From 779a47eee403afd3fcc7f94065245dd321846b2f Mon Sep 17 00:00:00 2001 From: Liqun Li Date: Thu, 11 Apr 2024 12:55:19 +0800 Subject: [PATCH 1/3] fix permission issue --- docker/ces_container/Dockerfile | 3 ++- scripts/build_executor.ps1 | 5 +---- taskweaver/ces/environment.py | 12 ++++++++---- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/docker/ces_container/Dockerfile b/docker/ces_container/Dockerfile index 826d9a05..a4c297f7 100644 --- a/docker/ces_container/Dockerfile +++ b/docker/ces_container/Dockerfile @@ -3,7 +3,8 @@ FROM python:3.10-slim WORKDIR /app -RUN useradd -m taskweaver +RUN groupadd --gid 10002 taskweaver +RUN useradd --uid 10002 --gid taskweaver -m taskweaver # Set the working directory to /app RUN chown taskweaver:taskweaver /app diff --git a/scripts/build_executor.ps1 b/scripts/build_executor.ps1 index ef7cffc2..68631fa5 100644 --- a/scripts/build_executor.ps1 +++ b/scripts/build_executor.ps1 @@ -1,7 +1,7 @@ $scriptDirectory = $PSScriptRoot Write-Host "The script directory is: $scriptDirectory" -$version = "0.1" +$version = "0.2" $imageName = "taskweavercontainers/taskweaver-executor" $imageFullName = "${imageName}:${version}" @@ -23,8 +23,5 @@ docker build -t $imageFullName -f $dockerfilePath $contextPath # Tag the image docker tag $imageFullName "${imageName}:latest" -``` -# Tag the image -docker tag $imageName taskweavercontainers/taskweaver-executor:latest diff --git a/taskweaver/ces/environment.py b/taskweaver/ces/environment.py index d9967a69..65811a77 100644 --- a/taskweaver/ces/environment.py +++ b/taskweaver/ces/environment.py @@ -144,9 +144,13 @@ def __init__( except docker.errors.DockerException as e: raise docker.errors.DockerException(f"Failed to connect to Docker daemon: {e}. ") - self.image_name = "taskweavercontainers/taskweaver-executor" + self.image_name = "taskweavercontainers/taskweaver-executor:latest" try: - self.docker_client.images.get(self.image_name) + local_image = self.docker_client.images.get(self.image_name) + registry_image = self.docker_client.images.get_registry_data(self.image_name) + if local_image.id != registry_image.id: + logger.info(f"Local image {local_image.id} does not match registry image {registry_image.id}.") + raise docker.errors.ImageNotFound("Local image is outdated.") except docker.errors.ImageNotFound: logger.info("Pulling image from docker.io.") try: @@ -221,8 +225,8 @@ def start_session( elif self.mode == EnvMode.Container: if platform.system() != "Windows": # change the permission of the ces and cwd directories - os.chmod(ces_session_dir, 0o755) - os.chmod(cwd, 0o755) + os.chown(ces_session_dir, uid=10002, gid=10002) + os.chown(cwd, uid=10002, gid=10002) connection_file = self._get_connection_file(session_id, new_kernel_id) new_port_start = self.port_start_inside_container From 26dd6003d7bfacc42d13a2b313973f205e484992 Mon Sep 17 00:00:00 2001 From: Liqun Li Date: Thu, 11 Apr 2024 14:57:19 +0800 Subject: [PATCH 2/3] fix permission bug --- docker/ces_container/Dockerfile | 24 +++++++++--------------- docker/ces_container/entrypoint.sh | 13 +++++++++++++ taskweaver/ces/environment.py | 14 +++++++------- 3 files changed, 29 insertions(+), 22 deletions(-) create mode 100644 docker/ces_container/entrypoint.sh diff --git a/docker/ces_container/Dockerfile b/docker/ces_container/Dockerfile index a4c297f7..768f3686 100644 --- a/docker/ces_container/Dockerfile +++ b/docker/ces_container/Dockerfile @@ -3,28 +3,22 @@ FROM python:3.10-slim WORKDIR /app -RUN groupadd --gid 10002 taskweaver -RUN useradd --uid 10002 --gid taskweaver -m taskweaver - -# Set the working directory to /app -RUN chown taskweaver:taskweaver /app - -USER taskweaver - # Copy the requrements file -COPY --chown=taskweaver:taskweaver requirements.txt . -RUN pip install --no-cache-dir --no-warn-script-location --user -r requirements.txt +COPY requirements.txt . +RUN pip install --no-cache-dir --no-warn-script-location -r requirements.txt # TODO: Install additional packages for plugins # Copy the project code -COPY --chown=taskweaver:taskweaver taskweaver/ces /app/taskweaver/ces -COPY --chown=taskweaver:taskweaver taskweaver/plugin /app/taskweaver/plugin -COPY --chown=taskweaver:taskweaver taskweaver/module /app/taskweaver/module -COPY --chown=taskweaver:taskweaver taskweaver/__init__.py /app/taskweaver/__init__.py +COPY taskweaver/ces /app/taskweaver/ces +COPY taskweaver/plugin /app/taskweaver/plugin +COPY taskweaver/module /app/taskweaver/module +COPY taskweaver/__init__.py /app/taskweaver/__init__.py +COPY docker/ces_container/entrypoint.sh /app/entrypoint.sh +RUN chmod +x /app/entrypoint.sh ENV PYTHONPATH "${PYTHONPATH}:/app" -CMD ["python", "-m", "taskweaver.ces.kernel.launcher"] +ENTRYPOINT ["/app/entrypoint.sh"] diff --git a/docker/ces_container/entrypoint.sh b/docker/ces_container/entrypoint.sh new file mode 100644 index 00000000..3b13a3be --- /dev/null +++ b/docker/ces_container/entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +USER_ID=${TASKWEAVER_UID:-10002} +GROUP_ID=${TASKWEAVER_GID:-10002} + +echo "Starting with UID: $USER_ID, GID: $GROUP_ID" +useradd -u $USER_ID -o -m taskweaver +groupmod -g $GROUP_ID taskweaver + +chown -R taskweaver:taskweaver /app + +su taskweaver -c "python -m taskweaver.ces.kernel.launcher" + diff --git a/taskweaver/ces/environment.py b/taskweaver/ces/environment.py index 65811a77..cd06530c 100644 --- a/taskweaver/ces/environment.py +++ b/taskweaver/ces/environment.py @@ -144,7 +144,7 @@ def __init__( except docker.errors.DockerException as e: raise docker.errors.DockerException(f"Failed to connect to Docker daemon: {e}. ") - self.image_name = "taskweavercontainers/taskweaver-executor:latest" + self.image_name = "taskweavercontainers/taskweaver-executor:test" try: local_image = self.docker_client.images.get(self.image_name) registry_image = self.docker_client.images.get_registry_data(self.image_name) @@ -223,11 +223,6 @@ def start_session( self._cmd_session_init(session) session.kernel_status = "ready" elif self.mode == EnvMode.Container: - if platform.system() != "Windows": - # change the permission of the ces and cwd directories - os.chown(ces_session_dir, uid=10002, gid=10002) - os.chown(cwd, uid=10002, gid=10002) - connection_file = self._get_connection_file(session_id, new_kernel_id) new_port_start = self.port_start_inside_container kernel_env = { @@ -239,6 +234,12 @@ def start_session( "TASKWEAVER_PORT_START": str(new_port_start), "TASKWEAVER_LOGGING_FILE_PATH": "/app/ces/kernel_logging.log", } + + if platform.system() != "Windows": + # change the permission of the ces and cwd directories + kernel_env["TASKWEAVER_UID"] = str(os.getuid()) + kernel_env["TASKWEAVER_GID"] = str(os.getgid()) + # ports will be assigned automatically at the host container = self.docker_client.containers.run( image=self.image_name, @@ -255,7 +256,6 @@ def start_session( f"{new_port_start + 3}/tcp": None, f"{new_port_start + 4}/tcp": None, }, - user="taskweaver", ) tick = 0 From d021dca8dea023ca98acae6ef6e5fab57c3ac007 Mon Sep 17 00:00:00 2001 From: Liqun Li Date: Thu, 11 Apr 2024 15:30:48 +0800 Subject: [PATCH 3/3] switch image name --- taskweaver/ces/environment.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/taskweaver/ces/environment.py b/taskweaver/ces/environment.py index cd06530c..8984e69f 100644 --- a/taskweaver/ces/environment.py +++ b/taskweaver/ces/environment.py @@ -144,7 +144,7 @@ def __init__( except docker.errors.DockerException as e: raise docker.errors.DockerException(f"Failed to connect to Docker daemon: {e}. ") - self.image_name = "taskweavercontainers/taskweaver-executor:test" + self.image_name = "taskweavercontainers/taskweaver-executor:latest" try: local_image = self.docker_client.images.get(self.image_name) registry_image = self.docker_client.images.get_registry_data(self.image_name)