#geodesic (2023-07)

geodesic https://github.com/cloudposse/geodesic

Discussions related to https://github.com/cloudposse/geodesic

Archive: https://archive.sweetops.com/geodesic/

2023-07-02

Release notes from geodesic avatar
Release notes from geodesic
11:10:39 PM

v2.2.4 Remove redundant –quiet option from docker command @Nuru (<a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1784589913” data-permission-text=”Title is private” data-url=”https://github.com/cloudposse/geodesic/issues/859“…

Release v2.2.4 · cloudposse/geodesicattachment image

Remove redundant –quiet option from docker command @Nuru (#859) what

Remove –quiet option from Docker command that checks if Geodesic is already running

why

Starting with Docker CLI version 24…

Nuru - Overview

Nuru has 22 repositories available. Follow their code on GitHub.

Remove redundant --quiet option from docker command by Nuru · Pull Request #859 · cloudposse/geodesicattachment image

what

Remove –quiet option from Docker command that checks if Geodesic is already running

why

Starting with Docker CLI version 24.0.0, the –quiet option overrides the –format option. For backw…

2023-07-22

Release notes from geodesic avatar
Release notes from geodesic
02:30:46 AM

v2.3.0 :rocket: Enhancements Fix detection of GEODESIC_TRACE @Nuru (<a class=”issue-link js-issue-link” data-error-text=”Failed to load title” data-id=”1816952065” data-permission-text=”Title is private” data-url=”https://github.com/cloudposse/geodesic/issues/864“…

Release v2.3.0 · cloudposse/geodesicattachment image

:rocket: Enhancements

Fix detection of GEODESIC_TRACE @Nuru (#864) what

Fix detection of GEODESIC_TRACE Make Debian the default OS for make build

why

Bug fix Debian is our recommended OS; Alpine i…

Nuru - Overview

Nuru has 22 repositories available. Follow their code on GitHub.

Fix detection of `GEODESIC_TRACE` by Nuru · Pull Request #864 · cloudposse/geodesicattachment image

what

Fix detection of GEODESIC_TRACE Make Debian the default OS for make build

why

Bug fix Debian is our recommended OS; Alpine is deprecated

2023-07-31

Matt Gowie avatar
Matt Gowie
04:31:25 PM

Hey when running Geodesic on an Ubuntu machine, and executing the helper script (e.g. /usr/bin/local/toolbox) I have to pass sudo because Linux. It seems that Geodesic doesn’t mount the host user’s home directory in that case and prints the following message:

# Mounting /root into container with workdir /home/user/Workspace/project
# Starting new toolbox session from toolbox:latest
# Exposing port 40304
# No configured working directory is accessible:                                                    
#    GEODESIC_WORKDIR is ""
#    GEODESIC_HOST_CWD is "/home/user/Workspace/project"
# Defaulting initial working directory to "/conf"
# Geodesic version 2.3.0 based on Debian GNU/Linux 11 (bullseye) (11.7)

Is there a known work around for that for that issue?

Matt Gowie avatar
Matt Gowie
04:41:09 PM

@Jeremy G (Cloud Posse) I know you’ll know about this, so pinging you. Get back to me when you get the chance – thank you

Matt Gowie avatar
Matt Gowie
05:03:18 PM

@Mike Crowe see you were working on https://github.com/cloudposse/geodesic/pull/769

Maybe you know a bit about this as well since it looks like you’re on Linux?

#769 feat: add bindfs to support linux users. Fixes #594

what && why

• Use BindFS to preserve file owner user and group for files created on host from within Geodesic. Closes #594. Supersedes and closes #710. • Make all prompt scripts accessible to non-root user. Closes #767 • Allow interactive subshells without errors or misleading prompts. Closes #766 • Improve host volume detection. Fixes error reported via Slack.

notes

This PR only partly addressed #594. Work continued in #771, after which we considered #594 closed.

Matt Gowie avatar
Matt Gowie
05:06:06 PM

I think I’m just missing some docs… it seems this has been worked on extensively, but the knowhow is just buried somewhere in scripts / issues.

Matt Gowie avatar
Matt Gowie
05:19:45 PM

Found https://github.com/cloudposse/geodesic/blob/4db6e8bf302384955e9d7ed6938eb245385219d2/rootfs/templates/wrapper#L86-L91

Going down the rootless route and that will likely work for us

Will report back if not. Sorry for the noise!

	if [ "${GEODESIC_HOST_BINDFS_ENABLED}" = "true" ]; then
		if [ "${USER_ID}" = 0 ]; then
			echo "# WARNING: Host user is root. This is DANGEROUS."
			echo "  * Geodesic should not be launched by the host root user."
			echo "  * Use \"rootless\" mode instead. See <https://docs.docker.com/engine/security/rootless/>"
			echo "# Not enabling BindFS host filesystem mapping because host user is root."
Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
06:56:50 PM

Yes, rootless mode is best. See also this issue for not exactly the same problem, but the same solution.

#594 Files Written to Mounted Linux Home Directory Owned by Root User

what

• The user’s shell inside Geodesic runs as root • The script that launches Geodesic bind-mounts the host user’s $HOME to /localhost to provide access to configuration files and allow for editing of host files • Depending on the way Docker is set up, it is possible that files created under /localhost from within Geodesic will be set to the same owner UID and GID (that is, owned by root) on the host as they have within Geodesic. • This appears to affect *only* users running the Docker daemon as root under Linux. It does not affect Docker for Mac or Docker for Windows, nor does it affect Docker for Linux when run in “rootless” mode.

Resolution

The recommended solution for Linux users is to run Docker in “rootless” mode. In this mode, the Docker daemon runs as the host user (rather than as root) and files created by the root user in Geodesic are owned by the host user on the host. Not only does this configuration solve this issue, but it provides much better system security overall.

Geodesic, as of v0.151.0, provides an alternative solution: BindFS mapping of file owner and group IDs. To enable this solution, either set (and export) the shell environment variable GEODESIC_HOST_BINDFS_ENABLED=true or launch Geodesic with the command line option --geodesic-host-bindfs-enabled. When this option is enabled, Geodesic will output

# Enabling BindFS mapping of file system owner and group ID.

among its startup messages. Note that if you enable BindFS mapping while running in “rootless” mode, it will actually cause files on the host to be created with a different owner and group, not root and not the host user. If you see this behavior, do not use BindFS mapping.

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
07:10:39 PM

BTW, @Matt Gowie it looks like because you are using sudo, $HOME gets changed to /root. You might try sudo -E and see if that solves your problem until you get rootless mode working (which is way better overall).

Matt Gowie avatar
Matt Gowie
08:11:43 PM

Got rootless working and that worked out the kinks. But I will try that if needed in the future. Thanks Jeremy!

1
1
    keyboard_arrow_up