Hi I was trying to connect my Python SDK | Dagger | Page 1

small sequoia Jan 20, 2023, 2:43 PM

#

UPDATE: I was able to mount volumes locally using --mount instead of -v, however I am getting another error:
time="2023-01-20T14:29:46Z" level=error msg="/moby.buildkit.v1.frontend.LLBBridge/ReadFile returned error: rpc error: code = Unknown desc = failed to compute cache key: failed to unmount /tmp/containerd-mount1987398657: operation not permitted: failed to mount /tmp/containerd-mount1987398657: operation not permitted\n"

#

Is this something related to dagger, or it's just buildkit?

crystal cypress Jan 20, 2023, 3:01 PM

#

Hi check this https://github.com/dagger/dagger/blob/main/core/docs/d7yxc-operator_manual.md#runner-details
It needs a few requirements if you start the engine youself

GitHub

dagger/d7yxc-operator_manual.md at main · dagger/dagger

A programmable CI/CD engine that runs your pipelines in containers - dagger/d7yxc-operator_manual.md at main · dagger/dagger

small sequoia Jan 20, 2023, 3:46 PM

#

Hi, the only missing requirement is --privileged (locally), maybe it's related to the error. Do you know then if I can use solution 1?

#

The problem I am experiencing is that _EXPERIMENTAL_DAGGER_RUNNER_HOST can be a TCP address, but DAGGER_RUNNER_HOST not; however, the (Python) SDK is using the latter to connect to the dagger engine

crystal cypress Jan 20, 2023, 5:30 PM

#

You can try this solution yeah
You have the most recent sdk version ?

quick basalt Jan 20, 2023, 7:13 PM

#

@small sequoia I just noticed the docs are slightly out of date, they say you need a volume at /var/lib/buildkit but that changed recently to /var/lib/dagger. Gonna go fix that now.

So you should try also providing -v dagger-engine:/var/lib/dagger to your docker run command too, I think that could be related to the error you're getting

small sequoia Jan 23, 2023, 7:58 AM

#

Hey all, thank you for your reply.
Since I am unable to give --privileged permissions locally, I tried to set securityContext: privileged: true to my dagger pod, but unfortunately without success. I will address this problem to IT, and in the meantime, I will wait for the rootless release 😃

Side question: I see that I am able to create a session with dagger session command locally when forwarding the dagger k8s service to my local machine, but if I try to run the python SDK, I get a docker error (request rejected by IT policies).
What is dagger doing under the hood? Are docker root capabilities required also if you connect to an external container over the network, e.g., using kube-pod:// or tcp://, or it's trying to mount some volumes?

surreal light Jan 23, 2023, 4:55 PM

#

Is a rootless container even possible with Dagger? I am interested in this as even in my company there are policies preventing root as well as privileged containers in K8s. We can't even set securityContext: privileged: true

#Hi I was trying to connect my Python SDK