/certs/ca \
    -v docker-certs-client:/certs/client \
    docker:dind

then go inside, install dagger as you.
When I execute dagger I have this erreur:

/workspace/my-project # dagger do hello
[✔] actions.hello.script                                                            0.1s
[✔] actions                                                                         1.1s
[✔] actions.hello                                                                   0.2s
[✔] actions.hello.export                                                            0.1s
[✗] client.filesystem."./foo".write                                                 0.1s
10:23AM FATAL failed to execute plan: task failed: client.filesystem."./foo".write: error from receiver: error setting metadata for /workspace/my-project/foo/bar: lchown /workspace/my-project/foo/bar: permission denied
formal relic
#

@karmic yoke I used your hello example and it worked fine for me. 🤔

guiyomh ➤ tree -L 2                                                          git:main*
.
├── cue.mod
│   ├── dagger.mod
│   ├── dagger.sum
│   ├── module.cue
│   └── pkg
├── foo
│   └── bar
└── hello.cue

guiyomh ➤ cat foo/bar                                                        git:main*
Hello World

I can even go back inside the container, remove the directory, recreate it, etc

# 
guiyomh ➤ docker exec -it 3ed63837e8b48c99599d08a471d3f4c83a3367dc52f8293a024ba38ccfda492b sh
/ # cd /workspace/my-project/
/workspace/my-project # ls
cue.mod    foo        hello.cue
/workspace/my-project # rm -rf foo
/workspace/my-project # ls
cue.mod    hello.cue
/workspace/my-project # exit
guiyomh ➤ ls                                                                 git:main*
cue.mod   hello.cue
guiyomh ➤ docker exec -it 3ed63837e8b48c99599d08a471d3f4c83a3367dc52f8293a024ba38ccfda492b sh
/ # cd /workspace/my-project/
/workspace/my-project # dagger do hello
[✔] actions.hello.script                                                           0.0s
[✔] actions                                                                        0.7s
[✔] actions.hello                                                                  0.1s
[✔] actions.hello.export                                                           0.0s
[✔] client.filesystem."./foo".write                                                0.1s
/workspace/my-project # ls
cue.mod    foo        hello.cue
/workspace/my-project # cat foo/bar
Hello World
/workspace/my-project # exit
guiyomh ➤ cat foo/bar                                                        git:main*
Hello World
#

I'm on a Mac M1

unknown.png
karmic yoke
#

Strange. May it's due to my docker installation.

formal relic
#

guiyomh ➤ dagger version git:main*
dagger v0.2.36 (ea275a3ba) darwin/arm64

karmic yoke
#

I'm on Mac intel, I used colima

Screenshot_2022-10-24_at_13.17.47.png
#

13:17:35 ❯ dagger version
dagger 0.2.36 (ea275a3ba) darwin/amd64

#

I'm going to use Docker desktop. I will keep you informed

formal relic