Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tern crashes when running in a container #153

Closed
nishakm opened this issue Jan 25, 2019 · 2 comments
Closed

Tern crashes when running in a container #153

nishakm opened this issue Jan 25, 2019 · 2 comments
Assignees
@nishakm
Labels
bug Something went wrong
Milestone
Release 0.3.0

Comments

@nishakm
Copy link
Contributor

nishakm commented Jan 25, 2019

Describe the bug
When running tern in a container with docker socket mounted, the debug message says "unable to load image metadata".

To Reproduce
Steps to reproduce the behavior:
Dockerfile:

FROM photon:3.0

RUN tdnf install -y python3 python3-pip python3-setuptools

# copy tern repo into root
COPY . .

RUN pip3 install -r requirements.txt

ENTRYPOINT ["./tern"]

run:

$ docker build -t tern:0.2.0 .
$ docker run -v /var/run/docker.sock:/var/run/docker.sock tern:0.2.0 report -i docker.io/vmware/photon:3.0

Error in terminal

2019-01-25 16:18:45,932 - DEBUG - tern - Starting...
2019-01-25 16:18:45,933 - DEBUG - report - Setting up...
2019-01-25 16:18:47,520 - DEBUG - container - Checking if image docker.io/photon:3.0 is available on disk...                                                                                      
2019-01-25 16:18:47,540 - DEBUG - container - Image docker.io/photon:3.0 found
2019-01-25 16:18:49,214 - WARNING - report - Cannot retrieve full image metadata
2019-01-25 16:18:49,229 - DEBUG - report - Teardown...
2019-01-25 16:18:50,399 - DEBUG - rootfs - Running command: rm -rf temp/mergedir
2019-01-25 16:18:50,406 - DEBUG - rootfs - Running command: rm -rf temp/workdir
2019-01-25 16:18:50,447 - DEBUG - tern - Report completed.
2019-01-25 16:18:50,448 - DEBUG - tern - Finished

Expected behavior
Should complete successfully

Environment you are running Tern on
photonOS container with host docker socket mounted

Please attach files if they exist
@nishakm nishakm added the bug Something went wrong label Jan 25, 2019
@nishakm nishakm added this to the Release 0.3.0 milestone Jan 25, 2019
@nishakm nishakm self-assigned this Jan 25, 2019
@nishakm
Copy link
Contributor Author

nishakm commented Jan 25, 2019

Running in a photonOS container with python and requirements installed. I found this:

>>> from classes.docker_image import DockerImage
>>> d = DockerImage('docker.io/photon:3.0')
>>> d.load_image()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/classes/docker_image.py", line 164, in load_image
    layer.gen_fs_hash()
  File "/classes/image_layer.py", line 143, in gen_fs_hash
    self.__fs_hash = rootfs.calc_fs_hash(fs_dir)
  File "/utils/rootfs.py", line 176, in calc_fs_hash
    ['sudo', './tools/fs_hash.sh', os.path.abspath(fs_path)])
  File "/usr/lib/python3.7/subprocess.py", line 376, in check_output
    **kwargs).stdout
  File "/usr/lib/python3.7/subprocess.py", line 453, in run
    with Popen(*popenargs, **kwargs) as process:
  File "/usr/lib/python3.7/subprocess.py", line 756, in __init__
    restore_signals, start_new_session)
  File "/usr/lib/python3.7/subprocess.py", line 1499, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'sudo': 'sudo'

The fs_hash script needs to be run as regular user but 'sudo' is used as a default.

@nishakm
Copy link
Contributor Author

nishakm commented Jan 25, 2019

Also, in the Dockerfile, some extra stuff needs to happen before the photonOS container can run tern:

RUN tdnf remove -y toybox && install -y findutils attr python3 python3-pip python3-setuptools

nishakm pushed a commit to nishakm/tern that referenced this issue Jan 25, 2019
Call fs_hash.sh tool using root_command wrapper
14451aa 
Currently, this hashing function needs to run as root. Sudo was
hard coded into the subprocess call, which causes it to fail if the
user running fs_hash was root, as is the case with Docker containers

Fixes tern-tools#153

Signed-off-by: Nisha K <[email protected]>
@nishakm nishakm mentioned this issue Jan 25, 2019
Merged
nishakm pushed a commit that referenced this issue Jan 25, 2019
Call fs_hash.sh tool using root_command wrapper
6e75f82 
Currently, this hashing function needs to run as root. Sudo was
hard coded into the subprocess call, which causes it to fail if the
user running fs_hash was root, as is the case with Docker containers

Fixes #153

Signed-off-by: Nisha K <[email protected]>
rnjudge pushed a commit to rnjudge/tern that referenced this issue Jun 5, 2020
Call fs_hash.sh tool using root_command wrapper
d6204e9 
Currently, this hashing function needs to run as root. Sudo was
hard coded into the subprocess call, which causes it to fail if the
user running fs_hash was root, as is the case with Docker containers

Fixes tern-tools#153

Signed-off-by: Nisha K <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nishakm nishakm

Labels
bug Something went wrong
Projects
None yet
Milestone
Release 0.3.0
Development

No branches or pull requests
1 participant
@nishakm