Modmail
Modmail copied to clipboard
modmail-dev
Fix Docker file permission issue
This PR fixes the permission issue (#3319) by installing the Python dependencies as a non-root user.
It also changes the base python image to alpine version since it's smaller in size.
This reduced image size from 1.07GB ~> 250MB. Tested with locally-built image on Docker Desktop 4.25.2 (129061)
~~Ignore the messy commits I'm too lazy to squash them~~
Don´t understand me wrong, your idea installing that via pipenv is also nice.
But I feel like the improvement could be better because like already said, we have a isolated python environment in the image/container build so we could just install the modules inside the modmail user using the --user flag of pip install.
And it also fixes the issue I am getting on the issue I´m getting with pipenv aka the Pipfile.lock file
I tried building the image locally on my ubuntu 20.04 vps. Facing this issue:
root@vserver:/home/masteradmin/modmail-dev/Modmail# docker build -t modmailbotimage:latest . --no-cache [+] Building 0.9s (10/12) docker:default => [internal] load .dockerignore 0.0s => => transferring context: 1.75kB 0.0s => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 418B 0.0s => [internal] load metadata for docker.io/library/python:3.10 0.0s => CACHED [1/8] FROM docker.io/library/python:3.10 0.0s => [internal] load build context 0.1s => => transferring context: 953B 0.0s => CANCELED [2/8] RUN apt update && apt install -y g++ git && pip install --upgrade pip 0.7s => CACHED [3/8] RUN useradd modmail 0.0s => CACHED [4/8] WORKDIR /home/modmail 0.0s => CACHED [5/8] RUN pip install --user pipenv 0.0s => ERROR [6/8] COPY --chown=modmail:modmail Pipfile Pipfile.lock ./ 0.0s ------ > [6/8] COPY --chown=modmail:modmail Pipfile Pipfile.lock ./: ------ Dockerfile:13 -------------------- 11 | ENV PATH="/home/modmail/.local/bin:${PATH}" 12 | 13 | >>> COPY --chown=modmail:modmail Pipfile Pipfile.lock ./ 14 | RUN pipenv install 15 | -------------------- ERROR: failed to solve: failed to compute cache key: failed to calculate checksum of ref 06d46631-a422-4771-b4ae-d1c886f53ef5::vkn69h4jf1xigfqsebd97mhy2: "/Pipfile.lock": not foundI tried to edit the Dockerfile to improve it and got a solution without using pipenv inside the container and I also like it more not using the pipenv as we already have a isolated environment inside the image/container so we could just install the modules as modmail user. I tested the following image built locally the bot works including installation of plugins. No Errors regarding permissions anymore.
Improved image:
FROM python:3.10 RUN apt update && apt install -y g++ git && pip install --upgrade pip RUN useradd modmail USER modmail WORKDIR /home/modmail ENV PATH="/home/modmail/.local/bin:${PATH}" COPY --chown=modmail:modmail . . RUN pip install -r requirements.txt --user ENV USING_DOCKER yes CMD ["python","bot.py"]Can you also test this one and if you like change it in the PR?
The error is related to Pipfile.lock not existing either because you don't have the file or it's specified in .dockerignore.
Ah yea true. Ignore what I said earlier about the error in first part of the change suggestion.
@martinbndr I refactored the Dockerfile as per your suggestion to use pip, but with some additional improvements like using the alpine-based image and multi-stage build for minimum image size. It went down from ~1.19GB to ~250MB in size.
Would be nice to update this as it´s a quite important fix for all users hosting this on docker. @Taaku18
I ran into this issue trying to run a plugin which installed a dependency using pip: https://github.com/Jerrie-Aries/modmail-plugins/issues/42
I ran into this issue trying to run a plugin which installed a dependency using pip: Jerrie-Aries/modmail-plugins#42
That is the issue this PR is trying to fix...
I ran into this issue trying to run a plugin which installed a dependency using pip: Jerrie-Aries/modmail-plugins#42
That is the issue this PR is trying to fix...
as far as i can tell the original issue linked was slightly different, as it concerned temp not home
I ran into this issue trying to run a plugin which installed a dependency using pip: Jerrie-Aries/modmail-plugins#42
That is the issue this PR is trying to fix...
as far as i can tell the original issue linked was slightly different, as it concerned temp not home
The main issue is the Python deps have root file ownership while the bot is running as a user, regardless of where they're being installed. I can install the plugin mentioned in your linked issue just fine using this PR, when proper chown is used in the Dockerfile
I updated the Dockerfile to use the Debian based slim image instead of Alpine. Reasons being: 1. Alpine images suffers from a performance penalty, 2. potential compatibility issues with plugins, 3. longer build time. Furthermore, building Modmail using the slim image as opposed to alpine also yields a marginally smaller image (251MB -> 239MB). I also changed /home/modmail to /opt/modmail since modmail isn't a login user.
