Support readonly root filesystem

Question

Support readonly root filesystem

viceice opened this issue 9 months ago · comments

Michael Kriese commented 9 months ago

general

/usr/local/bin is symlinked to /opt/containerbase/bin
/usr/local/lib is symlinked to /opt/containerbase/lib
tool prepare state is stored at /var/lib/containerbase
all cache files are stored at /tmp/containerbase
files and folders in user home are symlinked to /tmp/containerbase/cache (eg .cache, .npmrc, .npm)

`binarySource=global`

needs /tmp writable

`binarySource=install`

needs /tmp writable
needs /opt/containerbase writable

related issues

Michael Kriese · Answer 1 · Tue Feb 13 2024 20:19:18 GMT+0800 (China Standard Time)

@rarkins There is one more issue! npm always tries to write to ~/.npm/_logs.

Rhys Arkins · Answer 2 · Tue Feb 13 2024 21:52:20 GMT+0800 (China Standard Time)

It cannot be stopped??

Michael Kriese · Answer 3 · Tue Feb 13 2024 23:03:08 GMT+0800 (China Standard Time)

not i'm aware of. i'm now redirecting home to /opt/containerbase/home, see linked PR.

We need to think about the existing data at /opt/containerbase when mounting a volume which will hide all existing. 🤔

Michael Kriese · Answer 4 · Wed Feb 14 2024 20:19:40 GMT+0800 (China Standard Time)

I think we need to split installs again.

So when running as root and it's a docker build, then install tools to some other persistent path.
Otherwise all files and prepare information are gone when mounting a volume to /opt/containerbase 🤔

I would add a new containerbase-cli restore command, which recreates all missing folders and files.
It then symlinks the root installed files there, so the layout looks like now.

containerbase-cli restore will be called automatically by the entrypoint script and should be called by custom images with their own entrypoint.

@rarkins WDYT? Can you follow me?

Rhys Arkins · Answer 5 · Wed Feb 14 2024 21:57:53 GMT+0800 (China Standard Time)

I'm not sure I fully follow, but I guess you mean that when the user mounts a volume to /opt/containerbase then anything we've put there prior is lost. So you're planning to put it in another location and symlink it over whenever the container runs?

Michael Kriese · Answer 6 · Wed Feb 14 2024 22:05:32 GMT+0800 (China Standard Time)

Yes, that's the core idea.

When later running install-tool as user it will simply install to /opt/containerbase as now.
I can propably also check and run the containerbase-cli restore command implicit from install-tool when something is missing inside /opt/containerbase.

Rhys Arkins · Answer 7 · Wed Feb 14 2024 22:18:28 GMT+0800 (China Standard Time)

Would it be a viable alternative to allow the user to configure the containerbase rw location via env variable? If configured then the restore happens from /opt/containerbase otherwise /opt/containerbase is used? Or is it too hard to set up PATH etc?

Michael Kriese · Answer 8 · Thu Feb 15 2024 00:48:40 GMT+0800 (China Standard Time)

we can't ensure path then. a user would need to explicit set it 😞