Spryker VM NFS permission issues

lsmith · 2018-11-13 19:49:23 UTC

Using Manjaro 18 (Arch Linux distro), I am running into issues with NFS.

I generally managed to fix the bulk of NFS and ssh key eerrors with the following adjustments ot the Vagrantfile:

# config.vm.network "private_network", ip: "10.10.0.63"
config.vm.network "private_network", type: "dhcp"
# config.vm.network 'private_network', :type => 'dhcp', :ip => '10.10.0.63'
config.hostmanager.enabled = true
config.hostmanager.manage_host = true
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.synced_folder "project", "/data/shop/development/current",
    type: 'nfs',
    nfs_udp: false,
    mount_options: ['rw', 'tcp'],
    linux__nfs_options: ['rw', 'no_root_squash', 'async', 'insecure', 'no_subtree_check']

# SSH Key Access
public_key_path = File.join(Dir.home, ".ssh", "id_rsa.pub")
if File.exist?(public_key_path)
    public_key = IO.read(public_key_path)
end
config.ssh.forward_agent = true
config.ssh.keys_only = false

# Disables the vagrant generated key.
# Uncomment if you only want access via user's key.
#config.ssh.insert_key = false

config.vm.provision :shell, :inline => <<-SCRIPT
    set -e

    # Add host user's ssh public key to authorized_hosts
    homedir=$(getent passwd "$SUDO_USER" | cut -d: -f6)
    echo '#{public_key}' >> $homedir/.ssh/authorized_keys
    chmod 600 $homedir/.ssh/authorized_keys
SCRIPT

Now the remaining issue is that www-data does not seem to have write permissions in the file system. This is causing all web requests and workers to fail, since they fe. cannot write to the logs.

marekobu · 2018-11-14 09:41:09 UTC

Hello Lukas,

I see two possible approaches here:

Fix (rather: workaround) NFS permissions.
In default setup, on Linux host, vagrant is adding to /etc/exports on your host line which looks like:
"/var/lib/jenkins/jobs/spryker-vm-core/workspace/saltstack" 10.10.0.226(rw,no_subtree_check,all_squash,anonuid=109,anongid=114,fsid=715299990)
Note the parameters: all_squash, anonuid and anongid. They actually cause violation of standard unix permission model, hardcode UID/GID of files visible on devvm and effectively causes any user in dev vm to have permissions to access the shared folder. This is vagrant’s default behaviour and while it’s completely not OK for live setups, it’s acceptable for development.
Run services as proper user
If you want to use real UID/GIDs, you need to change the user which is used for your application. You can change it in:

FPM - /etc/php/.2/fpm/pool.d/*.conf (user=... and group=...)
Jenkins - /etc/default/jenkins-development (JENKINS_USER=... and JENKINS_GROUP=...)

Please let me know your feedback!

Best regards,
Marek Obuchowicz
KoreKontrol Germany GmbH - Spryker hosting

lsmith · 2018-11-14 10:43:58 UTC

thx, I tried setting the uid/gid to 33 in the Vagrantfile which gave me the following but didn’t fix the issue

"/home/lsmith/htdocs/project" 10.10.0.63(rw,no_root_squash,async,insecure,no_subtree_check,anonuid=33,anongid=33,fsid=168093579)

marekobu · 2018-11-14 10:50:40 UTC

I don’t have a linux workstation available at the moment, just the CI system where I don’t want to play too much in order to not affect builds. Would it work for you to make a quick screensharing session (ie. on zoom.us) on Thursday?

lsmith · 2018-11-17 16:14:01 UTC

switched to ElementaryOS which is based on Ubuntu 18.04 LTS and here it seems to work fine without any changes needed, ie. not even the above mentioned changes.

marekobu · 2018-12-07 21:08:17 UTC

@volodymyr.volkov although we didn’t find the root cause of the issue, it seems to be specific to Manjaro 18 version (or possibly other versions as well) of Arch Linux. It might be helpful to add to Dev VM FAQ information that Arch Linux possibly has issues with NFS file sharing and Spryker Dev VM is not confirmed to work with this distribution.