Actually, there's more into this. Mounting volumes from a host will always be a subject to disrepancies between host's user uid/gio and ones inside of the container. We still should go ahead at least with 2) and 3) in the short run.
Cos On Wed, Dec 23, 2015 at 12:34PM, Konstantin Boudnik wrote: > Guys, > > I've been trying to replicate our CI elsewhere and here's a couple of > observations and proposed fixes that might do such things easier in the > future. > > 1. Running build as root inside of the docker container. > > This seems like a real issue, especially considering that we have always > advocated to stay away from such practice. Unfortunately, adding > -u jenkins:jenkins > to docker run snags on a couple of points > > 2. Shared Gradle directory shouldn't belong to root, or at least should be > writable for everyone. > > This is covered in BIGTOP-2171 (appreciate the review) and has caused user > confusions like BIGTOP-2184 > > 3. One perhaps last issue here is the discrepancy between the user ids, where > jenkins on centos and ubuntu have different UID (BIGTOP-2187) > > I think with these three in place, we should be able to start using > un-privileged user for the builds and also for the cluster testing. > > Thoughts? > Cos > >
signature.asc
Description: Digital signature
