[contrib] rake docker:build fails with Errno::EACCES: Permission denied @ rb_sysopen - /obs/src/api/log/bullet.log

[valdrinkuchi]

Issue/Feature Description

While following the instructions specified here, to setup local OBS development I face the following error when running rake docker:build:

Errno::EACCES: Permission denied @ rb_sysopen - /obs/src/api/log/bullet.log
/obs/src/api/config/environments/development.rb:99:in `block (2 levels) in <top (required)>'
/obs/src/api/config/environment.rb:31:in `<top (required)>'
/usr/bin/bundle:25:in `load'
/usr/bin/bundle:25:in `<main>'
Tasks: TOP => dev:bootstrap => environment
(See full trace by running task with --trace)
docker compose stop

Expected Result

No permission issues should be present and the development environment should work properly.

How to Reproduce

1. Machine running on: Ubuntu 22.04.3 LTS
2. Docker version 24.0.6, build ed223bc
3. Follow instructions specified here

[hennevogel]

Do you have a docker-compose.override.yml file in the top level of your checkout? What's the content?

[valdrinkuchi]

Do you have a docker-compose.override.yml file in the top level of your checkout? What's the content?

# This file is generated by our Rakefile. Do not change it!
version: '2.1'
services:
  frontend:
    build:
      args:
        CONTAINER_USERID: 1000

    volumes:
      - ./docker-files/home/.bash_history:/home/frontend/.bash_history:Z
      - ./docker-files/home/.irb_history:/home/frontend/.irb_history:Z
      - ./docker-files/home/.pry_history:/home/frontend/.pry_history:Z
      - ./docker-files/home/.irbrc:/home/frontend/.irbrc:Z
      - ./docker-files/home/.pryrc:/home/frontend/.pryrc:Z

[valdrinkuchi]

I deleted the repository and cloned it one more time just to make sure that I follow the instructions correctly.
Although it still fails, this time I receive a lightly different error:

docker compose run --no-deps --rm frontend bundle exec rake dev:bootstrap RAILS_ENV=development
To use retry middleware with Faraday v2.0+, install `faraday-retry` gem
Setting up the database configuration...
Creating config/config/database.yml from config/config/database.yml.example
rake aborted!
Errno::EACCES: Permission denied @ rb_sysopen - config/database.yml
/obs/src/api/lib/tasks/dev/rake_support.rb:22:in `copy_example_file'
/obs/src/api/lib/tasks/dev.rake:10:in `block (2 levels) in <top (required)>'
/usr/bin/bundle:25:in `load'
/usr/bin/bundle:25:in `<main>'
Tasks: TOP => dev:bootstrap => dev:prepare
(See full trace by running task with --trace)
docker compose stop
[+] Running 1/1
 ⠿ Container open-build-service-db-1  Stopped                              0.4s
rake aborted!
Command failed with status (1): [docker compose run --no-deps --rm frontend...]
/home/valdrin/Desktop/open-build-service/Rakefile:39:in `block (2 levels) in <top (required)>'
Tasks: TOP => docker:build
(See full trace by running task with --trace)

# This file is generated by our Rakefile. Do not change it!
version: '2.1'
services:
  frontend:
    build:
      args:
        CONTAINER_USERID: 1000

    volumes:
      - ./docker-files/home/.bash_history:/home/frontend/.bash_history:Z
      - ./docker-files/home/.irb_history:/home/frontend/.irb_history:Z
      - ./docker-files/home/.pry_history:/home/frontend/.pry_history:Z
      - ./docker-files/home/.irbrc:/home/frontend/.irbrc:Z
      - ./docker-files/home/.pryrc:/home/frontend/.pryrc:Z

[krauselukas]

Hey @valdrinkuchi is the user of your system that you are using to start the docker container in the docker group on your system? You can check with grep 'docker' /etc/group. I'm guessing a bit, but it seems you always run into issues when it tries to write files in your workdir.

[hennevogel]

@valdrinkuchi we are writing files to the volume inside the frontend container. For this the UID of the user inside the container and the user outside of the container need to be the same. What is the UID of the user you call docker-compose with? You can can use the id command to find out.

[valdrinkuchi]

Hey @valdrinkuchi is the user of your system that you are using to start the docker container in the docker group on your system? You can check with grep 'docker' /etc/group. I'm guessing a bit, but it seems you always run into issues when it tries to write files in your workdir.

whoami
 => valdrin

grep 'docker' /etc/group
=> docker:x:998:valdrin

[valdrinkuchi]

@valdrinkuchi we are writing files to the volume inside the frontend container. For this the UID of the user inside the container and the user outside of the container need to be the same. What is the UID of the user you call docker-compose with? You can can use the id command to find out.

$ id -u
1000

or

$ id
uid=1000(valdrin)

[hennevogel]

and docker-compose run --rm frontend id ?

[hennevogel]

and /usr/bin/ls -land src/api/ ?

[valdrinkuchi]

and /usr/bin/ls -land src/api/ ?

$ /usr/bin/ls -land src/api/
drwxrwxr-x 14 1000 1000 4096 Feb 19 19:50 src/api/

docker-compose run --rm frontend id

uid=1000(frontend) gid=100(users) groups=100(users)

[hennevogel]

Hm this is strange. Inside the checkout directory you have any output for find . ! -uid 1000?

[valdrinkuchi]

Hm this is strange. Inside the checkout directory you have any output for find . ! -uid 1000?

No, I don't receive any output.

valdrin:open-build-service/ (master) $ find . ! -uid 1000 

[hennevogel]

Phew, this must be the ubuntu docker setup then. Let me see if I can reproduce it...

[valdrinkuchi]

Phew, this must be the ubuntu docker setup then. Let me see if I can reproduce it...

I am indeed using the docker application in ubuntu.

[hennevogel]

@valdrinkuchi this will take me some time...

[valdrinkuchi]

@valdrinkuchi this will take me some time...

@hennevogel no need to check I installed it on my MacOs laptop.

[hennevogel]

no need to check I installed it on my MacOs laptop

alright...