docs: add info on osx docker builds#459
Conversation
id -u and id -g was not finding a matching user in the container which caused issues running various commands.
|
Running as root universally should not be necessary, but I don't know specifically why @htuch added the user stuff in the first place. Perhaps he can comment. |
|
If you run as root, the build/ and generated/ trees on the bind mounted volume (i.e. your Envoy directory) are owned by root. This makes removing them or modifying files a pain. I guess we could solve the problem by umask as well, I'm a bit surprised this is an issue though, it works fine for me with the usual build process. Can you either dig into this or provide an alternative command that doesn't leave around artifacts that can't be removed without a sudo? Thanks. |
|
Well, I am not getting root owned artifacts in my bound dir, so that's odd. I think the root of the problem is that the my laptop's users are not synchronized with the container. Just differences from running on a Mac? |
|
Yeah, it looks like the treatment of ownership and users with bind mounts is completely different on Docker OS X, https://docs.docker.com/docker-for-mac/osxfs/. It seems fine to run as root in terms of build artifacts as you note, and using the invoking user's UID/GID doesn't help any. On Linux, it's still useful to do this though as UID/GID are shared. Can you change your PR to provide an alternative for OS X and a one line summary for why we do it one way on Linux and another on OS X? |
|
FWIW I get root owned artifacts on Xubuntu 16:10 using the Docker container build method. There is some possibility I got the steps outlined at https://docs.docker.com/engine/installation/linux/linux-postinstall/#/manage-docker-as-a-non-root-user incorrect. |
|
@htuch that sounds like the issue then. I'll try to update the instructions here. |
|
Thanks, LGTM. |
|
@htuch @mattklein123 @moderation updated. Let me know what you think. |
|
@RyanMcG Works great! Really good not to have to sudo remove the build directory before rebuilding. Thanks. |
Description: If the xff_num_trusted_hops config option is set to a number greater than zero, trust the specified number of additional addresses at the end of the X-Forwarded-For request header. Risk Level: High (because this change interacts with the internal/external request security model) Testing: New test cases included Docs Changes: #479 Release Notes: Included Fixes: #2503 API Changes: #459 Signed-off-by: Brian Pane bpane@pinterest.com
…on (envoyproxy#459) * Ensure that headers/trailers/metadata are available after StopIteration until "continue" is called. Includes test. Signed-off-by: John Plevyak <jplevyak@gmail.com>
…roxy#459) * zh-translation:docs/root/configuration/overview/extension.rst * fix translation issue
``` export READWRITE_USER="usr"; export READWRITE_API_KEY="psswrd"; export ARTIFACT_HOST_URL="foo.api.com"; python bazel/upload_maven.py --version=LOCAL-SNAPSHOT-1.0.0 ``` Signed-off-by: Alan Chiu <achiu@lyft.com> For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/master/PULL_REQUESTS.md) Description: add a pythons script for maven upload and local development Risk Level: low Testing: to private artifactory Docs Changes: n/a Release Notes: n/a [Optional Fixes #Issue] [Optional Deprecated:] Signed-off-by: JP Simard <jp@jpsim.com>
``` export READWRITE_USER="usr"; export READWRITE_API_KEY="psswrd"; export ARTIFACT_HOST_URL="foo.api.com"; python bazel/upload_maven.py --version=LOCAL-SNAPSHOT-1.0.0 ``` Signed-off-by: Alan Chiu <achiu@lyft.com> For an explanation of how to fill out the fields, please see the relevant section in [PULL_REQUESTS.md](https://github.com/envoyproxy/envoy/blob/master/PULL_REQUESTS.md) Description: add a pythons script for maven upload and local development Risk Level: low Testing: to private artifactory Docs Changes: n/a Release Notes: n/a [Optional Fixes #Issue] [Optional Deprecated:] Signed-off-by: JP Simard <jp@jpsim.com>
**Commit Message** extproc: add GenAI metrics to track token usage and latency Adds GenAI metrics according to the OpenTelemetry Semantic Conventions for Generative AI Metrics [1]. Note those metrics are still in experimental phase and may still be subject to change. 1: https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-metrics/ **Related Issues/PRs (if applicable)** This is a follow-up of envoyproxy/ai-gateway#432, implementing the remaining review comments. --------- Signed-off-by: Huamin Chen <hchen@redhat.com> Signed-off-by: Ignasi Barrera <ignasi@tetrate.io>
**Commit Message** This changes the stat collection behavior so that token latency metrics are only recorded on stream=true requests. This was brought up in an offline discussion and otherwise the metrics doesn't make sense. **Related Issues/PRs (if applicable)** #459 Signed-off-by: Takeshi Yoneda <t.y.mathetake@gmail.com>
id -u and id -g was not finding a matching user in the container which caused issues running various commands.