selfhostyourtech/cubbi
2
0
Fork 0
mirror of https://github.com/Monadical-SAS/cubbi.git synced 2025-12-20 12:19:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(uid): use symlink instead of volume for persistent volume in the container

Browse Source
This commit is contained in:
Mathieu Virbel
2025-04-01 17:01:25 -06:00
parent f8b8639bb0
commit dd5b9ec213
5 changed files with 81 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -8,3 +8,7 @@ wheels/
# Virtual environments
.venv
# Aider
.aider*
.goose

47
mcontainer/container.py
View File

@@ -188,10 +188,6 @@ class ContainerManager:
if gid is not None:
env_vars["TARGET_GID"] = str(gid)
# Add project URL to environment if provided
if project:
env_vars["MC_PROJECT_URL"] = project
# Pass API keys from host environment to container for local development
api_keys = [
"OPENAI_API_KEY",
@@ -236,6 +232,7 @@ class ContainerManager:
# Clear project for container environment since we're mounting
project = None
elif is_git_repo:
env_vars["MC_PROJECT_URL"] = project
print(
f"Git repository URL provided - container will clone {project} into /app during initialization"
)
@@ -273,6 +270,7 @@ class ContainerManager:
# Create driver-specific config directories and set up direct volume mounts
if driver.persistent_configs:
persistent_links_data = [] # To store "source:target" pairs for symlinks
print("Setting up persistent configuration directories:")
for config in driver.persistent_configs:
# Get target directory path on host
@@ -291,13 +289,21 @@ class ContainerManager:
target_dir.parent.mkdir(parents=True, exist_ok=True)
# File will be created by the container if needed
# Mount persistent config directly to container path
session_volumes[str(target_dir)] = {
"bind": config.source,
"mode": "rw",
}
# --- REMOVED adding to session_volumes ---
# We will create symlinks inside the container instead of direct mounts
# Store the source and target paths for the init script
# Note: config.target is the path *within* /mc-config
persistent_links_data.append(f"{config.source}:{config.target}")
print(
f" - Created direct volume mount: {target_dir} -> {config.source}"
f" - Prepared host path {target_dir} for symlink target {config.target}"
)
# Set environment variable with semicolon-separated link pairs
if persistent_links_data:
env_vars["MC_PERSISTENT_LINKS"] = ";".join(persistent_links_data)
print(
f"Setting MC_PERSISTENT_LINKS={env_vars['MC_PERSISTENT_LINKS']}"
)
# Default MC network
@@ -634,7 +640,7 @@ class ContainerManager:
return False
container_id = session_obj.container_id
print(
f"[yellow]Warning: Session data missing for {session_id}. Attaching as default container user.[/yellow]"
f"[yellow]Warning: Session data missing for {session_id}. Connecting as default container user.[/yellow]"
)
else:
container_id = session_data.get("container_id")
@@ -660,18 +666,19 @@ class ContainerManager:
return False
try:
# Attach to the container's main process TTY
# This allows seeing the output of --run command followed by the shell
# The user context (UID/GID) is determined when the container is created,
# attach respects that context.
# Use exec instead of attach to avoid container exit on Ctrl+C
print(
f"Attaching to session {session_id} (container: {container_id[:12]})..."
f"Connecting to session {session_id} (container: {container_id[:12]})..."
)
print("Type 'exit' or Ctrl+P, Ctrl+Q (by default) to detach.")
cmd = ["docker", "attach", container_id]
print("Type 'exit' to detach from the session.")
# Use execvp to replace the current process with docker attach
# This provides a more seamless shell experience
# Use docker exec to start a new bash process in the container
# This leverages the init-status.sh script in bash.bashrc
# which will check initialization status
cmd = ["docker", "exec", "-it", container_id, "bash", "-l"]
# Use execvp to replace the current process with docker exec
# This provides a seamless shell experience
os.execvp("docker", cmd)
# execvp does not return if successful
return True # Should not be reached if execvp succeeds

11
mcontainer/drivers/goose/init-status.sh
View File

@@ -1,6 +1,11 @@
#!/bin/bash
# Script to check and display initialization status - optimized version
# Only proceed if running as root
if [ "$(id -u)" != "0" ]; then
exit 0
fi
# Quick check instead of full logic
if grep -q "INIT_COMPLETE=true" "/init.status" 2>/dev/null; then
echo "MC initialization has completed."
@@ -12,7 +17,7 @@ else
echo "----------------------------------------"
tail -f /init.log &
tail_pid=$!
# Check every second if initialization has completed
while true; do
if grep -q "INIT_COMPLETE=true" "/init.status" 2>/dev/null; then
@@ -26,4 +31,6 @@ else
else
echo "No initialization logs found."
fi
fi
fi
exec gosu mcuser /bin/bash -il

2
mcontainer/drivers/goose/mc-driver.yaml
View File

@@ -57,7 +57,7 @@ persistent_configs:
target: "/mc-config/goose-app"
type: "directory"
description: "Goose memory"
- source: "/root/.config/goose"
- source: "/home/mcuser/.config/goose"
target: "/mc-config/goose-config"
type: "directory"
description: "Goose configuration"

64
mcontainer/drivers/goose/mc-init.sh
View File

@@ -38,11 +38,9 @@ else
fi
fi
# Create home directory and set permissions if it doesn't exist
if [ ! -d "/home/mcuser" ]; then
mkdir -p /home/mcuser
chown $MC_USER_ID:$MC_GROUP_ID /home/mcuser
fi
# Create home directory and set permissions
mkdir -p /home/mcuser
chown $MC_USER_ID:$MC_GROUP_ID /home/mcuser
# Ensure /app exists and has correct ownership (important for volume mounts)
mkdir -p /app
chown $MC_USER_ID:$MC_GROUP_ID /app
@@ -112,7 +110,42 @@ else
echo "Warning: update-goose-config.sh script not found. Goose configuration will not be updated."
fi
echo "MC driver initialization complete"
# Create symlinks for persistent configurations defined in the driver
if [ -n "$MC_PERSISTENT_LINKS" ]; then
echo "Creating persistent configuration symlinks..."
# Split by semicolon
IFS=';' read -ra LINKS <<< "$MC_PERSISTENT_LINKS"
for link_pair in "${LINKS[@]}"; do
# Split by colon
IFS=':' read -r source_path target_path <<< "$link_pair"
if [ -z "$source_path" ] || [ -z "$target_path" ]; then
echo "Warning: Invalid link pair format '$link_pair', skipping."
continue
fi
echo "Processing link: $source_path -> $target_path"
parent_dir=$(dirname "$source_path")
# Ensure parent directory of the link source exists and is owned by mcuser
if [ ! -d "$parent_dir" ]; then
echo "Creating parent directory: $parent_dir"
mkdir -p "$parent_dir"
echo "Changing ownership of parent $parent_dir to $MC_USER_ID:$MC_GROUP_ID"
chown "$MC_USER_ID:$MC_GROUP_ID" "$parent_dir" || echo "Warning: Could not chown parent $parent_dir"
fi
# Create the symlink (force, no-dereference)
echo "Creating symlink: ln -sfn $target_path $source_path"
ln -sfn "$target_path" "$source_path"
# Optionally, change ownership of the symlink itself
echo "Changing ownership of symlink $source_path to $MC_USER_ID:$MC_GROUP_ID"
chown -h "$MC_USER_ID:$MC_GROUP_ID" "$source_path" || echo "Warning: Could not chown symlink $source_path"
done
echo "Persistent configuration symlinks created."
fi
# Mark initialization as complete
echo "=== MC Initialization completed at $(date) ==="
@@ -126,21 +159,4 @@ if [ -n "$MC_RUN_COMMAND" ]; then
echo "--- Initial command finished (exit code: $COMMAND_EXIT_CODE) ---";
fi;
# Determine the final command (the interactive shell)
FINAL_CMD=("$@")
if [ ${#FINAL_CMD[@]} -eq 0 ]; then
# Default to /bin/bash if CMD wasn't passed or was empty
FINAL_CMD=("/bin/bash")
fi
# If the final command is bash, ensure it runs interactively
# Check if the first argument is /bin/bash and -i is not already present
if [ "${FINAL_CMD[0]}" = "/bin/bash" ] && [[ ! " ${FINAL_CMD[@]} " =~ " -i " ]]; then
# Add the -i flag to the command array
FINAL_CMD+=("-i")
fi
echo "--- Starting interactive shell (${FINAL_CMD[*]}) ---";
# Now exec gosu directly into the final command, replacing this script process
# "${FINAL_CMD[@]}" ensures arguments are passed correctly (e.g., /bin/bash -i)
exec gosu mcuser "${FINAL_CMD[@]}"
exec gosu mcuser "$@"