Symfony 3.4 deployer fails due to permission denied of shared folder - symfony

I have developed a webapp based on Symfony3.4. On production it is deployed on a Ubuntu 18.04 Server via deployer (deployer.org).
Everything runs fine so far. The webapp is deployed in /opt/app/prod done by a user that is part of group www-data.
My webapp allows the upload of files. To support this I have added the folder data which stores the uploaded files.
In order to sustain access to the files after another release I have added the data folder to the list of shared folders.
My deploy.php looks as follows:
set('bin_dir', 'bin');
// Symfony console bin
set('bin/console', function () {
return sprintf('{{release_path}}/%s/console', trim(get('bin_dir'), '/'));
});
// Project name
set('application', 'appname');
set('http_user', 'www-data');
set('writable_mode', 'acl');
// Project repository
set('repository', '<MY_GITREPO>');
// [Optional] Allocate tty for git clone. Default value is false.
set('git_tty', true);
// Shared files/dirs between deploys
add('shared_files', []);
add('shared_dirs', ['data']);
// Writable dirs by web server
add('writable_dirs', ['{{release_path}}','data']);
// Hosts
host('prod')
->hostname('<MY_HOST>')
->user('<MY_USER>')
->stage('prod')
->set('deploy_path', '/opt/app/prod/<MY_APPNAME>');
This leads to the following folder structure:
.
├── current -> releases/5
├── releases
│   ├── 2
│   ├── 3
│   ├── 4
│   └── 5
└── shared
├── app
└── data
So everything fine so far - with one exception:
Deployer wants to setfacl the data folder which is not allowed as the files in data belongs to www-data:www-data where deployer tries to change this as .
The command "export SYMFONY_ENV='prod'; cd /opt/app/prod/<MY_APPNAME>/releases/5 && (setfacl -RL -m u:"www-data":rwX -m u:`whoami`:rwX /opt/app/prod/<MY_APPNAME>/releases/5)" failed.
setfacl: /opt/app/prod/<MY_APPNAME>/releases/5/data/child/679/ba7f9641061879554e5cafbd6a3a557b.jpeg: Operation not permitted
I have the impression that I did a mistake in my deployer.php or I missed something.
Has someone an idea what I need to do in order to get my deployment running?
Thanks and best regards

Related

Creating Docker Volumes in R-Studio Container

I have been running a docker image that lets you interact with R studio in the browser. Here is the link to the R-Studio Browser Github. This code on Windows 10. Down below are the runtime parameters I ran to start the container:
docker run --rm -p 8787:8787 -e USER=guest -e PASSWORD=guest -v C:\Users\Edge\Desktop\coding\school-courses\Probiblity-Stats\R-code\running:/home/guest/r-docker tmlts/r-tidyverse-h2o
I want the scripts that I create within the R-studio container to also be available outside in on my host machine. So I would like to create a volume for all the files in the class-work directory within the container to be one to one with the \Probability-Stats\R-code\running directory on my host machine. The testing.R is the R files as an example in the directories below. So every time a new change is implemented and saved I want the host machine's/containers R file's contents to also be altered synchronously.
So within R studio container I have the following directories:
Note that the directories r-docker and rstudio came with the image build and class-work directory was manually created by me.
.
├── class-work/
│ └── testing.R
├── r-docker
└── rstudio
Host machine Directory:
.
└── Probability-Stats/
└── R-code/
└── running/
└── testing.R

Flyway Locations Property Not Being Set

Flyway does not seem to be able to resolve classpath, despite the migrations being in there. What am I doing wrong here?
➜ my-project git:(main) ✗ flyway migrate
Flyway Community Edition 7.0.4 by Redgate
ERROR: Unable to resolve location classpath:db/migration.
Database: jdbc:mysql://localhost:3306/adb (MySQL 8.0)
Successfully validated 0 migrations (execution time 00:00.051s)
WARNING: No migrations found. Are your locations set up correctly?
Current version of schema `adb`: << Empty Schema >>
Schema `adb` is up to date. No migration necessary.
flyway.conf
flyway.url=jdbc:mysql://localhost:3306/adb
flyway.user=root
flyway.password=my-secret-pw
flyway.locations=db/migration/
Tree
➜ my-project git:(main) ✗ tree .
.
├── README.md
├── db
│   └── migration
│   ├── V1.0__create_foo_table.sql
│   ├── V2.0__create_bar_table.sql
│   └── V3.0__alter_bar_table.sql
├── flyway.conf
I've also tried an absolute path with no luck
Figured it out - forgot the filesystem: prepend
flyway.locations=filesystem:db/migration/
I experienced another reason for migration scripts not being found with Flyway 7.8.2.
If the Flyway process does not have read access to the script, rather than printing an error, it simply ignores the files exist.
Found this while using the Flyway Docker image within AWS Codepipeline. The image runs the process as a user called 'flyway'. Codepipeline somehow strips the "excess" permissions from the files on upload. So needed to "chmod 0444" files before using Flyway.
Also recommend using the -X flyway option, to list what it is doing.

What is the correct way to setup multiple logically organized sub folders in a terraform repo?

Currently I am working on a infrastructure in azure that comprises of the following:
resource group
application gateway
app service
etc
everything I have is in one single main.tf file which I know was a mistake however I wanted to start from there. I am currently trying to move each section into its own sub folder in my repo. Which would look something like this:
terraform-repo/
├── applicationGateway/
│ ├── main.tf
│ ├── vars.tf
├── appService/
│ ├── main.tf
│ └── vars.tf
├── main.tf
└── vars.tfvars
However when I create this while trying to move over from the single file structure I get issues with my remote state where it wants to delete anything that isn't a part of the currently worked on sub folder.
For example if I wanted to run terraform apply applicationGateway I will get the following:
# azurerm_virtual_network.prd_vn will be destroyed
Plan: 0 to add, 2 to change, 9 to destroy.
What is the correct way to setup multiple logically organized sub folders in a terraform repo? Or do I have to destroy my current environment to get it to be setup like this ?
You are seeing this issue because terraform ignores subfolders, so those resources are not being included at all anymore. You would need to configure the subfolders to be Terraform Modules, and then include those modules in your root main.tf
update 06/2022 , Complete example :
Let's say you have the following directories
./your-folder
|__ main.tf
|__ variables.tf
|__ output.tf
|__ /modules
|__ /module-a
|__ main.tf
|__ variables.tf
|__ output.tf
Module definition in ./your-folder/modules/module-a/main.tf:
resource "[resource_type]" "my-module-name" {
...
}
Load module in your root main.tf file, so in ./your-folder/main.tf:
module "my-module-instance-name" {
source = "./modules/module-a"
other-input-variable = "..."
}
Then tell Terraform to load this new module running the following command in your root directory (so ./your-folder):
terraform get
Then test your setup with terraform plan.
To use root-level resources in child modules, inject it into child module as input variable.
To use child-level resources in root module, export it from child module with the output instruction.
Hope this helps. :)
One option for maintaining a DRY environment this way is using Terragrunt
Terragrunt is a wrapper for Terraform that allows organization and reusable components in a slightly different way than Terraform handles environments.

Why is docker build prefixing my copy path with a temp directory?

Here is the DockerFile.
FROM microsoft/aspnet:4.7
ARG source
WORKDIR /inetpub/wwwroot
COPY ${source:-obj/Docker/publish} .
And here is the error.
Error
Building a.enterpriseextservices
Service 'a.enterpriseextservices' failed to build: COPY failed:
GetFileAttributesEx \\?\C:\Users\jesmiller-AM\AppData\Local\Temp\docker-
builder587295999\obj\Docker\publish: The system cannot find the file specified..
For more troubleshooting information, go to
http://aka.ms/DockerToolsTroubleshooting docker-compose C:\Program Files
(x86)\Microsoft Visual Studio\2017\Community\MSBuild\Sdks\Microsoft.Docker.Sdk\build\Microsoft.VisualStudio.Docker.Compose.targets 349
I have published the project to the obj/Docker/publish folder.
Here is my docker-compose file. I used the docker-compose up command from the folder where the docker-compose.yml file is located.
version: '3'
services:
a.web.familyconnection:
image: a.web.familyconnection
build:
context: .\FamilyConnection
dockerfile: Dockerfile
b.enterpriseextservices:
image: b.enterpriseextservices
build:
context: .\Framework\b.EnterpriseExtServices
dockerfile: Dockerfile
I had the same issue. Turned out I made a silly mistake. I added the following to my .dockerignore file, just out of habit when setting up a new project:
bin
obj
.vs
.git
Then I tried running this in my Dockerfile
COPY ./bin/publish/ .
Docker gave the strange tmp path error, because it was falling back to that path since I told it to ignore my /bin folder. Once I copied to a different publish path (not bin), the problem went away.
It looks like your path to the folders, or where you've published your code at may be incorrect. The project should be published in the obj/Docker/publish folder inside of the respective folders defined by context
Using an example docker-compose.yml:
version: "3"
services:
foo:
build: ./foo
bar:
build: ./bar
And Dockerfile:
FROM jaydorsey/ruby-2.4.1
COPY ${source:-obj/Docker/publish} .
And a tree structure like this:
.
├── Dockerfile
├── bar
│   └── Dockerfile
├── docker-compose.yml
├── foo
│   └── Dockerfile
└── obj
└── Docker
└── publish
When I run docker-compose build I get the following error
Building foo
Step 1/2 : FROM jaydorsey/ruby-2.4.1
---> b79899b232f6
Step 2/2 : COPY ${source:-obj/Docker/publish} .
ERROR: Service 'foo' failed to build: COPY failed: stat /var/lib/docker/tmp/docker-builder186649811/obj/Docker/publish: no such file or directory
This isn't identical to yours, since I'm running macOS, but very similar. You'll note the temporary file location (which is an internal Docker artifact of how it's copying files around) and the similarity in the docker-build<randomstring> path
However, if I create the obj/Docker/publish folders underneath each respective subfolder (context), the docker-compose build command works fine.
.
├── Dockerfile
├── bar
│   ├── Dockerfile
│   └── obj
│   └── Docker
│   └── publish
├── docker-compose.yml
├── foo
│   ├── Dockerfile
│   └── obj
│   └── Docker
│   └── publish
└── obj
└── Docker
└── publish
Please check that the folder you've published exists under the contexts as noted, and not in the root.
I still believe this is a path issue as noted in the error message. I hope this provides some context that helps you debug the root cause.
Can you please confirm your file & folder layout? I'm fairly certain it's path related because of the error message. I haven't done any Docker for Windows work either but I'd also double-check your default path using the correct slash (forward vs backward)

One folder of assets 404 error on heroku Rails 4

All of the stylesheet subfolders on my Rails 4 app are working in Heroku except one. The one that doesn't work works FINE in development, but when I deploy it, it doesn't work. It shows a 404 error and loads everything except the scss. I have 2 different namespaces in addition to the root, "blog" and "admin". It's the "admin" subfolder that doesn't work, but it's structured the same as the "blog" subfolder and the "theme1" subfolder of the main site...which both serve the assets fine.
I've tried all the usual asset debugging for asset pipeline (serve_static_files, clean assets, precompile) and it doesn't make a difference because MOST of my assets are working, just not this one folder.
Here is my file structure:
stylesheets
├── admin_manifest.scss # this is precompiled
├── _admin
| ├── css
├── "10 stylesheets"
| └── admin.scss ##imports of the 10 stylsheets & fonts
├── application.scss # this is precompiled and includes the theme1_manifest.scss as well as plugins, jquery, etc
├── blog_manifest.scss # this is precompiled
├── _blog
| ├── shortcodes.scss
| └── theme_style.scss
├── theme1_manifest.scss # this is precompiled
├── _theme1
| ├── shortcodes.scss
| └── theme_style.scss
Again, the blog and theme1 subfolders work perfectly, and the admin subfolder works in development, I just can't figure out why it doesn't work in production.
The problem arises in a production environment and works perfectly fine in development environment indicates that the assets are not being complied.
This is an issue related to the configuration of a Rails app in Heroku.
One solution is to precompile the assets in development environment and upload the compiled assets to heroku.
To know more about this, read about Heroku configuration for a rails app.
Follow the following steps:
Ensure the following in the file /config/environments/production.rb :
config.cache_classes = true
config.serve_static_assets = true
config.assets.compile = true
config.assets.digest = true
Add the gem rails_12factor along with pg gem in production
gem 'rails_12factor'
Precompile the css files:
bundle exec rake assets:precompile RAILS_ENV=production
Commit and push the css files to heroku:
git add .
git commit -m "Precompiled assets"
git push heroku master

Resources