Is there a global docker user parameter for teamcity

We use a lot of docker runner build steps in our build configuration.

The docker runner in the command line build step executes the commands as the root user inside the container, so to restore file ownership permissions, the docker wrapper script does a chown operation after each command line build step that is executed inside docker.

The issue is we have many small source files that are chown-ed and these files reside in an AWS EFS (basically NFS share), which results in long build times, as we need to wait for the chown operation to complete for every build step in the pipeline.

As we have many project build configurations, we would like to avoid updating every build config with the "--user" docker commandline option.

Is there a global parameter that we can set to tell teamcity to use a specific system user inside the docker container? i.e. something that would send the --user parameter globally such that the wrapper would do the docker run like below?

docker run --user my-unprivileged-sysuser ubuntu:latest ...

 

Thanks.

 

1
1 comment

Unfortunately, there is not currently a way to change the global user for Docker wrappers. I think there are two possible workarounds:

1) Set a build's configuration property (can be set on a project/template level as well): teamcity.docker.chown.enabled=false. This would disable the restore of ownership step, so please be aware of the potential side effects. It would be possible to make a build configuration template with this parameter, then you can attach the template to your existing build configurations and also make it the default template for your desired projects.
2) Run the agent as root (i.e. start the container with -u 0). This is not a recommended practice, but in this case, the permissions restore step will be skipped as well. However, this would need to be added in each build step.

0

Please sign in to leave a comment.