initial version #1
Conversation
|
|
||
| # Install our Node.js app | ||
| # $buildDeps will be added for the `npm install`, then removed immediately after | ||
| # the resulting image layer will not include the size of the $buildDeps |
| ENV CONTAINERBUDDY_CHECKSUM c25d3af30a822f7178b671007dcd013998d9fae1 | ||
| ENV CONTAINERBUDDY file:///etc/containerbuddy.json | ||
|
|
||
| RUN export CB_SHA1=c25d3af30a822f7178b671007dcd013998d9fae1 \ |
There was a problem hiding this comment.
This SHA is not actually used, but I copypasta'd it from the Jenkins blueprint. @tgross you prefer this one or the other?
There was a problem hiding this comment.
Oh it looks like we're have it repeated in the Jenkins blueprint too... it's both CONTAINERBUDDY_CHECKSUM and CB_SHA1. I don't see any reason to have both. I think keeping the checksum in the environment after the installation (via the ENV stanza) doesn't make a whole lot of sense because it's the checksum of the zip file, which we toss out when we're done.
| - 111 | ||
| - 2049 | ||
|
|
||
| client: |
There was a problem hiding this comment.
docker exec -it nfsserver_client_1 bashAnd on nfsserver_client_1:
apt-get update && apt-get install -y nfs-common
mkdir /nfs
mount -o nolock,vers=3 nfs:/ /nfsSHA checksum per #1 (comment)
|
It seems working. See directions in https://github.com/misterbisson/nfsserver/blob/wip/README.md. To do:
|
| - 1892 | ||
| - 2049 | ||
| environment: | ||
| - CONSUL=consul |
There was a problem hiding this comment.
This should be - CONSUL unless you're linking; you'll only want - CONSUL=consul for the local-docker-compose.yml.
There was a problem hiding this comment.
I was being lazy
There was a problem hiding this comment.
I added this as a task in #1 (comment)
| pid=$(pidof /usr/sbin/rpc.idmapd) | ||
| if [ -z "$pid" ] | ||
| then | ||
| echo "/usr/sbin/rpc.idmapd not running" |
There was a problem hiding this comment.
This seems to stream errors on Triton without affecting usability.
It does affect the health reporting to Consul, however, so it needs to be removed or fixed.
There was a problem hiding this comment.
Strangely enough, this works with no problems on my local test environment, rpc.idmapd is actually running here:
root@5bf58ec1d9c3:/# pidof /usr/sbin/rpc.idmapd
38
root@5bf58ec1d9c3:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 18864 10432 ? Ssl 20:48 0:00 /bin/containerbuddy node /opt/nfs/node_modules/sdc-nfs/server.js -f /etc/sdc-nfs.json
root 20 0.0 0.0 37092 2860 ? Ss 20:48 0:00 /sbin/rpcbind -w
statd 29 0.0 0.3 90352 55940 ? Ss 20:48 0:00 /sbin/rpc.statd
root 38 0.0 0.0 23368 220 ? Ss 20:48 0:00 /usr/sbin/rpc.idmapd
root 39 0.0 0.1 973044 30608 ? Sl 20:48 0:00 node /opt/nfs/node_modules/sdc-nfs/server.js -f /etc/sdc-nfs.json
root 4048 0.1 0.0 20356 3264 ? Ss 21:28 0:00 /bin/bash
root 4079 0.0 0.0 17512 2084 ? R+ 21:29 0:00 ps aux
root@5bf58ec1d9c3:/#
container on triton:
root@e7dfddacd3c2:/# pidof /usr/sbin/rpc.idmapd
root@e7dfddacd3c2:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 16507 0.0 1.0 40036 2776 ? Ss 21:22 0:00 /sbin/rpcbind -w
root 16522 0.0 11.4 64384 29944 ? Sl 21:22 0:00 node /opt/nfs/node_modules/sdc-nfs/server.js -f /etc/sdc-nfs.json
statd 16516 0.0 2.5 43492 6796 ? Ss 21:22 0:00 /sbin/rpc.statd
root 1 0.0 4.0 16928 10688 ? Sl 21:22 0:00 /bin/containerbuddy node /opt/nfs/node_modules/sdc-nfs/server.js -f /etc/s
root 18108 0.0 1.5 23032 4124 ? Ss 21:25 0:00 /bin/bash
root 27305 0.0 1.2 19796 3180 ? R 21:33 0:00 ps aux
Odd that it starts up and runs fine locally but does not run on Triton
There was a problem hiding this comment.
Agreed, it's odd. Let's comment out the test for now so it reports healthy, and we'll root-cause it in time.
|
@Roxet identified an issue in testing:
This error comes from https://github.com/joyent/sdc-nfsserver. |
|
@Roxet I did the following tests on the docker-compose -f local-compose.yml up -d
docker exec -it nfsserver_nfs_1 bash
mkdir /nfs
mount -t nfs -v -o nolock,vers=3 127.0.0.1:/exports /nfs
touch /nfs/thing
touch -t 8412101730 /nfs/thing
touch -t 3412101730 /nfs/thing
touch -t 193412101730 /nfs/thing
curl -Lso /nfs/thing https://github.com/autopilotpattern/nfsserver/pull/1#issuecomment-207505949I'm going to re-try now from the nfs client. |
docker exec -it nfsserver_client_1 bash
apt-get update && apt-get install -y nfs-common
mkdir /nfs
mount -t nfs -v -o nolock,vers=3 nfs:/exports /nfs
touch /nfs/thing2
touch -t 8412101730 /nfs/thing2
touch -t 3412101730 /nfs/thing2
touch -t 193412101730 /nfs/thing2
touch: setting times of '/nfs/thing2': Value too large for defined data type
curl -Lso /nfs/thing2 https://github.com/autopilotpattern/nfsserver/pull/1#issuecomment-207505949I got this error for
...but, that didn't result in any errors on the server. @Roxet can you help me find a repeatable way to demonstrate this bug? Do you know what time/date it was attempting to set? |
|
@misterbisson strange, testing this on my copy of this repo, with the nfs server container and client container, I used the same commands and I get no error until I try to overwrite the file: As soon as I enter that last curl command I see the errors come in the nfs containers' logs: Could this be a problem with my Docker version? Also, are you guys testing on mac? I'm running Ubuntu, could be a host issue... I'm booting these guys up on triton now to remove that possibility form the test. |
All my testing above was on Triton. I'll re-try locally. |
|
i'm running on triton now too, not getting the same problem. I did see this error come up once when running the curl test, but I only got it once and can't reproduce I'm going to get my WordPress compose stuff in shape to run on Triton and test it there. |
|
Moving some todos to future issues:
|
|
I ran into something a bit odd here with the ownership of This was on Triton so I was using the |
|
|
||
| nfsserver: | ||
| image: autopilotpattern/nfsserver | ||
| privileged: true |
There was a problem hiding this comment.
This is pretty bad juju on Docker-on-Linux. Can we make this more fine-grained with --cap-add or --cap-drop or --device? (ref https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)
There was a problem hiding this comment.
See #1 (comment)
This is not recommended for production use
Server and client containers need
privilegedon Linux hosts (though not on Triton, which supports this securely). This may not be a solvable problem. Docker volume drivers are probably the best recommended work around. On Triton, RFD26 will provide network shared filesystems to Docker containers using Docker volume syntax.For now, consider this an experiment.
| This repo Dockerizes [sdc-nfs](https://github.com/joyent/sdc-nfs), an NFS v3 server implementation in Node.js. This is intended to allow use NFS in projects without requiring kernel NFS support or privileged access, but that is unfortunately not true. | ||
|
|
||
| ## This is not recommended for production use |
There was a problem hiding this comment.
@tgross I added this note explaining privileged
Current tasks outlined in #1 (comment)
A Dockerized version of sdc-nfs, an NFS v3 server implementation in Node.js.
Example usage, from the readme:
Start the project and
docker execinto the "client" container:Inside the "client" container:
The server and client containers need
privileged, though I'm hoping we can find a way to avoid that.