Skip to content

Commit 89cf4d1

Browse files
kmendellkmendell
committed
fix: allow setting the data directroy for non docker installs
1 parent 20c608c commit 89cf4d1

5 files changed

Lines changed: 171 additions & 54 deletions

File tree

backend/pkg/libarcane/startup/runtime_identity.go

Lines changed: 61 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -56,20 +56,24 @@ func ApplyRequestedRuntimeIdentity(ctx context.Context, cfg *RuntimeIdentityConf
5656
projectsDir = filepath.Clean(strings.TrimSpace(cfg.ProjectsDirectory))
5757
}
5858

59-
req, warning, err := loadRuntimeIdentityRequestInternal(cfg)
59+
inContainer := runningInContainerInternal(os.Getenv, os.Stat)
60+
req, warning, err := loadRuntimeIdentityRequestInternal(cfg, inContainer)
6061
if warning != "" {
6162
fmt.Fprintf(os.Stderr, "Runtime identity warning: %s\n", warning)
6263
}
63-
if err != nil || !req.Enabled {
64+
if err != nil {
6465
return err
6566
}
67+
if !req.Enabled {
68+
return ensureSQLiteFilesExistInternal(cfg.DatabaseURL)
69+
}
6670

6771
runtimeUID := req.UID
6872
runtimeGID := req.GID
6973

7074
// Avoid re-execing forever when the requested runtime identity is already active.
7175
if os.Geteuid() == runtimeUID && os.Getegid() == runtimeGID {
72-
if err := ensureRuntimeDockerConfigInternal(cfg, os.Setenv, runtimeUID, runtimeGID); err != nil {
76+
if err := ensureRuntimeDockerConfigInternal(cfg, os.Setenv, runtimeUID, runtimeGID, inContainer); err != nil {
7377
return err
7478
}
7579
return ensureSQLiteFilesExistInternal(cfg.DatabaseURL)
@@ -78,29 +82,31 @@ func ApplyRequestedRuntimeIdentity(ctx context.Context, cfg *RuntimeIdentityConf
7882
if os.Geteuid() != 0 {
7983
fmt.Fprintf(os.Stderr, "Runtime identity warning: process is not root (euid=%d), cannot switch to PUID=%d PGID=%d; continuing as current user\n",
8084
os.Geteuid(), runtimeUID, runtimeGID)
81-
if err := ensureRuntimeDockerConfigInternal(cfg, os.Setenv, runtimeUID, runtimeGID); err != nil {
85+
if err := ensureRuntimeDockerConfigInternal(cfg, os.Setenv, runtimeUID, runtimeGID, inContainer); err != nil {
8286
return err
8387
}
8488
return ensureSQLiteFilesExistInternal(cfg.DatabaseURL)
8589
}
8690

87-
mountpoints, err := loadMountpointsInternal(mountInfoPath)
88-
if err != nil {
89-
return fmt.Errorf("load mountpoints: %w", err)
90-
}
91-
92-
if err := ensureRuntimeDockerConfigInternal(cfg, os.Setenv, runtimeUID, runtimeGID); err != nil {
91+
if err := ensureRuntimeDockerConfigInternal(cfg, os.Setenv, runtimeUID, runtimeGID, inContainer); err != nil {
9392
return err
9493
}
9594

96-
if err := prepareWritablePathsInternal(runtimeUID, runtimeGID, mountpoints, projectsDir); err != nil {
97-
return err
95+
if inContainer {
96+
mountpoints, err := loadMountpointsInternal(mountInfoPath)
97+
if err != nil {
98+
return fmt.Errorf("load mountpoints: %w", err)
99+
}
100+
101+
if err := prepareWritablePathsInternal(runtimeUID, runtimeGID, mountpoints, projectsDir); err != nil {
102+
return err
103+
}
98104
}
99105

100106
return reexecWithRuntimeIdentityInternal(ctx, req)
101107
}
102108

103-
func loadRuntimeIdentityRequestInternal(cfg *RuntimeIdentityConfig) (runtimeIdentityRequest, string, error) {
109+
func loadRuntimeIdentityRequestInternal(cfg *RuntimeIdentityConfig, inContainer bool) (runtimeIdentityRequest, string, error) {
104110
if cfg == nil {
105111
cfg = &RuntimeIdentityConfig{}
106112
}
@@ -109,11 +115,15 @@ func loadRuntimeIdentityRequestInternal(cfg *RuntimeIdentityConfig) (runtimeIden
109115
pgid := strings.TrimSpace(cfg.PGID)
110116

111117
if puid == "" && pgid == "" {
112-
return defaultRuntimeIdentityRequestInternal(cfg.DockerHost), "", nil
118+
return defaultRuntimeIdentityRequestInternal(cfg.DockerHost, inContainer), "", nil
113119
}
114120

115121
if puid == "" || pgid == "" {
116-
return defaultRuntimeIdentityRequestInternal(cfg.DockerHost), "PUID and PGID must both be set to override the default non-root runtime user; continuing with the default non-root runtime user", nil
122+
req := defaultRuntimeIdentityRequestInternal(cfg.DockerHost, inContainer)
123+
if inContainer {
124+
return req, "PUID and PGID must both be set to override the default non-root runtime user; continuing with the default non-root runtime user", nil
125+
}
126+
return req, "PUID and PGID must both be set to enable runtime identity outside containers; continuing without runtime identity", nil
117127
}
118128

119129
uid, credentialUID, err := parseRuntimeIdentityValueInternal(puid, "PUID")
@@ -136,7 +146,14 @@ func loadRuntimeIdentityRequestInternal(cfg *RuntimeIdentityConfig) (runtimeIden
136146
}, "", nil
137147
}
138148

139-
func defaultRuntimeIdentityRequestInternal(dockerHost string) runtimeIdentityRequest {
149+
func defaultRuntimeIdentityRequestInternal(dockerHost string, inContainer bool) runtimeIdentityRequest {
150+
if !inContainer {
151+
return runtimeIdentityRequest{
152+
Enabled: false,
153+
DockerHost: dockerHost,
154+
}
155+
}
156+
140157
return runtimeIdentityRequest{
141158
Enabled: true,
142159
UID: defaultRuntimeUID,
@@ -147,21 +164,26 @@ func defaultRuntimeIdentityRequestInternal(dockerHost string) runtimeIdentityReq
147164
}
148165
}
149166

150-
func runtimeDockerConfigDirInternal(cfg *RuntimeIdentityConfig) string {
151-
if cfg == nil {
152-
cfg = &RuntimeIdentityConfig{}
167+
func runningInContainerInternal(getenv func(string) string, stat func(string) (os.FileInfo, error)) bool {
168+
if pkgutils.BoolOrDefault(strings.TrimSpace(getenv("ARCANE_IN_CONTAINER")), false) {
169+
return true
153170
}
154171

155-
configDir := strings.TrimSpace(cfg.DockerConfig)
156-
if configDir != "" {
157-
return configDir
172+
if strings.TrimSpace(getenv("container")) != "" {
173+
return true
158174
}
159175

160-
return defaultDockerConfigDir
176+
for _, markerPath := range []string{"/.dockerenv", "/run/.containerenv"} {
177+
if _, err := stat(markerPath); err == nil {
178+
return true
179+
}
180+
}
181+
182+
return false
161183
}
162184

163-
func ensureRuntimeDockerConfigInternal(cfg *RuntimeIdentityConfig, setenv func(string, string) error, uid int, gid int) error {
164-
configDir, err := configureRuntimeDockerConfigEnvInternal(cfg, setenv, uid, gid)
185+
func ensureRuntimeDockerConfigInternal(cfg *RuntimeIdentityConfig, setenv func(string, string) error, uid int, gid int, inContainer bool) error {
186+
configDir, err := configureRuntimeDockerConfigEnvInternal(cfg, setenv, uid, gid, inContainer)
165187
if err != nil {
166188
return err
167189
}
@@ -182,7 +204,7 @@ func ensureRuntimeDockerConfigInternal(cfg *RuntimeIdentityConfig, setenv func(s
182204
return nil
183205
}
184206

185-
func configureRuntimeDockerConfigEnvInternal(cfg *RuntimeIdentityConfig, setenv func(string, string) error, uid int, gid int) (string, error) {
207+
func configureRuntimeDockerConfigEnvInternal(cfg *RuntimeIdentityConfig, setenv func(string, string) error, uid int, gid int, inContainer bool) (string, error) {
186208
if cfg == nil {
187209
cfg = &RuntimeIdentityConfig{}
188210
}
@@ -192,12 +214,19 @@ func configureRuntimeDockerConfigEnvInternal(cfg *RuntimeIdentityConfig, setenv
192214
return "", nil
193215
}
194216

195-
configDir := runtimeDockerConfigDirInternal(cfg)
196-
if strings.TrimSpace(cfg.DockerConfig) == "" {
197-
cfg.DockerConfig = configDir
198-
if err := setenv("DOCKER_CONFIG", configDir); err != nil {
199-
return "", fmt.Errorf("set DOCKER_CONFIG: %w", err)
200-
}
217+
configDir := strings.TrimSpace(cfg.DockerConfig)
218+
if configDir != "" {
219+
return configDir, nil
220+
}
221+
222+
if !inContainer {
223+
return "", nil
224+
}
225+
226+
configDir = defaultDockerConfigDir
227+
cfg.DockerConfig = configDir
228+
if err := setenv("DOCKER_CONFIG", configDir); err != nil {
229+
return "", fmt.Errorf("set DOCKER_CONFIG: %w", err)
201230
}
202231

203232
return configDir, nil

0 commit comments

Comments
 (0)