Fix Docker file permission issue #3323
Conversation
raidensakura
changed the title
There was a problem hiding this comment.
I tried building the image locally on my ubuntu 20.04 vps.
Facing this issue:
root@vserver:/home/masteradmin/modmail-dev/Modmail# docker build -t modmailbotimage:latest . --no-cache
[+] Building 0.9s (10/12) docker:default
=> [internal] load .dockerignore 0.0s
=> => transferring context: 1.75kB 0.0s
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 418B 0.0s
=> [internal] load metadata for docker.io/library/python:3.10 0.0s
=> CACHED [1/8] FROM docker.io/library/python:3.10 0.0s
=> [internal] load build context 0.1s
=> => transferring context: 953B 0.0s
=> CANCELED [2/8] RUN apt update && apt install -y g++ git && pip install --upgrade pip 0.7s
=> CACHED [3/8] RUN useradd modmail 0.0s
=> CACHED [4/8] WORKDIR /home/modmail 0.0s
=> CACHED [5/8] RUN pip install --user pipenv 0.0s
=> ERROR [6/8] COPY --chown=modmail:modmail Pipfile Pipfile.lock ./ 0.0s
------
> [6/8] COPY --chown=modmail:modmail Pipfile Pipfile.lock ./:
------
Dockerfile:13
--------------------
11 | ENV PATH="/home/modmail/.local/bin:${PATH}"
12 |
13 | >>> COPY --chown=modmail:modmail Pipfile Pipfile.lock ./
14 | RUN pipenv install
15 |
--------------------
ERROR: failed to solve: failed to compute cache key: failed to calculate checksum of ref 06d46631-a422-4771-b4ae-d1c886f53ef5::vkn69h4jf1xigfqsebd97mhy2: "/Pipfile.lock": not found
I tried to edit the Dockerfile to improve it and got a solution without using pipenv inside the container and I also like it more not using the pipenv as we already have a isolated environment inside the image/container so we could just install the modules as modmail user.
I tested the following image built locally the bot works including installation of plugins. No Errors regarding permissions anymore.
Improved image:
FROM python:3.10
RUN apt update && apt install -y g++ git && pip install --upgrade pip
RUN useradd modmail
USER modmail
WORKDIR /home/modmail
ENV PATH="/home/modmail/.local/bin:${PATH}"
COPY --chown=modmail:modmail . .
RUN pip install -r requirements.txt --user
ENV USING_DOCKER yes
CMD ["python","bot.py"]
Can you also test this one and if you like change it in the PR?
|
Don´t understand me wrong, your idea installing that via pipenv is also nice. And it also fixes the issue I am getting on the issue I´m getting with pipenv aka the Pipfile.lock file |
The error is related to |
|
Ah yea true. Ignore what I said earlier about the error in first part of the change suggestion. |
|
@martinbndr I refactored the Dockerfile as per your suggestion to use pip, but with some additional improvements like using the alpine-based image and multi-stage build for minimum image size. It went down from ~1.19GB to ~250MB in size. |
|
Would be nice to update this as it´s a quite important fix for all users hosting this on docker. @Taaku18 |
|
I ran into this issue trying to run a plugin which installed a dependency using pip: Jerrie-Aries/modmail-plugins#42 |
That is the issue this PR is trying to fix... |
as far as i can tell the original issue linked was slightly different, as it concerned temp not home |
The main issue is the Python deps have root file ownership while the bot is running as a user, regardless of where they're being installed. I can install the plugin mentioned in your linked issue just fine using this PR, when proper chown is used in the Dockerfile
|
|
yes exactly this PR fixes that, thats what i was trying to say |
raidensakura
force-pushed
the
docker-perm-fix
branch
from
9597a34 to
03d4723
Compare
raidensakura
force-pushed
the
docker-perm-fix
branch
from
3682e84 to
61336bc
Compare
|
I updated the Dockerfile to use the Debian based slim image instead of Alpine. Reasons being: 1. Alpine images suffers from a performance penalty, 2. potential compatibility issues with plugins, 3. longer build time. Furthermore, building Modmail using the slim image as opposed to alpine also yields a marginally smaller image (251MB -> 239MB). I also changed |
This PR fixes the permission issue (#3319) by installing the Python dependencies as a non-root user.
It also changes the base python image to alpine version since it's smaller in size.
This reduced image size from 1.07GB ~> 250MB. Tested with locally-built image on Docker Desktop 4.25.2 (129061)
Ignore the messy commits I'm too lazy to squash them