fab: drop cd /tmp and run docker-pkg as normal user
From https://gerrit.wikimedia.org/r/c/operations/puppet/+/1105449/comments/15f7183f_89ce6f3a
The fault comes from 22c4cd34 Fix sudo docker-pkg. When I revert that commit in my local copy of dev-images, then ./fab deploy_devimages
works properly.
The failing command:
ssh contint.wikimedia.org sudo -H -u dockerpkg-builder '/srv/deployment/docker-pkg/venv/bin/docker-pkg -c /etc/docker-pkg/dev-images.yaml --info build /srv/dev-images/dockerfiles'
...
File "/srv/deployment/docker-pkg/venv/lib/python3.9/site-packages/docker/transport/unixconn.py", line 30, in connect
sock.connect(self.unix_socket)
PermissionError: [Errno 13] Permission denied
With 22c4cd34 reverted:
+ ssh contint.wikimedia.org sudo -H -u dockerpkg-builder 'cd /tmp
/srv/deployment/docker-pkg/venv/bin/docker-pkg -c /etc/docker-pkg/dev-images.yaml --info build /srv/dev-images/dockerfiles'
sudo: cd: command not found
2025-01-02 10:40:47 [docker-pkg-build] INFO - Processing the dockerfile template in /srv/dev-images/dockerfiles/restbase (builder.py:284)
If I pass multiple commands:
ssh contint.wikimedia.org sudo -H -u dockerpkg-builder 'cd /tmp
id'
uid=1010(hashar) gid=500(wikidev)
sudo: cd: command not found
Which thus run docker-pkg
as my user, which is in the docker
group. The issue is I think ssh
splits it in multiple commands so that it runs:
- sudo -H -u dockerpkg-builder cd /tmp
=> Fails as Ahmon pointed due to not using a shell
- /srv/deployment/docker-pkg/venv/bin/docker-pkg -c /etc/docker-pkg/dev-images.yaml --info build /srv/dev-images/dockerfiles'
Which runs WITHOUT sudo and thus as our user. That is how it is done for integration/config with the permission managed in modules/admin
Bug: T382285