[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039637#comment-17039637 ] ASF subversion and git services commented on AIRFLOW-6823: -- Commit dbe0bbde74ebadb271b2f80dc0508090b69d88d1 in airflow's branch refs/heads/v1-10-test from Jarek Potiuk [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=dbe0bbd ] [AIRFLOW-6823] Fix root owned files automatically in Breeze (#7449) (cherry picked from commit 03fb50aaa4bd7b00968c300781039cebf91043f2) > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Fix For: 2.0.0 > > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039384#comment-17039384 ] ASF subversion and git services commented on AIRFLOW-6823: -- Commit 03fb50aaa4bd7b00968c300781039cebf91043f2 in airflow's branch refs/heads/master from Jarek Potiuk [ https://gitbox.apache.org/repos/asf?p=airflow.git;h=03fb50a ] [AIRFLOW-6823] Fix root owned files automatically in Breeze (#7449) > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Fix For: 2.0.0 > > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039383#comment-17039383 ] ASF GitHub Bot commented on AIRFLOW-6823: - potiuk commented on pull request #7449: [AIRFLOW-6823] Fix root owned files automatically in Breeze URL: https://github.com/apache/airflow/pull/7449 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039374#comment-17039374 ] Ash Berlin-Taylor commented on AIRFLOW-6823: Thanks for the detailed write up! It's on my list to look at longer term, mostly because I object to running anything as root unless I absolutely have to., but I am unlikely to do any work on this any time in the next 6 months realistically: more important things to work on such as Scheduler HA, making "time" less of a special dimension in Airflow to better suit a wider range of workflows etc. > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039157#comment-17039157 ] Jarek Potiuk commented on AIRFLOW-6823: --- It's a very simplified view that applies mostly to production-ready docker images but it does not apply to the CI which is development and CI friendly. Many of the "best practices" for production docker image do not apply to a ci/development one. For one we have other software that is installed/configured in the Docker that we do not mount (minikube and a number of others that are installed and configured during the docker build). That includes (but is not limited to) for example to airflow binary which is not mounted from sources but build during the docker build. If you build it as airflow user and do not make it globally available for all the users , then it will not be executable for the user that you are using with --user when you enter the docker. We are installing a number of those manually in the context of the user that the docker file is built with and until we remove those dependencies I would not like to change it and make it available for all users (including the --user one). there is quite a number of problems involved in us installing a "development" version of airflow as well as a number of dependencies (minicluster/hadoop/hive/kubectl/gcloud/aws etc. etc.). Those tools are usually foreseen (in our version) in development mode - so for the current user not for all users on the machine and by default they come with other/group access disabled. Rather than fix those one-by-one manually to be accessible for other users, I prefer to run them with the same user that they were installed with. Airflow installation itself in development mode '-e' is never intended to be used by another user than it was installed with. Surely you can install airflow in production mode from pypi for all users, but installing airflow in "development" mode for all users is quite a bit more complex due to permissions. We simply cannot mount the whole "airflow sources" folder as on Mac it has very bad side effects which I experienced in the past - for example all the locally built egginfos etc. etc. (so all the folders and files that are created in the sources of airflow) are leaking into docker. One example is that if the .egginfo folders are built locally (for your local virtual environment) - they are mapped into the docker container and cause all the different compatibility problems if you try to use them from inside the container. So literally you would have to manually remove all the .egginfo files every time you enter container and re-install airflow again in the -e development mode. And mapping all the generated files back to the host makes also docker changes leak back to the host. For example if you have locally python2 version and in container python3, the whole thing breaks in a number of unexpected ways in very strange moments and without explainable error messages. This means that we have to live with (for example) .egginfo in Dockerfile generated during the Docker build rather than mounted from the host. In this case if we change the user while entering the docker we would have to either change permission of those .egginfo files to be owned by the new user or change permissions of those folders to be other-writable (i do not know which one is which). They have to be group-writeable to allow for example installing new dependencies. And there are quite a few of other similar folders. The solution is to find and modify all the scripts, folders etc that are not executable/runnable/readable for "others" and make them executable/runnable/readable as "other" - and there are quite a few of those - during the docker build. Which is something that I would not like to do because you never know if you have not fixed this or that permission. And there are other problems I have forgotten about already. If you would like to pursue it - I am happy to review it and help with debugging. But I gave up trying to do that and simply prefer to fix root permissions for generated files and run airflow/tests inside the docker as root. It's literally one find + chmod command to execute at the start of the docker rather than trying to fix all the problems above. Sounds like a child-play comparing. > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[
https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17039098#comment-17039098
]
Ash Berlin-Taylor commented on AIRFLOW-6823:
{quote}We would have to know that user id while we are building Docker (but we
can't as the user might be different on each installation).
{quote}
Not with volume mounting in the source: {{docker run --user $(id -u) -v
$PWD:$PWD -w $PWD}} and the user in the container is the same as the user on
the host. This does have the drawback I mentioned about "I have no name" but
permissions problems is gone using this, and there are then other problems such
as the we wouldnt' have the benefit of pre-compiled assets from the image.
But maybe for breeze environments outside of CI+on linux host this might be an
approach worth investigating.
> Breeze broken on current master on Linux
>
>
> Key: AIRFLOW-6823
> URL: https://issues.apache.org/jira/browse/AIRFLOW-6823
> Project: Apache Airflow
> Issue Type: Bug
> Components: breeze
>Affects Versions: 2.0.0
>Reporter: Aleksander Nitecki
>Assignee: Ash Berlin-Taylor
>Priority: Minor
> Attachments: Breeze on current master log.txt
>
>
> See the attachment for log.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17038743#comment-17038743 ] Jarek Potiuk commented on AIRFLOW-6823: --- Detecting before doing the build is definitely doable. Fix ready to review[: |https://github.com/apache/airflow/pull/7449] [https://github.com/apache/airflow/pull/7449] > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17038741#comment-17038741 ] ASF GitHub Bot commented on AIRFLOW-6823: - potiuk commented on pull request #7449: [AIRFLOW-6823] Fix root owned files automatically in Breeze URL: https://github.com/apache/airflow/pull/7449 --- Issue link: WILL BE INSERTED BY [boring-cyborg](https://github.com/kaxil/boring-cyborg) Make sure to mark the boxes below before creating PR: [x] - [x] Description above provides context of the change - [x] Commit message/PR title starts with `[AIRFLOW-]`. AIRFLOW- = JIRA ID* - [x] Unit tests coverage for changes (not needed for documentation changes) - [x] Commits follow "[How to write a good git commit message](http://chris.beams.io/posts/git-commit/)" - [x] Relevant documentation is updated including usage instructions. - [x] I will engage committers as explained in [Contribution Workflow Example](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#contribution-workflow-example). * For document-only changes commit message can start with `[AIRFLOW-]`. --- In case of fundamental code change, Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvements+Proposals)) is needed. In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x). In case of backwards incompatible changes please leave a note in [UPDATING.md](https://github.com/apache/airflow/blob/master/UPDATING.md). Read the [Pull Request Guidelines](https://github.com/apache/airflow/blob/master/CONTRIBUTING.rst#pull-request-guidelines) for more information. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17038727#comment-17038727 ] Jarek Potiuk commented on AIRFLOW-6823: --- It wont work [~ash] - > the problem is that the airflow files need to be accessible (runnable scripts for example) by the logged user. There are a number of scripts and binaries that are only runnable for the owner, not for groups or others - similarly the directories are not group executable nor other executable. That will prevent the new user from accessing them. We would have to know that user id while we are building Docker (but we can't as the user might be different on each installation). Another workaround is changing ownership of all files at entry (but this makes no sense for us). What could work is user remap feature [https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/] but it needs to be configured at docker engine level. > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Minor > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[
https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17038458#comment-17038458
]
Ash Berlin-Taylor commented on AIRFLOW-6823:
Detecting def seems doable.
Another option which _may_ work is to do {{docker run --user $(id -ur):$(id
-gr) ...}} when running. The downside to that is that without putting an entry
in the container with the right (unknowable-in-advance) user id it shows "I
have no name!".
> Breeze broken on current master on Linux
>
>
> Key: AIRFLOW-6823
> URL: https://issues.apache.org/jira/browse/AIRFLOW-6823
> Project: Apache Airflow
> Issue Type: Bug
> Components: breeze
>Affects Versions: 2.0.0
>Reporter: Aleksander Nitecki
>Assignee: Ash Berlin-Taylor
>Priority: Minor
> Attachments: Breeze on current master log.txt
>
>
> See the attachment for log.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17038414#comment-17038414 ] Aleksander Nitecki commented on AIRFLOW-6823: - It's possible that it hard-failed previously. Running `./scripts/ci/ci_fix_ownership.sh` fixed it. Could the fix be automated, though? Some ideas for that: * Blindly try to fix ownership every breeze run before trying to chmod the files (looking how `ci_fix_ownership.sh` is implemented this does not seem to be a viable option) * Detect the condition (files owned by root) and prompt the user if they want to run `ci_fix_ownership.sh` before continuing (seems to be doable). > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Major > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[ https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17038271#comment-17038271 ] Ash Berlin-Taylor commented on AIRFLOW-6823: Documented https://github.com/apache/airflow/blob/master/BREEZE.rst#id40 > Breeze broken on current master on Linux > > > Key: AIRFLOW-6823 > URL: https://issues.apache.org/jira/browse/AIRFLOW-6823 > Project: Apache Airflow > Issue Type: Bug > Components: breeze >Affects Versions: 2.0.0 >Reporter: Aleksander Nitecki >Assignee: Ash Berlin-Taylor >Priority: Major > Attachments: Breeze on current master log.txt > > > See the attachment for log. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (AIRFLOW-6823) Breeze broken on current master on Linux
[
https://issues.apache.org/jira/browse/AIRFLOW-6823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17038267#comment-17038267
]
Ash Berlin-Taylor commented on AIRFLOW-6823:
Did a previous run fail-hard part way through?
Normally the permissions should be fixed automatically at the end I thought. We
have a script {{./scripts/ci/ci_fix_ownership.sh}} that you can run that will
fix this.
> Breeze broken on current master on Linux
>
>
> Key: AIRFLOW-6823
> URL: https://issues.apache.org/jira/browse/AIRFLOW-6823
> Project: Apache Airflow
> Issue Type: Bug
> Components: breeze
>Affects Versions: 2.0.0
>Reporter: Aleksander Nitecki
>Assignee: Ash Berlin-Taylor
>Priority: Major
> Attachments: Breeze on current master log.txt
>
>
> See the attachment for log.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
