Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
q
quick-keyboard-83126
12/22/2022, 8:39 AM@fast-garage-66093 how's https://github.com/rancher-sandbox/rancher-desktop/issues/1209#issuecomment-1323208555 doing? I'm on Rancher 1.7.0 on macOS 13.1... And I'd like to use the 9p stuff...
% cat ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
mountType: 9pIs there some easy way to see my settings? the
validatef
fast-garage-66093
01/03/2023, 7:13 PMIs this not working for you? Seems to work fine for me:
$ echo "mountType: 9p" > ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
$ rdctl start
INFO[0000] About to launch /usr/bin/open -a /Applications/Rancher <http://Desktop.app|Desktop.app> ...
$ rdctl shell mount | grep 9p
mount0 on /Users/jan/Library/Caches/rancher-desktop/k3s type 9p (ro,dirsync,relatime,fscache,cachetag=4294938123,access=client,trans=virtio)
mount1 on /Users/jan/Library/Logs/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount2 on /Users/jan type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount3 on /tmp/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)q
quick-keyboard-83126
01/03/2023, 7:17 PMjsoref@jsoref-mbp ~ % cat ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
mountType: 9p
jsoref@jsoref-mbp ~ % rdctl shell mount | grep 9p
mount0 on /Users/jsoref/Library/Caches/rancher-desktop/k3s type 9p (ro,dirsync,relatime,fscache,cachetag=4294937672,access=client,trans=virtio)
mount1 on /Users/jsoref/Library/Logs/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount2 on /Users/jsoref type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)
mount3 on /tmp/rancher-desktop type 9p (rw,dirsync,relatime,mmap,access=client,trans=virtio)f
fast-garage-66093
01/03/2023, 7:19 PMOk, I'm confused. You wrote: "And I'd like to use the 9p stuff...", and this shows that you are using
9pq
quick-keyboard-83126
01/03/2023, 7:19 PMI'm using
git@github.com:mastodon/mastodon.gitit has a
docker-compose.ymlwhen i try to docker compose up the
redispostgresf
fast-garage-66093
01/03/2023, 7:20 PMOh, this is not really about 9p then 🙂
q
quick-keyboard-83126
01/03/2023, 7:20 PMthis lets me use the containers:
diff --git a/docker-compose.yml b/docker-compose.yml
index c534286c7..06a76b26b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,8 +8,8 @@ services:
- internal_network
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
- volumes:
- - ./postgres14:/var/lib/postgresql/data
+ #volumes:
+ # - ./postgres14:/var/lib/postgresql/data
environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust'
@@ -20,8 +20,8 @@ services:
- internal_network
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
- volumes:
- - ./redis:/data
+ # volumes:
+ # - ./redis:/data
# es:
# restart: alwaysWell, my very naive understanding is that w/o 9p, permissions are guaranteed to fail miserably
But that w/ 9p, there's a chance that permissions inside the container could work even if the inside owner doesn't match the outside owner
insert some handwaving for all terminology -- please pretend i'm an end user who just wants things to work :magic_wand:
f
fast-garage-66093
01/03/2023, 7:24 PMIt is all still a mess. You may need to specify the security model and caching mechanism to get the behaviour you want, see e.g. chown/chmod on mounted directory: Permission denied · Issue #231 · lima-vm/lima
q
quick-keyboard-83126
01/03/2023, 7:25 PMlocationf
fast-garage-66093
01/03/2023, 7:26 PMInside and outside are the same by default. Only very recent lima versions allow you to specify an alternate
mountPointq
quick-keyboard-83126
01/03/2023, 7:26 PM🤯
ok, there are 3 perspectives available: macOS, lima, docker-container
locationf
fast-garage-66093
01/03/2023, 7:27 PMThe idea behind Lima was that you shouldn't need to know about the "inside"; it should look like it runs directly on the host; the rest is behind the magic curtain.
locationq
quick-keyboard-83126
01/03/2023, 7:28 PMok
f
fast-garage-66093
01/03/2023, 7:28 PMmounts:
- location: ~/Library/Caches/rancher-desktop/k3s
writable: false
- location: ~/Library/Logs/rancher-desktop
writable: true
- location: "~"
writable: true
- location: /tmp/rancher-desktop
writable: trueq
quick-keyboard-83126
01/03/2023, 7:28 PMnotably as a macOS user, seeing a
/optwhich is why it was easy for me to pick from my perspective the wrong of 2 choices (host=macOS, container)
Examples should really be written using macOS to hint to people that they're host paths and not container paths 🙂
f
fast-garage-66093
01/03/2023, 7:30 PMI think you would only need to modify the caching and security settings for
~q
quick-keyboard-83126
01/03/2023, 7:31 PMjsoref@jsoref-mbp mastodon % cat ~/Library/Application\ Support/rancher-desktop/lima/_config/override.yaml
mountType: 9p
mounts:
- location: "~"
9p:
securityModel: mapped-xattr
cache: "mmap"f
fast-garage-66093
01/03/2023, 7:31 PMmountType: 9p
mounts:
- location: "~"
9p:
securityModel: mapped-xattr
cache: "mmap"q
quick-keyboard-83126
01/03/2023, 7:32 PMand now i need to ask rancher ot restart?
f
fast-garage-66093
01/03/2023, 7:32 PMYes
q
quick-keyboard-83126
01/03/2023, 7:32 PMAnd there's no button for that? 🙂
f
fast-garage-66093
01/03/2023, 7:33 PMI don't think so; it is not a common operation
q
quick-keyboard-83126
01/03/2023, 7:33 PM(I'm pretty sure there's a button for
resetf
fast-garage-66093
01/03/2023, 7:33 PMThere is a
Factory Resetq
quick-keyboard-83126
01/03/2023, 7:33 PMyeah...
hmm, restarting rancher resulted in it asking for permissions
f
fast-garage-66093
01/03/2023, 7:34 PMWeird; did you change anything else?
q
quick-keyboard-83126
01/03/2023, 7:34 PMthat's nice and all, but I'd kinda like to know on start why did rancher decide it needed permissions again (i.e. is it upgrading?)
"i dunno!"
the diagnostics page should really link me to the logs folder
f
fast-garage-66093
01/03/2023, 7:34 PMI think it shows the operations it needs to do; you just have to expand them by pressing the triangle
q
quick-keyboard-83126
01/03/2023, 7:35 PMyeah, but that's not meaningful
it doesn't explain how it got to that state, just what it's technically doing to do to get out of it
f
fast-garage-66093
01/03/2023, 7:36 PMI really want to get out of having to ask for admin passwords at all, except during installation. It should all be done by a privileged helper process instead.
✅ 1
q
quick-keyboard-83126
01/03/2023, 7:37 PMit's pretty annoying, but, frankly, a bunch of apps do it, so i'm more or less used to cursing all of them
f
fast-garage-66093
01/03/2023, 7:37 PMIt makes it impossible to automate (well, very hard), which is one reason I want it gone 😄 (for automated testing)
q
quick-keyboard-83126
01/03/2023, 7:38 PMwireshark, virtualbox (beta),
well, yeah, i'm not saying you shouldn't fix it, just that i'm used to a bunch of things being annoying
my favorite is that system preferences will randomly remind me that virtualbox is on the list
f
fast-garage-66093
01/03/2023, 7:39 PMThe whole
/etc/sudoers.dq
quick-keyboard-83126
01/03/2023, 7:39 PMplease don't ask me "where the list is", why would I want to be able to answer that
what went wrong w/ sudoers.d?
f
fast-garage-66093
01/03/2023, 7:41 PMRules are processed in reverse order, and a generic rule can override a more specific rule. Which is the reason our file is called
zzzzzz-rancher-desktop-limaq
quick-keyboard-83126
01/03/2023, 7:41 PMoh so you randomly lose to someone else's rule
right...
i remember this headache
f
fast-garage-66093
01/03/2023, 7:42 PMBut that is just a hack. There are also potential race conditions that you cannot really avoid. Probably hard to exploit, but feels bad.
q
quick-keyboard-83126
01/03/2023, 7:43 PMwelp, the alternative tends to be a helper app that gets into a confused state and insists on running but then fails to do anything so the next time its real app starts, it forces you back through the flow which ... see circle
cocoapacket analyzer is the one I was thinking about
f
fast-garage-66093
01/03/2023, 7:43 PMYeah, but at least with the helper app you are in full control; so you can debug and fix things
q
quick-keyboard-83126
01/03/2023, 7:43 PMThe email I sent to the author:
I was running 2.0.0 on some version of macOS... I've since upgraded to
Ventura 13.1. When I opened Cocoa Packet Analyzer and selected Check
for Updates, it offered an update to 2.0.7.
I let it install and restart and then was prompted to upgrade the
background helper. I click ok, enter my password, and then am prompted
to let it restart to use it.
Failed to bless helper. Error: -60006
Please relaunch CPA and try again!
It appears to be a perpetual loop.
----
I've trashed my app and downloaded a fresh one from
<https://www.tastycocoabytes.com/#offcanvasDownloads> and it still has
the same issue.
It's also rather painful to quit as the various modal-ish dialogs do
not cooperate with please quit requests.f
fast-garage-66093
01/03/2023, 7:44 PM😞
q
quick-keyboard-83126
01/03/2023, 7:44 PMThe author replied w/ a correct way to fix it:
thanks a lot for reporting. Sorry for the inconvience! I assume you have been updating from a version < 2.0.4 and ended up in the install-restart loop :(
try issuing these commands in Terminal. It will be resetting the authorizationdb and remove the capture daemon:
sudo security authorizationdb remove com.tastycocoabytes.CPA.subscribeClient
sudo security authorizationdb remove com.tastycocoabytes.CPA.unsubscribeClient
sudo security authorizationdb remove com.tastycocoabytes.CPA.stopCapture
sudo security authorizationdb remove com.tastycocoabytes.CPA.startCapture
sudo rm /Library/LaunchDaemons/com.tastycocoabytes.cpasniffd.plist
sudo rm /Library/PrivilegedHelperTools/com.tastycocoabytes.cpasniffd
sudo killall -9 com.tastycocoabytes.cpasniffd
Afterwards CPA should be able to install the daemon. I changed the upgrade code for the daemon in 2.0.4 so hopefully this should not happen again.
Sorry for the rude english in the modal dialog. You are right it should be more pleasant!!!
If it still doesnt work please let me know!that probably hints at where you need to put your magic evil, but, of course, please avoid stupid loops 😉
f
fast-garage-66093
01/03/2023, 7:45 PMAnyways, I'm kind of short of time, catching up after being offline for 2 weeks. Does the
override.yamlq
quick-keyboard-83126
01/03/2023, 7:45 PMlemme try running a container and see how it feels
ok, the containers seem happy. so, yay.
is there an argument against using:
mountType: 9p
mounts:
- location: "~"
9p:
securityModel: mapped-xattr
cache: "mmap"f
fast-garage-66093
01/03/2023, 7:53 PMThere is a matrix somewhere about all the possible combinations, and I find it hard to pick one in particular. Some settings have problems with permissions; others don't work with symlinks; there was no clear winner from my point of view.
😢 1
q
quick-keyboard-83126
01/03/2023, 7:54 PMdoes 9p have issues w/ symlinks?
f
fast-garage-66093
01/03/2023, 7:54 PMWe need to make the settings configurable, at least via
rdctlYes, some security models don't support symlinks
q
quick-keyboard-83126
01/03/2023, 7:55 PMthat sounds really exciting 😞
how infeasible would it be to have something like:
mounts:
- location: "~"
limaMount: "/mapped-xattr/Users/..."
9p:
securityModel: mapped-xattr
cache: "mmap"
- location: "~"
limaMount: "/sec-model-2/Users/..."
9p:
securityModel: sec-model-2
cache: "mmap"f
fast-garage-66093
01/03/2023, 7:57 PMMight be slightly out of date, but this is what I was looking for: Add virtfs/9p mounts, instead of sshocker/sshfs by afbjorklund · Pull Request #726 · lima-vm/lima
q
quick-keyboard-83126
01/03/2023, 7:57 PMthen users wouldn't need to throw a ui wrench at it, but could just for a given container pick the path they like
f
fast-garage-66093
01/03/2023, 7:57 PMI don't know how overlapping mounts work with 9p, but with reverse-sshfs they don't work
q
quick-keyboard-83126
01/03/2023, 7:58 PMwhy would it see them that way?
f
fast-garage-66093
01/03/2023, 7:58 PMWhat would seem which way?
q
quick-keyboard-83126
01/03/2023, 7:59 PMthe idea being that in lima each has a distinct mount point
it isn't really "overlapping" in the way I'd imagine an overlap
i mean, i get that x different critters will want to be able to read/write the underlying path, but, there's also any other app running on the host which could also do that anyway...
f
fast-garage-66093
01/03/2023, 8:00 PMq
quick-keyboard-83126
01/03/2023, 8:00 PMI think that's a different overlap (one I also considered asking about, but didn't try to here)
f
fast-garage-66093
01/03/2023, 8:00 PMNote that you would also have multiple caches for the same host directories, which wouldn't know about each other
If you use write-through to the host, without caching, the performance would be terrible
q
quick-keyboard-83126
01/03/2023, 8:01 PMI can live w/ that. a given container will only use a single path map, and a user is unlikely to have multiple containers touching the same path at the same time -- and if they do, that's a problem of their own making
I'm imagining parallel mount directories in lima, so they aren't overlapping, which i think is different from 302
f
fast-garage-66093
01/03/2023, 8:02 PMMany PHP users are using Mutagen | Cloud-based development using your local tools because all the file sharing mechanisms are too slow for their huge numbers of files
Things become more interesting by throwing virtiofs into the mix as well, but that too seems to have performance issues
I will try to dive into this to get an up-to-date status, but not right now
👍 1
So, are things working for you now, or not?
q
quick-keyboard-83126
01/03/2023, 8:04 PMAnyway, thanks, for our basic use case which is generally a single container running a database managing a single directory where the user is pinned, things work
f
fast-garage-66093
01/03/2023, 8:04 PM(Note that your config does not support symlinks)
q
quick-keyboard-83126
01/03/2023, 8:05 PMthankfully none of the databases i'm touching are likely to deal w/ symlinks
although, hmm, i guess if we use symlinks anywhere else they'll explode?
f
fast-garage-66093
01/03/2023, 8:06 PMI think they will just look like regular files, so they should work fine, as long as you are only reading them. But this is from memory, so I might be wrong.
And it means you can have loops in your filesystem that you won't be able to detect because the symlink now looks like a regular file/directory.
Until you run into the mac path length issue 🙂
Alright, glad to hear it is working; I have to take care of other stuff now
✅ 1