[airflow] branch main updated: Support rootless mode for docker. (#34537)

Fri, 22 Sep 2023 02:13:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

husseinawala pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 0631af8652 Support rootless mode for docker. (#34537)
0631af8652 is described below

commit 0631af86525ad98e90cdc0bf120df7192ea2e912
Author: Jarek Potiuk <[email protected]>
AuthorDate: Fri Sep 22 05:12:11 2023 -0400

    Support rootless mode for docker. (#34537)
    
    In case docker is run in rootless mode, the host UID is mapped to root
    user automatically and host user id is mapped to 100999 (unknown) so
    changing ownership for created files in rootless mode is problematic
    as it makes the generated files inaccessible
---
 dev/breeze/src/airflow_breeze/utils/docker_command_utils.py | 13 +++++++++++++
 scripts/ci/docker-compose/_docker.env                       |  1 +
 scripts/ci/docker-compose/base.yml                          |  1 +
 scripts/ci/docker-compose/devcontainer.env                  |  1 +
 scripts/in_container/_in_container_utils.sh                 |  4 ++++
 5 files changed, 20 insertions(+)

diff --git a/dev/breeze/src/airflow_breeze/utils/docker_command_utils.py 
b/dev/breeze/src/airflow_breeze/utils/docker_command_utils.py
index 3dd9b4ffb6..d0394674f6 100644
--- a/dev/breeze/src/airflow_breeze/utils/docker_command_utils.py
+++ b/dev/breeze/src/airflow_breeze/utils/docker_command_utils.py
@@ -145,6 +145,16 @@ def get_extra_docker_flags(mount_sources: str, 
include_mypy_volume: bool = False
     return extra_docker_flags
 
 
+def is_docker_rootless():
+    response = run_command(
+        ["docker", "info", "-f", "{{println .SecurityOptions}}"], 
capture_output=True, check=True, text=True
+    )
+    if "rootless" in response.stdout.strip():
+        get_console().print("[info]Docker is running in rootless mode.[/]\n")
+        return True
+    return False
+
+
 def check_docker_resources(airflow_image_name: str) -> RunCommandResult:
     """
     Check if we have enough resources to run docker. This is done via running 
script embedded in our image.
@@ -571,6 +581,7 @@ def update_expected_environment_variables(env: dict[str, 
str]) -> None:
     set_value_to_default_if_not_set(env, "COLLECT_ONLY", "false")
     set_value_to_default_if_not_set(env, "DB_RESET", "false")
     set_value_to_default_if_not_set(env, "DEFAULT_BRANCH", AIRFLOW_BRANCH)
+    set_value_to_default_if_not_set(env, "DOCKER_IS_ROOTLESS", "false")
     set_value_to_default_if_not_set(env, "ENABLED_SYSTEMS", "")
     set_value_to_default_if_not_set(env, "ENABLE_TEST_COVERAGE", "false")
     set_value_to_default_if_not_set(env, "HELM_TEST_PACKAGE", "")
@@ -706,6 +717,8 @@ def prepare_broker_url(params, env_variables):
 def perform_environment_checks():
     check_docker_is_running()
     check_docker_version()
+    if is_docker_rootless():
+        os.environ["DOCKER_IS_ROOTLESS"] = "true"
     check_docker_compose_version()
 
 
diff --git a/scripts/ci/docker-compose/_docker.env 
b/scripts/ci/docker-compose/_docker.env
index aa21804e9b..f0efac7768 100644
--- a/scripts/ci/docker-compose/_docker.env
+++ b/scripts/ci/docker-compose/_docker.env
@@ -37,6 +37,7 @@ DB_RESET
 DEFAULT_BRANCH
 DEFAULT_CONSTRAINTS_BRANCH
 DEV_MODE
+DOCKER_IS_ROOTLESS
 ENABLED_SYSTEMS
 ENABLE_TEST_COVERAGE
 GITHUB_ACTIONS
diff --git a/scripts/ci/docker-compose/base.yml 
b/scripts/ci/docker-compose/base.yml
index 1ce740d801..d3a18f9027 100644
--- a/scripts/ci/docker-compose/base.yml
+++ b/scripts/ci/docker-compose/base.yml
@@ -47,6 +47,7 @@ services:
       - DEFAULT_BRANCH=${DEFAULT_BRANCH}
       - DEFAULT_CONSTRAINTS_BRANCH=${DEFAULT_CONSTRAINTS_BRANCH}
       - DEV_MODE=${DEV_MODE}
+      - DOCKER_IS_ROOTLESS=${DOCKER_IS_ROOTLESS}
       - ENABLED_SYSTEMS=${ENABLED_SYSTEMS}
       - ENABLE_TEST_COVERAGE=${ENABLE_TEST_COVERAGE}
       - GITHUB_ACTIONS=${GITHUB_ACTIONS}
diff --git a/scripts/ci/docker-compose/devcontainer.env 
b/scripts/ci/docker-compose/devcontainer.env
index f71a0e1e39..a297d7579c 100644
--- a/scripts/ci/docker-compose/devcontainer.env
+++ b/scripts/ci/docker-compose/devcontainer.env
@@ -35,6 +35,7 @@ DB_RESET="false"
 DEFAULT_BRANCH="main"
 DEFAULT_CONSTRAINTS_BRANCH="constraints-main"
 DEV_MODE="true"
+DOCKER_IS_ROOTLESS="false"
 ENABLED_SYSTEMS=
 ENABLE_TEST_COVERAGE="false"
 GITHUB_ACTIONS="false"
diff --git a/scripts/in_container/_in_container_utils.sh 
b/scripts/in_container/_in_container_utils.sh
index 2ed267dd54..c962856827 100644
--- a/scripts/in_container/_in_container_utils.sh
+++ b/scripts/in_container/_in_container_utils.sh
@@ -66,6 +66,10 @@ function in_container_script_start() {
 #
 function in_container_fix_ownership() {
     if [[ ${HOST_OS:=} == "linux" ]]; then
+        if [[ ${DOCKER_IS_ROOTLESS=} == "true" ]]; then
+             echo "${COLOR_YELLOW}Skip fixing ownership of generated files: 
Docker is rootless${COLOR_RESET}"
+             return
+        fi
         DIRECTORIES_TO_FIX=(
             "/dist"
             "/files"

Reply via email to