Bug 1289249 - Hardcode worker uid and gid; r?dustin
When I was testing the desktop-build image's conversion to use
run-task, I ran into permissions problems on Try accessing files
in the hg-shared cache. While multiple tasks were running as
worker:worker, it appeared that Ubuntu containers were running
as uid 1000 and CentOS containers were running as uid 500. Since
file permissions are based on UID and not username, this was
causing permissions failures.
We /could/ change run-task to chown the hg-shared cache. But
iterating a directory with 100,000+ files takes precious time.
Let's normalize on a consistent uid/gid value instead.
MozReview-Commit-ID: DkspoLt6kbn
--- a/testing/docker/android-gradle-build/Dockerfile
+++ b/testing/docker/android-gradle-build/Dockerfile
@@ -3,16 +3,20 @@ FROM taskcluster/centos6-build-
MAINTAINER Nick Alexander <nalexander@mozilla.com>
# BEGIN ../desktop-build/Dockerfile
# TODO remove when base image is updated
VOLUME /home/worker/workspace
VOLUME /home/worker/tooltool-cache
+# TODO remove when base image is updated
+RUN usermod -u 1000 worker
+RUN chown worker:worker /builds
+
# Add build scripts; these are the entry points from the taskcluster worker, and
# operate on environment variables
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Add wrapper scripts for xvfb allowing tasks to easily retry starting up xvfb
# %include testing/docker/recipes/xvfb.sh
ADD topsrcdir/testing/docker/recipes/xvfb.sh /home/worker/scripts/xvfb.sh
--- a/testing/docker/centos6-build/Dockerfile
+++ b/testing/docker/centos6-build/Dockerfile
@@ -1,13 +1,17 @@
FROM centos:6
MAINTAINER Dustin J. Mitchell <dustin@mozilla.com>
### add worker user and setup its workspace
-RUN useradd -d /home/worker -s /bin/bash -m worker
+# We hardcode the uid and gid so they are consistent across all images.
+# This ensures caches shared between images don't need permissions
+# adjustment.
+RUN groupadd -g 1000 worker
+RUN useradd -d /home/worker -s /bin/bash -m -u 1000 -g worker worker
# Declare default working folder
WORKDIR /home/worker
# This will create a host mounted filesystem when the cache is stripped
# on Try. This cancels out some of the performance losses of aufs. See
# bug 1291940.
VOLUME /home/worker/workspace
VOLUME /home/worker/tooltool-cache
--- a/testing/docker/desktop-build/Dockerfile
+++ b/testing/docker/desktop-build/Dockerfile
@@ -2,16 +2,20 @@
FROM taskcluster/centos6-build-upd:0.1.6.20160329195300
MAINTAINER Dustin J. Mitchell <dustin@mozilla.com>
# TODO remove when base image is updated
VOLUME /home/worker/workspace
VOLUME /home/worker/tooltool-cache
VOLUME /home/worker/hg-shared
+# TODO remove when base image is updated
+RUN usermod -u 1000 worker
+RUN chown worker:worker /builds
+
# Add build scripts; these are the entry points from the taskcluster worker, and
# operate on environment variables
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# %include testing/docker/recipes/tooltool.py
ADD topsrcdir/testing/docker/recipes/tooltool.py /builds/tooltool.py
ADD topsrcdir/testing/docker/recipes/tooltool.py /setup/tooltool.py
--- a/testing/docker/desktop-test/Dockerfile
+++ b/testing/docker/desktop-test/Dockerfile
@@ -1,12 +1,16 @@
FROM ubuntu:12.04
MAINTAINER Jonas Finnemann Jensen <jopsen@gmail.com>
-RUN useradd -d /home/worker -s /bin/bash -m worker
+# We hardcode the uid and gid so they are consistent across all images.
+# This ensures caches shared between images don't need permissions
+# adjustment.
+RUN groupadd -g 1000 worker
+RUN useradd -d /home/worker -s /bin/bash -m -u 1000 -g worker worker
WORKDIR /home/worker
# %include testing/docker/recipes/tooltool.py
ADD topsrcdir/testing/docker/recipes/tooltool.py /setup/tooltool.py
# %include testing/mozharness/external_tools/robustcheckout.py
ADD topsrcdir/testing/mozharness/external_tools/robustcheckout.py /usr/local/mercurial/robustcheckout.py
--- a/testing/docker/desktop1604-test/Dockerfile
+++ b/testing/docker/desktop1604-test/Dockerfile
@@ -1,12 +1,16 @@
FROM ubuntu:16.04
MAINTAINER Joel Maher <joel.maher@gmail.com>
-RUN useradd -d /home/worker -s /bin/bash -m worker
+# We hardcode the uid and gid so they are consistent across all images.
+# This ensures caches shared between images don't need permissions
+# adjustment.
+RUN groupadd -g 1000 worker
+RUN useradd -d /home/worker -s /bin/bash -m -u 1000 -g worker worker
WORKDIR /home/worker
# %include testing/docker/recipes/tooltool.py
ADD topsrcdir/testing/docker/recipes/tooltool.py /setup/tooltool.py
# %include testing/mozharness/external_tools/robustcheckout.py
ADD topsrcdir/testing/mozharness/external_tools/robustcheckout.py /usr/local/mercurial/robustcheckout.py
--- a/testing/docker/lint/Dockerfile
+++ b/testing/docker/lint/Dockerfile
@@ -1,12 +1,17 @@
FROM ubuntu:16.04
MAINTAINER Andrew Halberstadt <ahalberstadt@mozilla.com>
-RUN useradd -d /home/worker -s /bin/bash -m worker
+# We hardcode the uid and gid so they are consistent across all images.
+# This ensures caches shared between images don't need permissions
+# adjustment.
+RUN groupadd -g 1000 worker
+RUN useradd -d /home/worker -s /bin/bash -m -u 1000 -g worker worker
+
WORKDIR /home/worker
RUN mkdir /build
# %include testing/docker/recipes/tooltool.py
ADD topsrcdir/testing/docker/recipes/tooltool.py /build/tooltool.py
# %include testing/mozharness/external_tools/robustcheckout.py
ADD topsrcdir/testing/mozharness/external_tools/robustcheckout.py /usr/local/mercurial/robustcheckout.py
