tutor/tutor/bindmounts.py

import os

from tutor.exceptions import TutorError
from tutor.tasks import BaseComposeTaskRunner
from tutor.utils import get_user_id


def create(
    runner: BaseComposeTaskRunner,
    service: str,
    path: str,
) -> str:
    volumes_root_path = get_root_path(runner.root)
    volume_name = get_name(path)
    container_volumes_root_path = "/tmp/volumes"
    command = """rm -rf {volumes_path}/{volume_name}
cp -r {src_path} {volumes_path}/{volume_name}
chown -R {user_id} {volumes_path}/{volume_name}""".format(
        volumes_path=container_volumes_root_path,
        volume_name=volume_name,
        src_path=path,
        user_id=get_user_id(),
    )

    # Create volumes root dir if it does not exist. Otherwise it is created with root owner and might not be writable
    # in the container, e.g: in the dev containers.
    if not os.path.exists(volumes_root_path):
        os.makedirs(volumes_root_path)

    runner.docker_compose(
        "run",
        "--rm",
        "--no-deps",
        "--user=0",
        "--volume",
        f"{volumes_root_path}:{container_volumes_root_path}",
        service,
        "sh",
        "-e",
        "-c",
        command,
    )
    return os.path.join(volumes_root_path, volume_name)


def get_path(root: str, container_bind_path: str) -> str:
    bind_basename = get_name(container_bind_path)
    return os.path.join(get_root_path(root), bind_basename)


def get_name(container_bind_path: str) -> str:
    # We rstrip slashes, otherwise os.path.basename returns an empty string
    # We don't use basename here as it will not work on Windows
    name = container_bind_path.rstrip("/").split("/")[-1]
    if not name:
        raise TutorError("Mounting a container root folder is not supported")
    return name


def get_root_path(root: str) -> str:
    return os.path.join(root, "volumes")
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`import os`

feat: pluggable `local/dev/k8s do <job>` commands We introduce a new filter to implement custom commands in arbitrary containers. It becomes easy to write convenient ad-hoc commands that users will then be able to run either on Kubernetes or locally using a documented CLI. Pluggable jobs are declared as Click commands and are responsible for parsing their own arguments. See the new CLI_DO_COMMANDS filter. Close https://github.com/overhangio/2u-tutor-adoption/issues/75 2022-10-19 15:46:31 +00:00			`from tutor.exceptions import TutorError`
			`from tutor.tasks import BaseComposeTaskRunner`
			`from tutor.utils import get_user_id`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00

refactor: add type annotations Annotations were generated with pyannotate: https://github.com/dropbox/pyannotate We are running in strict mode, which is awesome! This affects a large part of the code base, which might be an issue for people running a fork of Tutor. Nonetheless, the behavior should not be affected. If anything, this process has helped find and resolve a few type-related bugs. Thus, this is not considered as a breaking change. 2021-02-25 08:09:14 +00:00			`def create(`
feat: pluggable `local/dev/k8s do <job>` commands We introduce a new filter to implement custom commands in arbitrary containers. It becomes easy to write convenient ad-hoc commands that users will then be able to run either on Kubernetes or locally using a documented CLI. Pluggable jobs are declared as Click commands and are responsible for parsing their own arguments. See the new CLI_DO_COMMANDS filter. Close https://github.com/overhangio/2u-tutor-adoption/issues/75 2022-10-19 15:46:31 +00:00			`runner: BaseComposeTaskRunner,`
refactor: add type annotations Annotations were generated with pyannotate: https://github.com/dropbox/pyannotate We are running in strict mode, which is awesome! This affects a large part of the code base, which might be an issue for people running a fork of Tutor. Nonetheless, the behavior should not be affected. If anything, this process has helped find and resolve a few type-related bugs. Thus, this is not considered as a breaking change. 2021-02-25 08:09:14 +00:00			`service: str,`
			`path: str,`
			`) -> str:`
refactor: better runner inheritance architecture Before, custom `docker_compose_func` arguments had to be passed to job runners. This was not very elegant. Also, it prevented us from loading custom job files in development. Here, we adopt a better object-oriented approach, where context classes are ordered hierarchically. This paves the way for loading `dev/docker-compose.jobs.yml` files in `tutor dev init` commands -- which will be necessary to fix permissions in dev/local mode. 2021-09-27 09:48:17 +00:00			`volumes_root_path = get_root_path(runner.root)`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`volume_name = get_name(path)`
			`container_volumes_root_path = "/tmp/volumes"`
			`command = """rm -rf {volumes_path}/{volume_name}`
			`cp -r {src_path} {volumes_path}/{volume_name}`
			`chown -R {user_id} {volumes_path}/{volume_name}""".format(`
			`volumes_path=container_volumes_root_path,`
			`volume_name=volume_name,`
			`src_path=path,`
			`user_id=get_user_id(),`
			`)`

			`# Create volumes root dir if it does not exist. Otherwise it is created with root owner and might not be writable`
			`# in the container, e.g: in the dev containers.`
			`if not os.path.exists(volumes_root_path):`
			`os.makedirs(volumes_root_path)`

refactor: better runner inheritance architecture Before, custom `docker_compose_func` arguments had to be passed to job runners. This was not very elegant. Also, it prevented us from loading custom job files in development. Here, we adopt a better object-oriented approach, where context classes are ordered hierarchically. This paves the way for loading `dev/docker-compose.jobs.yml` files in `tutor dev init` commands -- which will be necessary to fix permissions in dev/local mode. 2021-09-27 09:48:17 +00:00			`runner.docker_compose(`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`"run",`
			`"--rm",`
			`"--no-deps",`
feat: run all services as unprivileged containers With this change, containers are no longer run as "root" but as unprivileged users. This is necessary in some environments, notably some Kubernetes clusters. To make this possible, we need to manually fix bind-mounted volumes in docker-compose. This is pretty much equivalent to the behaviour in Kubernetes, where permissions are fixed at runtime if the volume owner is incorrect. Thus, we have a consistent behaviour between docker-compose and Kubernetes. We achieve this by bind-mounting some repos inside "*-permissions" services. These services run as root user on docker-compose and will fix the required permissions, as per build/permissions/setowner.sh These services simply do not run on Kubernetes, where we don't rely on bind-mounted volumes. There, we make use of Kubernete's built-in volume ownership feature. With this change, we get rid of the "openedx-dev" Docker image, in the sense that it no longer has its own Dockerfile. Instead, the dev image is now simply a different target in the multi-layer openedx Docker image. This makes it much faster to build the openedx-dev image. Because we declare the APP_USER_ID in the dev/docker-compose.yml file, we need to pass the user ID from the host there. The only way to achieve that is with a tutor config variable. The downside of this approach is that the dev/docker-compose.yml file is no longer portable from one machine to the next. We consider that this is not such a big issue, as it affects the development environment only. We take this opportunity to replace the base image of the "forum" image. There is now no need to re-install ruby inside the image. The total image size is only decreased by 10%, but re-building the image is faster. In order to run the smtp service as non-root, we switch from namshi/smtp to devture/exim-relay. This change should be backward-compatible. Note that the nginx container remains privileged. We could switch to nginxinc/nginx-unprivileged, but it's probably not worth the effort, as we are considering to get rid of the nginx container altogether. Close #323. 2021-09-23 10:04:19 +00:00			`"--user=0",`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`"--volume",`
feat: add --mount option to local/dev The `--mount` option is available both with `tutor local` and `tutor dev` commands. It allows users to easily bind-mount containers from the host to containers. Yes, I know, we already provide that possibility with the `bindmount` command and the `--volume=/path/` option. But these suffer from the following drawbacks: - They are difficult to understand. - The "bindmount" command name does not make much sense. - It's not convenient to mount an arbitrary folder from the host to multiple containers, such as the many lms/cms containers (web apps, celery workers and job runners). To address this situation, we now recommend to make use of --mount: 1. `--mount=service1[,service2,...]:/host/path:/container/path`: manually mount `/host/path` to `/container/path` in container "service1" (and "service2"). 2. `--mount=/host/path`: use the new v1 plugin API to discover plugins that will detect this option and select the right containers in which to bind-mount volumes. This is really nifty... Close https://github.com/overhangio/2u-tutor-adoption/issues/43 2022-04-15 08:51:19 +00:00			`f"{volumes_root_path}:{container_volumes_root_path}",`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`service,`
			`"sh",`
			`"-e",`
			`"-c",`
			`command,`
			`)`
			`return os.path.join(volumes_root_path, volume_name)`


refactor: add type annotations Annotations were generated with pyannotate: https://github.com/dropbox/pyannotate We are running in strict mode, which is awesome! This affects a large part of the code base, which might be an issue for people running a fork of Tutor. Nonetheless, the behavior should not be affected. If anything, this process has helped find and resolve a few type-related bugs. Thus, this is not considered as a breaking change. 2021-02-25 08:09:14 +00:00			`def get_path(root: str, container_bind_path: str) -> str:`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`bind_basename = get_name(container_bind_path)`
			`return os.path.join(get_root_path(root), bind_basename)`


refactor: add type annotations Annotations were generated with pyannotate: https://github.com/dropbox/pyannotate We are running in strict mode, which is awesome! This affects a large part of the code base, which might be an issue for people running a fork of Tutor. Nonetheless, the behavior should not be affected. If anything, this process has helped find and resolve a few type-related bugs. Thus, this is not considered as a breaking change. 2021-02-25 08:09:14 +00:00			`def get_name(container_bind_path: str) -> str:`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`# We rstrip slashes, otherwise os.path.basename returns an empty string`
			`# We don't use basename here as it will not work on Windows`
			`name = container_bind_path.rstrip("/").split("/")[-1]`
			`if not name:`
			`raise TutorError("Mounting a container root folder is not supported")`
			`return name`


refactor: add type annotations Annotations were generated with pyannotate: https://github.com/dropbox/pyannotate We are running in strict mode, which is awesome! This affects a large part of the code base, which might be an issue for people running a fork of Tutor. Nonetheless, the behavior should not be affected. If anything, this process has helped find and resolve a few type-related bugs. Thus, this is not considered as a breaking change. 2021-02-25 08:09:14 +00:00			`def get_root_path(root: str) -> str:`
Automatically bind-mount volumes from `volumes/` This introduces a new dev/local command: tutor dev bindmount CONTAINER PATH And a new volume syntax: tutor dev run --volume=PATH CONTAINER This syntax automatically bind-mounts folders from the tutorroot/volumes directory, which is pretty nifty. 2020-12-25 21:56:42 +00:00			`return os.path.join(root, "volumes")`