Skip to content

Commit

Permalink
fix: disable ulimits in rootless docker mode
Browse files Browse the repository at this point in the history
  • Loading branch information
@OmarIthawi
OmarIthawi committed Nov 16, 2023
1 parent f4dc508 commit b942a61
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 0 deletions.
20 changes: 20 additions & 0 deletions tests/test_utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import tempfile
import unittest
from io import StringIO
import subprocess
from typing import List, Tuple
from unittest.mock import MagicMock, mock_open, patch

Expand Down Expand Up @@ -241,6 +242,25 @@ def test_is_http(self) -> None:
self.assertFalse(utils.is_http("home/user/"))
self.assertFalse(utils.is_http("http-home/user/"))

@patch("subprocess.run")
def test_is_docker_rootless(self, mock_run: MagicMock) -> None:
# Mock rootless `docker info` output
utils.is_docker_rootless.cache_clear()
mock_run.return_value.stdout = "some prefix\n rootless foo bar".encode("utf-8")
self.assertTrue(utils.is_docker_rootless())

# Mock regular `docker info` output
utils.is_docker_rootless.cache_clear()
mock_run.return_value.stdout = "some prefix, regular docker".encode("utf-8")
self.assertFalse(utils.is_docker_rootless())

@patch("subprocess.run")
def test_is_docker_rootless_podman(self, mock_run: MagicMock) -> None:
"""Test the `is_docker_rootless` when podman is used or any other error with `docker info`"""
utils.is_docker_rootless.cache_clear()
mock_run.side_effect = subprocess.CalledProcessError(1, "docker info")
self.assertFalse(utils.is_docker_rootless())

def test_format_table(self) -> None:
rows: List[Tuple[str, ...]] = [
("a", "xyz", "value 1"),
Expand Down
1 change: 1 addition & 0 deletions tutor/env.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ def _prepare_environment() -> None:
("TUTOR_APP", __app__.replace("-", "_")),
("TUTOR_VERSION", __version__),
("is_buildkit_enabled", utils.is_buildkit_enabled),
("is_docker_rootless", utils.is_docker_rootless),
],
)

Expand Down
9 changes: 9 additions & 0 deletions tutor/templates/dev/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,4 +52,13 @@ services:
command: openedx-assets watch-themes --env dev
restart: unless-stopped

{% if RUN_ELASTICSEARCH and is_docker_rootless() %}
elasticsearch:
ulimits:
memlock:
# Fixes error setting rlimits for ready process in rootless docker
soft: 0 # zero means "unset" in the memlock context
hard: 0
{% endif %}

{{ patch("local-docker-compose-dev-services")|indent(2) }}
14 changes: 14 additions & 0 deletions tutor/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,20 @@ def is_buildkit_enabled() -> bool:
return False


@lru_cache(maxsize=None)
def is_docker_rootless() -> bool:
"""
A helper function to determine if Docker is running in rootless mode.
- https://docs.docker.com/engine/security/rootless/
"""
try:
results = subprocess.run(["docker", "info"], capture_output=True, check=True)
return "rootless" in results.stdout.decode()
except subprocess.CalledProcessError:
return False


def docker_compose(*command: str) -> int:
return execute("docker", "compose", *command)

Expand Down

0 comments on commit b942a61

Please sign in to comment.