ann-benchmarks icon indicating copy to clipboard operation
ann-benchmarks copied to clipboard

Published 20 hours ago verified publisher icon erikbern

[WIP] Run docker as user

Open maumueller opened this issue 3 years ago • 7 comments

As discussed in #225.

Let's see what CI says to that.

maumueller avatar Mar 24 '21 08:03 maumueller

Maybe it would be simpler to execute sudo chown -R $(whoami):$(whoami) results or equivalent chmod from the python runner? I think I've solved this issue in docker at some point before (I remember it was a pain), so if I remember where and how I'll post back here.

alexklibisz avatar Apr 05 '21 01:04 alexklibisz

Thanks for the comment @alexklibisz . I didn't look further into this, but it seems to be working with the exception of milvus (ping @scsven: can you see the problem with https://travis-ci.org/github/erikbern/ann-benchmarks/jobs/764372092?)

I'm a bit unsure how your approach of chowning in the python runner would actually work: How would you propagate the username? I also think it's difficult to get the group and user ids of the container and the host matched up. Would be interesting to see a working version of your approach!

maumueller avatar Apr 06 '21 11:04 maumueller

@maumueller Please make sure Milvus running as root in the container. I ran your branch on my machine, the errors on Travis-ci can be reproduced. When I add sudo LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/lib/milvus/lib in install/Dockerfile.milvus:22, the errors dismissed.

Whole line: RUN echo 'sudo LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/lib/milvus/lib /var/lib/milvus/bin/milvus_server -d -c /var/lib/milvus/conf/server_config.yaml -l /var/lib/milvus/conf/log_config.conf' >> entrypoint.sh

wxyucs avatar Apr 12 '21 07:04 wxyucs

Sorry completely missed this PR. Is it necessary to do it this way? If we want to solve #225 can't we just run the website creation as a user? alternatively the superuser could just chmod a+r

erikbern avatar Apr 14 '21 17:04 erikbern

I think this is not just about #225 but more general about creating files with the correct rights. @scsven's suggestion is running through CI; then it should be working.

I'm honestly not sure as well: It's kind of nice that it creates the files with the correct user and group, and I actually think it's an advantage to see the sudo in case users see the dockerfile as a reference installation guide.

Giving a+w (the problem is writing to the file for caching of results) at some well defined point would work as well. It probably has to be done within the Python runner with the current Docker setup, which is pretty strange.

maumueller avatar Apr 14 '21 18:04 maumueller

fair enough, makes sense

is this ready to be merged?

erikbern avatar Apr 16 '21 19:04 erikbern

Let me smash the commits and do some more test runs, I'll get back to you on this.

maumueller avatar Apr 19 '21 16:04 maumueller