Avoid bind-mounts for docker environments on macOS #18225
Conversation
76482c7 to
caf3651
Compare
…atter to be used as tar input.
0360272 to
5c3cacc
Compare
…sed, to avoid Docker bind mount confusion.
e7c27cb to
387f89f
Compare
|
Commits are useful to review independently: most of them are self explanatory, but the "Split |
This comment was marked as outdated.
This comment was marked as outdated.
d2141fa to
a55036d
Compare
…n using tar file inputs.
a55036d to
9a36c6c
Compare
| } | ||
| DockerStrategy::Pipe => { | ||
| // NB: For now, we continue to materialize files into a bind mount, but we do so from | ||
| // within the container. This allows us to capture outputs without an additional |
There was a problem hiding this comment.
This seems logically very likely. In my reading this is a known bug we're just waiting for to happen without calling the shot in an issue, maybe do that and we get to work on it? This still feels like shipping known (slightly less) broken software.
There was a problem hiding this comment.
It seems possible, yes. But since we haven't observed it yet, I'm gambling... in the interest of saving time and complexity (I hope).
There was a problem hiding this comment.
With my user hat on I definitely do not appreciate you gambling and not letting me know. I hope this will make a release announcement / acknowledgement - basically macOS Docker integration is known likely broken and you may see X.
There was a problem hiding this comment.
If you want a semi-reliable manual way to expose the bug, clone https://github.com/tdyas/pants-go-testing and then run ./pants package race:racy_docker repeatedly.
There was a problem hiding this comment.
(although "race" there refers to the Go data race detector, not this bug)
There was a problem hiding this comment.
Mm, missed your comment before merging @tdyas : but thanks, will try it.
| .start_exec(&exec.id, None) | ||
| .await | ||
| .map_err(|err| format!("Failed to start Docker execution `{}`: {:?}", &exec.id, err))?; | ||
| let StartExecResults::Attached { mut output, mut input } = exec_result else { |
There was a problem hiding this comment.
This syntax is new to me. I'd expect an if let would be needed to support the else at the end. I feel like I'm reading scala and space can invoke a method and else is a method or something.
There was a problem hiding this comment.
Alrighty, pretty new: https://doc.rust-lang.org/nightly/rust-by-example/flow_control/let_else.html
There was a problem hiding this comment.
This is let-else, but used with something other than Option: https://rust-lang.github.io/rfcs/3137-let-else.html
Internal changes: * go: fix go vet test flakiness ([#18296](#18296) * Add default gha 1000:1000 user to GHA images. ([#18281](#18281)) * Don't specify interpreter_constraints when building the release pex. ([#18280](#18280)) * go: update pass-through `go test` options for Go v1.20 ([#18229](#18229)) * Fix release for /tmp on a seperate filesystem. ([#18272](#18272)) * upgrade to Rust v1.67.1 ([#18269](#18269)) * Prepare the 2.15.0rc6 release. ([#18263](#18263)) * Allow lambdas for `Field` and `Target` help ([#18248](#18248)) * Revert "Avoid bind-mounts for docker environments on macOS (#18225)" ([#18247](#18247)) * Refactors `experimental_shell_command`-related files to better separate concerns ([#18223](#18223)) * Prepare the 2.15.0rc5 release. ([#18224](#18224)) * Give dedicated threads names ([#18214](#18214)) * Prepare 2.15.0rc4. ([#18196](#18196)) * Remove the `boot_script` from `experimental_shell_command`/`experimental_run_in_sandbox` ([#18168](#18168)) * Adjusts `BinaryShims` to use native digest operations and `immutable_input_digests` ([#18184](#18184)) * go: update build tags check from latest go sources ([#18176](#18176)) * [internal] note dependency to `scie-pants` on "testing" env vars. ([#18170](#18170)) * go: allow coverage for standard library packages ([#18171](#18171)) * Support using `scie-pants` for Pants dev work. ([#18158](#18158)) * Prepare the 2.15.0rc3 release ([#18156](#18156)) * Splits up `shell_command.py` ([#18147](#18147))
…d#18225)" (pantsbuild#18247) Symlink support in `Digest`s landed after `2.15.x` was cut, and is too significant to cherry-pick. This reverts pantsbuild#18225. Will re-land a smaller change which can be more easily picked. This reverts commit c478a13.
Internal changes: * go: fix go vet test flakiness ([pantsbuild#18296](pantsbuild#18296) * Add default gha 1000:1000 user to GHA images. ([pantsbuild#18281](pantsbuild#18281)) * Don't specify interpreter_constraints when building the release pex. ([pantsbuild#18280](pantsbuild#18280)) * go: update pass-through `go test` options for Go v1.20 ([pantsbuild#18229](pantsbuild#18229)) * Fix release for /tmp on a seperate filesystem. ([pantsbuild#18272](pantsbuild#18272)) * upgrade to Rust v1.67.1 ([pantsbuild#18269](pantsbuild#18269)) * Prepare the 2.15.0rc6 release. ([pantsbuild#18263](pantsbuild#18263)) * Allow lambdas for `Field` and `Target` help ([pantsbuild#18248](pantsbuild#18248)) * Revert "Avoid bind-mounts for docker environments on macOS (pantsbuild#18225)" ([pantsbuild#18247](pantsbuild#18247)) * Refactors `experimental_shell_command`-related files to better separate concerns ([pantsbuild#18223](pantsbuild#18223)) * Prepare the 2.15.0rc5 release. ([pantsbuild#18224](pantsbuild#18224)) * Give dedicated threads names ([pantsbuild#18214](pantsbuild#18214)) * Prepare 2.15.0rc4. ([pantsbuild#18196](pantsbuild#18196)) * Remove the `boot_script` from `experimental_shell_command`/`experimental_run_in_sandbox` ([pantsbuild#18168](pantsbuild#18168)) * Adjusts `BinaryShims` to use native digest operations and `immutable_input_digests` ([pantsbuild#18184](pantsbuild#18184)) * go: update build tags check from latest go sources ([pantsbuild#18176](pantsbuild#18176)) * [internal] note dependency to `scie-pants` on "testing" env vars. ([pantsbuild#18170](pantsbuild#18170)) * go: allow coverage for standard library packages ([pantsbuild#18171](pantsbuild#18171)) * Support using `scie-pants` for Pants dev work. ([pantsbuild#18158](pantsbuild#18158)) * Prepare the 2.15.0rc3 release ([pantsbuild#18156](pantsbuild#18156)) * Splits up `shell_command.py` ([pantsbuild#18147](pantsbuild#18147))
Bind mounts in Docker for macOS have been implemented in a variety of ways over time, and are still in flux (https://www.cncf.io/blog/2023/02/02/docker-on-macos-is-slow-and-how-to-fix-it/ is a good overview of the chaos). But the
gRPC FUSEimplementation which is the default in the most recently released version at the time of writing (4.16.2) can suffer from race conditions where files which are created on the host inside a bind mount may not be visible to the container. This causes issues like #18162.To avoid race conditions for file inputs, this change introduces a "pipe" IO strategy for Docker inputs, which uses a tar-pipe (from a tar-file stream written by the
Store, to anexecoftarinside the container) to write process inputs. This strategy is used by default on macOS (for now), but the choice of strategy can be overridden.The
pipeIO strategy is about 30% slower for test running than themountstrategy. As we gather feedback from macOS users, we should be able to gain a clearer picture of which Docker for macOS versions and filesystem implementations can safely use themountstrategy.Fixes #18162.