Problem with permissions, Vagrant-Docker provisioner suspected
18 views
Skip to first unread message
Alexander Solla
Dec 26, 2019, 7:34:07 PM12/26/19
to Vagrant
I'm having a hard time with a Docker container I am trying to run in a vagrant/libvirt vm. (To be specific, it's the official Tensorflow container, with py3 and gpu and jupyter support).
Here is the relevant fragment of my Vagrant file:
authToken = SecureRandom.hex
host.vm.provision :docker do |docker|
docker.run "tensorflow/tensorflow",
image: "tensorflow/tensorflow:latest-gpu-py3-jupyter",
args: "-it -u 1000:1000 -p 8080:8888 -v /tf:/tf",
cmd: "/bin/bash -c \"source /etc/bash.bashrc && jupyter notebook --no-browser --ip=0.0.0.0 --allow-root --NotebookApp.token='#{authToken}'\""
end
If I vagrant up the relevant machine, it ends up printing out the authToken on my screen, and then I can log in to the Jupyter server on port 8080. So far so good.
But, there's a problem. Jupyter can't find the files in /tf.
On the other hand, if I go back to my virtual machine and stop the docker container, I can run that "same" command (by hand) and Jupyter works and sees the files. I can do this as either `vagrant` or `root`. Either one works (though, to be fair, I put `vagrant` into my `docker` group in an earlier provisioning step...)
So this tells me that somehow, Vagrant or Docker are treating the command differently, based on how/when it's invoked. I am not sure what else to do, so I figured I'd ask here and on stack exchange, before escalating to the github issues page.
Any ideas?
Thanks,
Alex
Jamie Jackson
Dec 26, 2019, 7:48:52 PM12/26/19
to vagra...@googlegroups.com
Does /tf exist in the Vagrant VM? If it doesn't, you'll need to add a shared directory from your host vagrant directory and your guest (at /tf). Otherwise, a way to do it without the extra step could be to use something like `-v /vagrant/tf:/tf`, which would leverage the `/vagrant` share that vagrant automatically gives you. That assumes that the `tf` directory lives next to your Vagrantfile on the host, though.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/5c002747-81fc-40f0-97ae-fb45f4865176%40googlegroups.com.
Jamie Jackson
Dec 26, 2019, 7:51:08 PM12/26/19
to vagra...@googlegroups.com
Rewriting my first sentence:
Does /tf exist in the Vagrant VM? If it doesn't, you'll need to add a (vagrant-managed) shared directory from the `tf` directory on your host to a `/tf` directory on your guest.
Does /tf exist in the Vagrant VM? If it doesn't, you'll need to add a (vagrant-managed) shared directory from the `tf` directory on your host to a `/tf` directory on your guest.
Alexander Solla
Dec 27, 2019, 11:30:45 AM12/27/19
to Vagrant
On Thursday, December 26, 2019 at 4:51:08 PM UTC-8, Jamie Jackson wrote:
Rewriting my first sentence:
Does /tf exist in the Vagrant VM? If it doesn't, you'll need to add a (vagrant-managed) shared directory from the `tf` directory on your host to a `/tf` directory on your guest.
Yes, /tf does exist on the vagrant vm, as an NFS share. (And the Docker container can access it IF I run the docker run command "by hand" in the container.) That's what's confusing me -- everything "should" be working, but "somehow" permissions are set incorrectly when Vagrant's docker provisioner does the docker run.
Thank you for checking in.
Jamie Jackson
Dec 27, 2019, 12:46:03 PM12/27/19
to vagra...@googlegroups.com
Yeah, that's weird. Looks like you tried all of the things that I would have.
I'm not sure what user is used by the docker provisioner, but I assume it's root? (which you already tried). It would be nice to see the CLI command that the provisioner ultimately uses (which presumes it uses the CLI). `--debug` doesn't give you that, does it?
One more thing: What happens if you copy your files to a native spot in the VM and use that as the host side of the docker bind mount as a troubleshooting step. I'm wondering if it's permissions problem in the container or a complete failure to mount the volume (e.g., if the provisioner is corrupting the args somehow). Your description was ambiguous--I'm not sure if the process can't read the files or if the files are just missing (can you list them from a `docker exec`?).
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/565ab372-4e43-4a5f-a7eb-dceff8916f4d%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages