[
https://issues.apache.org/jira/browse/IGNITE-27445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maksim Davydov updated IGNITE-27445:
------------------------------------
Description:
h3. Problem
When starting up `ducktests` via `./docker/run_tests.sh` on a local laptop
environment, the execution fails with a file access crash:
{noformat}
PermissionError: [Errno 13] Permission denied:
'/opt/ignite-dev/modules/ducktests/tests/docker/build/cluster.json'
{noformat}
This occurs because files and metadata directory paths generated inside the
host session's bind-mounted volumes cannot be written to or modified by the
containerized 'ducker' execution account due to strict host OS local permission
chains.
h3. Proposed Changes
* *Dockerfile Refactoring:* Updated user isolation parameters to accept dynamic
host IDs during image generation so that the internal container user aligns
directly with the external developer account.
* *README.md Overhaul:* Restructured the onboarding handbook to make it
entirely scannable for developers without prior ducktape experience.
was:
When running ducktests using the provided Dockerfile and shell scripts,
there is an issue with file read/write permissions when repositories are
mounted via bind mounts.
In my setup (Debian-based host), the Ignite repository is bind-mounted into the
container.
The mounted files preserve the host file ownership and permission policies.
Inside the container, a non-root user (e.g. `ducker`) is created and used to
run all ducktests,
as required by ducktape for working with configs and test artifacts.
As a result, during test execution the `ducker` user needs to read from and
write to the
bind-mounted Ignite repository, but does not have sufficient permissions.
The repository is writable only by the host user (or root), and root access is
not available
inside the container.
Currently, the Dockerfile and helper scripts do not account for this permission
mismatch
(e.g. by aligning UID/GID, adjusting ownership, or documenting required
permissions),
which makes ducktests fail in environments with stricter user policies.
It would be helpful to:
- handle UID/GID alignment between host and container, or
- adjust ownership/permissions of bind-mounted directories, or
- clearly document the required permissions for bind-mounted repositories.
> [ducktests] Fix permission mismatch in ducktests local environment
> ------------------------------------------------------------------
>
> Key: IGNITE-27445
> URL: https://issues.apache.org/jira/browse/IGNITE-27445
> Project: Ignite
> Issue Type: Task
> Reporter: Maksim Davydov
> Assignee: Maksim Davydov
> Priority: Minor
> Labels: ducktests, ise
> Time Spent: 10m
> Remaining Estimate: 0h
>
> h3. Problem
> When starting up `ducktests` via `./docker/run_tests.sh` on a local laptop
> environment, the execution fails with a file access crash:
> {noformat}
> PermissionError: [Errno 13] Permission denied:
> '/opt/ignite-dev/modules/ducktests/tests/docker/build/cluster.json'
> {noformat}
> This occurs because files and metadata directory paths generated inside the
> host session's bind-mounted volumes cannot be written to or modified by the
> containerized 'ducker' execution account due to strict host OS local
> permission chains.
> h3. Proposed Changes
> * *Dockerfile Refactoring:* Updated user isolation parameters to accept
> dynamic host IDs during image generation so that the internal container user
> aligns directly with the external developer account.
> * *README.md Overhaul:* Restructured the onboarding handbook to make it
> entirely scannable for developers without prior ducktape experience.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
