https://rancher.com/ logo
Title
q

quick-keyboard-83126

12/22/2022, 8:39 AM
@fast-garage-66093 how's https://github.com/rancher-sandbox/rancher-desktop/issues/1209#issuecomment-1323208555 doing? I'm on Rancher 1.7.0 on macOS 13.1... And I'd like to use the 9p stuff...
% cat ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml             
mountType: 9p
Is there some easy way to see my settings? the
validate
command doesn't validate an override file...
f

fast-garage-66093

01/03/2023, 7:13 PM
Is this not working for you? Seems to work fine for me:
$ echo "mountType: 9p" > ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
$ rdctl start
INFO[0000] About to launch /usr/bin/open -a /Applications/Rancher <http://Desktop.app|Desktop.app> ...
$ rdctl shell mount | grep 9p
mount0 on /Users/jan/Library/Caches/rancher-desktop/k3s type 9p (ro,dirsync,relatime,fscache,cachetag=4294938123,access=client,trans=virtio)
mount1 on /Users/jan/Library/Logs/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount2 on /Users/jan type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount3 on /tmp/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
Of course waiting for the VM to start before running the shell command
q

quick-keyboard-83126

01/03/2023, 7:17 PM
jsoref@jsoref-mbp ~ % cat  ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
mountType: 9p
jsoref@jsoref-mbp ~ % rdctl shell mount | grep 9p

mount0 on /Users/jsoref/Library/Caches/rancher-desktop/k3s type 9p (ro,dirsync,relatime,fscache,cachetag=4294937672,access=client,trans=virtio)
mount1 on /Users/jsoref/Library/Logs/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount2 on /Users/jsoref type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount3 on /tmp/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
f

fast-garage-66093

01/03/2023, 7:19 PM
Ok, I'm confused. You wrote: "And I'd like to use the 9p stuff...", and this shows that you are using
9p
q

quick-keyboard-83126

01/03/2023, 7:19 PM
I'm using
git@github.com:mastodon/mastodon.git
as my start point
it has a
docker-compose.yml
file
when i try to docker compose up the
redis
and
postgres
things, they fail miserably
f

fast-garage-66093

01/03/2023, 7:20 PM
Oh, this is not really about 9p then 🙂
q

quick-keyboard-83126

01/03/2023, 7:20 PM
this lets me use the containers:
diff --git a/docker-compose.yml b/docker-compose.yml
index c534286c7..06a76b26b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,8 +8,8 @@ services:
       - internal_network
     healthcheck:
       test: ['CMD', 'pg_isready', '-U', 'postgres']
-    volumes:
-      - ./postgres14:/var/lib/postgresql/data
+    #volumes:
+    #  - ./postgres14:/var/lib/postgresql/data
     environment:
       - 'POSTGRES_HOST_AUTH_METHOD=trust'

@@ -20,8 +20,8 @@ services:
       - internal_network
     healthcheck:
       test: ['CMD', 'redis-cli', 'ping']
-    volumes:
-      - ./redis:/data
+    # volumes:
+    #   - ./redis:/data

   # es:
   #   restart: always
Well, my very naive understanding is that w/o 9p, permissions are guaranteed to fail miserably
But that w/ 9p, there's a chance that permissions inside the container could work even if the inside owner doesn't match the outside owner
insert some handwaving for all terminology -- please pretend i'm an end user who just wants things to work :magic_wand:
f

fast-garage-66093

01/03/2023, 7:24 PM
It is all still a mess. You may need to specify the security model and caching mechanism to get the behaviour you want, see e.g. chown/chmod on mounted directory: Permission denied · Issue #231 · lima-vm/lima
q

quick-keyboard-83126

01/03/2023, 7:25 PM
location
is an inside path?
f

fast-garage-66093

01/03/2023, 7:26 PM
Inside and outside are the same by default. Only very recent lima versions allow you to specify an alternate
mountPoint
for the inside path
q

quick-keyboard-83126

01/03/2023, 7:26 PM
🤯
ok, there are 3 perspectives available: macOS, lima, docker-container
location
is macOS?
f

fast-garage-66093

01/03/2023, 7:27 PM
The idea behind Lima was that you shouldn't need to know about the "inside"; it should look like it runs directly on the host; the rest is behind the magic curtain.
location
is on the host, and inside the VM, but not the container.
q

quick-keyboard-83126

01/03/2023, 7:28 PM
ok
f

fast-garage-66093

01/03/2023, 7:28 PM
mounts:
  - location: ~/Library/Caches/rancher-desktop/k3s
    writable: false
  - location: ~/Library/Logs/rancher-desktop
    writable: true
  - location: "~"
    writable: true
  - location: /tmp/rancher-desktop
    writable: true
q

quick-keyboard-83126

01/03/2023, 7:28 PM
notably as a macOS user, seeing a
/opt
path feels more like a container path than a host path
which is why it was easy for me to pick from my perspective the wrong of 2 choices (host=macOS, container)
Examples should really be written using macOS to hint to people that they're host paths and not container paths 🙂
f

fast-garage-66093

01/03/2023, 7:30 PM
I think you would only need to modify the caching and security settings for
~
q

quick-keyboard-83126

01/03/2023, 7:31 PM
jsoref@jsoref-mbp mastodon % cat ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
mountType: 9p
mounts:
  - location: "~"
    9p:
      securityModel: mapped-xattr
      cache: "mmap"
f

fast-garage-66093

01/03/2023, 7:31 PM
mountType: 9p
mounts:
- location: "~"
  9p:
    securityModel: mapped-xattr
    cache: "mmap"
q

quick-keyboard-83126

01/03/2023, 7:32 PM
and now i need to ask rancher ot restart?
f

fast-garage-66093

01/03/2023, 7:32 PM
Yes
q

quick-keyboard-83126

01/03/2023, 7:32 PM
And there's no button for that? 🙂
f

fast-garage-66093

01/03/2023, 7:33 PM
I don't think so; it is not a common operation
q

quick-keyboard-83126

01/03/2023, 7:33 PM
(I'm pretty sure there's a button for
reset
)
f

fast-garage-66093

01/03/2023, 7:33 PM
There is a
Factory Reset
button on the trouble-shooting page...
q

quick-keyboard-83126

01/03/2023, 7:33 PM
yeah...
hmm, restarting rancher resulted in it asking for permissions
f

fast-garage-66093

01/03/2023, 7:34 PM
Weird; did you change anything else?
q

quick-keyboard-83126

01/03/2023, 7:34 PM
that's nice and all, but I'd kinda like to know on start why did rancher decide it needed permissions again (i.e. is it upgrading?)
"i dunno!"
the diagnostics page should really link me to the logs folder
f

fast-garage-66093

01/03/2023, 7:34 PM
I think it shows the operations it needs to do; you just have to expand them by pressing the triangle
q

quick-keyboard-83126

01/03/2023, 7:35 PM
yeah, but that's not meaningful
it doesn't explain how it got to that state, just what it's technically doing to do to get out of it
f

fast-garage-66093

01/03/2023, 7:36 PM
I really want to get out of having to ask for admin passwords at all, except during installation. It should all be done by a privileged helper process instead.
1
q

quick-keyboard-83126

01/03/2023, 7:37 PM
it's pretty annoying, but, frankly, a bunch of apps do it, so i'm more or less used to cursing all of them
f

fast-garage-66093

01/03/2023, 7:37 PM
It makes it impossible to automate (well, very hard), which is one reason I want it gone 😄 (for automated testing)
q

quick-keyboard-83126

01/03/2023, 7:38 PM
wireshark, virtualbox (beta),
well, yeah, i'm not saying you shouldn't fix it, just that i'm used to a bunch of things being annoying
my favorite is that system preferences will randomly remind me that virtualbox is on the list
f

fast-garage-66093

01/03/2023, 7:39 PM
The whole
/etc/sudoers.d
thing is such a bad idea. At least I know now to avoid it in the future
q

quick-keyboard-83126

01/03/2023, 7:39 PM
please don't ask me "where the list is", why would I want to be able to answer that
what went wrong w/ sudoers.d?
f

fast-garage-66093

01/03/2023, 7:41 PM
Rules are processed in reverse order, and a generic rule can override a more specific rule. Which is the reason our file is called
zzzzzz-rancher-desktop-lima
q

quick-keyboard-83126

01/03/2023, 7:41 PM
oh so you randomly lose to someone else's rule
right...
i remember this headache
f

fast-garage-66093

01/03/2023, 7:42 PM
But that is just a hack. There are also potential race conditions that you cannot really avoid. Probably hard to exploit, but feels bad.
q

quick-keyboard-83126

01/03/2023, 7:43 PM
welp, the alternative tends to be a helper app that gets into a confused state and insists on running but then fails to do anything so the next time its real app starts, it forces you back through the flow which ... see circle
cocoapacket analyzer is the one I was thinking about
f

fast-garage-66093

01/03/2023, 7:43 PM
Yeah, but at least with the helper app you are in full control; so you can debug and fix things
q

quick-keyboard-83126

01/03/2023, 7:43 PM
The email I sent to the author:
I was running 2.0.0 on some version of macOS... I've since upgraded to
Ventura 13.1. When I opened Cocoa Packet Analyzer and selected Check
for Updates, it offered an update to 2.0.7.

I let it install and restart and then was prompted to upgrade the
background helper. I click ok, enter my password, and then am prompted
to let it restart to use it.

Failed to bless helper. Error: -60006

Please relaunch CPA and try again!

It appears to be a perpetual loop.

----

I've trashed my app and downloaded a fresh one from
<https://www.tastycocoabytes.com/#offcanvasDownloads> and it still has
the same issue.

It's also rather painful to quit as the various modal-ish dialogs do
not cooperate with please quit requests.
f

fast-garage-66093

01/03/2023, 7:44 PM
😞
q

quick-keyboard-83126

01/03/2023, 7:44 PM
The author replied w/ a correct way to fix it:
thanks a lot for reporting. Sorry for the inconvience! I assume you have been updating from a version < 2.0.4 and ended up in the install-restart loop :(

try issuing these commands in Terminal. It will be resetting the authorizationdb and remove the capture daemon:


sudo security authorizationdb remove com.tastycocoabytes.CPA.subscribeClient
sudo security authorizationdb remove com.tastycocoabytes.CPA.unsubscribeClient
sudo security authorizationdb remove com.tastycocoabytes.CPA.stopCapture
sudo security authorizationdb remove com.tastycocoabytes.CPA.startCapture

sudo rm /Library/LaunchDaemons/com.tastycocoabytes.cpasniffd.plist
sudo rm /Library/PrivilegedHelperTools/com.tastycocoabytes.cpasniffd
sudo killall -9 com.tastycocoabytes.cpasniffd

Afterwards CPA should be able to install the daemon. I changed the upgrade code for the daemon in 2.0.4 so hopefully this should not happen again.

Sorry for the rude english in the modal dialog. You are right it should be more pleasant!!!

If it still doesnt work please let me know!
that probably hints at where you need to put your magic evil, but, of course, please avoid stupid loops 😉
f

fast-garage-66093

01/03/2023, 7:45 PM
Anyways, I'm kind of short of time, catching up after being offline for 2 weeks. Does the
override.yaml
work for you?
q

quick-keyboard-83126

01/03/2023, 7:45 PM
lemme try running a container and see how it feels
ok, the containers seem happy. so, yay.
is there an argument against using:
mountType: 9p
mounts:
  - location: "~"
    9p:
      securityModel: mapped-xattr
      cache: "mmap"
by default in 1.8.0?
f

fast-garage-66093

01/03/2023, 7:53 PM
There is a matrix somewhere about all the possible combinations, and I find it hard to pick one in particular. Some settings have problems with permissions; others don't work with symlinks; there was no clear winner from my point of view.
😢 1
q

quick-keyboard-83126

01/03/2023, 7:54 PM
does 9p have issues w/ symlinks?
f

fast-garage-66093

01/03/2023, 7:54 PM
We need to make the settings configurable, at least via
rdctl
at first, but eventually via the UI and let the user make a decision
Yes, some security models don't support symlinks
q

quick-keyboard-83126

01/03/2023, 7:55 PM
that sounds really exciting 😞
how infeasible would it be to have something like:
mounts:
  - location: "~"
    limaMount: "/mapped-xattr/Users/..."
    9p:
      securityModel: mapped-xattr
      cache: "mmap"
  - location: "~"
    limaMount: "/sec-model-2/Users/..."
    9p:
      securityModel: sec-model-2
      cache: "mmap"
f

fast-garage-66093

01/03/2023, 7:57 PM
Might be slightly out of date, but this is what I was looking for: Add virtfs/9p mounts, instead of sshocker/sshfs by afbjorklund · Pull Request #726 · lima-vm/lima
q

quick-keyboard-83126

01/03/2023, 7:57 PM
then users wouldn't need to throw a ui wrench at it, but could just for a given container pick the path they like
f

fast-garage-66093

01/03/2023, 7:57 PM
I don't know how overlapping mounts work with 9p, but with reverse-sshfs they don't work
q

quick-keyboard-83126

01/03/2023, 7:58 PM
why would it see them that way?
f

fast-garage-66093

01/03/2023, 7:58 PM
What would seem which way?
q

quick-keyboard-83126

01/03/2023, 7:59 PM
the idea being that in lima each has a distinct mount point
it isn't really "overlapping" in the way I'd imagine an overlap
i mean, i get that x different critters will want to be able to read/write the underlying path, but, there's also any other app running on the host which could also do that anyway...
q

quick-keyboard-83126

01/03/2023, 8:00 PM
I think that's a different overlap (one I also considered asking about, but didn't try to here)
f

fast-garage-66093

01/03/2023, 8:00 PM
Note that you would also have multiple caches for the same host directories, which wouldn't know about each other
If you use write-through to the host, without caching, the performance would be terrible
q

quick-keyboard-83126

01/03/2023, 8:01 PM
I can live w/ that. a given container will only use a single path map, and a user is unlikely to have multiple containers touching the same path at the same time -- and if they do, that's a problem of their own making
I'm imagining parallel mount directories in lima, so they aren't overlapping, which i think is different from 302
f

fast-garage-66093

01/03/2023, 8:02 PM
Many PHP users are using Mutagen | Cloud-based development using your local tools because all the file sharing mechanisms are too slow for their huge numbers of files
Things become more interesting by throwing virtiofs into the mix as well, but that too seems to have performance issues
I will try to dive into this to get an up-to-date status, but not right now
👍 1
So, are things working for you now, or not?
q

quick-keyboard-83126

01/03/2023, 8:04 PM
Anyway, thanks, for our basic use case which is generally a single container running a database managing a single directory where the user is pinned, things work
f

fast-garage-66093

01/03/2023, 8:04 PM
(Note that your config does not support symlinks)
q

quick-keyboard-83126

01/03/2023, 8:05 PM
thankfully none of the databases i'm touching are likely to deal w/ symlinks
although, hmm, i guess if we use symlinks anywhere else they'll explode?
f

fast-garage-66093

01/03/2023, 8:06 PM
I think they will just look like regular files, so they should work fine, as long as you are only reading them. But this is from memory, so I might be wrong.
And it means you can have loops in your filesystem that you won't be able to detect because the symlink now looks like a regular file/directory.
Until you run into the mac path length issue 🙂
Alright, glad to hear it is working; I have to take care of other stuff now
1