Snap `/tmp` folder + Docker mounting point

Question

Snap `/tmp` folder + Docker mounting point

leonakao opened this issue 3 years ago · comments

Describe the bug

An error occurred when I try run the command kool deploy logs -f app.

Follow the error:

kool --verbose deploy logs -f app
api - calling URL: https://kool.dev/api/deploy/exec?
api - got response: {"server":"https:\/\/808A64640E3217D47085F09CEBCDC1B8.gr7.us-east-1.eks.amazonaws.com","token":"...","ca.crt":"...","namespace":"dev-none-default-loly-loly-web-developkooldev","path":"deployment\/app"}
$ (TTY in: true out: true) kool [docker -- -v /tmp/.kool-cluster-CA:/tmp/.kool-cluster-CA kooldev/toolkit:full kubectl --server https://808A64640E3217D47085F09CEBCDC1B8.gr7.us-east-1.eks.amazonaws.com --token XXX --namespace dev-none-default-loly-loly-web-developkooldev --certificate-authority /tmp/.kool-cluster-CA logs -f --tail 25 deployment/app -c default]
[recursive call]
$ (TTY in: true out: true) docker [run --init --rm -w /app -i -t --env ASUSER=1000 --volume /home/leonakao/projects/loly/web:/app:delegated -v /tmp/.kool-cluster-CA:/tmp/.kool-cluster-CA kooldev/toolkit:full kubectl --server https://808A64640E3217D47085F09CEBCDC1B8.gr7.us-east-1.eks.amazonaws.com --token XXX --namespace dev-none-default-loly-loly-web-developkooldev --certificate-authority /tmp/.kool-cluster-CA logs -f --tail 25 deployment/app -c default]
error: read /tmp/.kool-cluster-CA: is a directory
2021/05/11 17:06:36.851613 exit status 1

Kool version and environment

kool version 1.11.0

Docker version 19.03.13

Elementary OS:

Distributor ID: elementary
Description: elementary OS 5.1.7 Hera
Release: 5.1.7
Codename: hera

Base OS:

Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic

Additional context

Docker was installed using snapcraft but I don't know if have some relation in this case.

Daniel Jun Suguimoto · Answer 1 · Fri May 14 2021 22:36:16 GMT+0800 (China Standard Time)

@leonakaodev do you have /tmp/.kool-cluster-CA in your host machine? If you don't, docker will bind it as a folder into the container, indeed.

Daniel Jun Suguimoto · Answer 2 · Fri May 14 2021 22:38:17 GMT+0800 (China Standard Time)

@fabriciojs if the absence of this file is generating this error, could we add an extra validation for it? Even if it is not the real issue here, it could probably occur, I guess...just supposing, haven't seen the code to check...

Leonardo Nakao · Answer 3 · Tue May 18 2021 23:04:01 GMT+0800 (China Standard Time)

@leonakaodev do you have /tmp/.kool-cluster-CA in your host machine? If you don't, docker will bind it as a folder into the container, indeed.

@danielsuguimoto I didn't have this file on my machine. Shouldn't the kool generate it in this case before the docker bind it as a folder?

ps: I solved the problem by installing manually kubectl

Fabrício José Souza · Answer 4 · Wed May 19 2021 22:48:10 GMT+0800 (China Standard Time)

This is an issue with the kubectl on kool docker strategy, when no kubectl is available in the host OS.

It seems indeed that the file was not available which would make the map become a folder, like @danielsuguimoto mentioned.

We shall review the file creation error handling, and look into Snap Docker confinement strategy, since I believe it may be changing the /tmp access for Docker, which causes the issue.

Fabrício José Souza · Answer 5 · Sat May 22 2021 20:41:48 GMT+0800 (China Standard Time)

We already have the file creation properly validated, the issue here indeed is due to Snap handling of /tmp folders:

https://forum.snapcraft.io/t/read-write-access-to-tmp/21743

https://stackoverflow.com/questions/65267251/docker-bind-mount-directory-in-tmp-not-working

Fabrício José Souza · Answer 6 · Fri Jul 01 2022 11:33:30 GMT+0800 (China Standard Time)

We can revisit the credentials generation/creation in #300 updates for v2.