Search code examples
windowsdockerfilesystemssymlinksamba

How can I make symlinks made from inside docker linux containers to be seen from a windows host (maybe involving samba, if needed)


Question

How can I see symlinks of docker linux-containers from a windows host? (Even if I have to place an intermediate linux machine exposing the filesystem via NFS or Samba)

Context

In a DEVEL environment, I have this structure in a certain remote filesystem in a Linux within the office:

/files/repos/app-1
/files/repos/app-2
/files/repos/lib-x
/files/repos/lib-y

both app-1 and app-2 use those libraries which are vendored and symlinked like this:

/files/repos/app-1/vendor/my-company/lib-x => /files/repos/lib-x
/files/repos/app-1/vendor/my-company/lib-y => /files/repos/lib-y
/files/repos/app-2/vendor/my-company/lib-x => /files/repos/lib-x
/files/repos/app-2/vendor/my-company/lib-y => /files/repos/lib-y

The developers need to be in Windows.

So the developers have their IDE pointing to some mounted unit, for example Z:\ where they see all the repos and projects.

This allows us the following:

  • Edit any of the projects from it's own folder, and run the unit-tests for that project, including running the lib-x and lib-y.
  • Develope any of the libraries and have them updated in the depending applications (note I say I am in DEVEL, not PRE or PROD).
  • From the IDE, pointing see the "complete structure" of any of the applications (for instance app-1) also see the classes of the lib-x and lib-y so the autocompletion and so works perfectly.

This has been working like this for nearly a decade and works perfectly.

Problems

The developers need the connection to the server to develop and we wanted to mutate to local dockers so we can make the devels work from home.

Going to docker

We now decided that we are not going to use anymore the office-servers and we are going to setup all the development within docker containers.

What does actually work

We just installed docker desktop in Windows and shared C:\repos from the host into the dockers.

We now have some devel machines FROM ubuntu:xxx and run them mounting the volumes.

We made the symlinks within the app-1 and app-2 to lib-x and lib-y from inside the linux containers.

This does work perfectly and also the repositories work fine if we run the applications in the local dockers

Problem with symlinks in linux container and windows host

The problem is now the IDE: While it reads the files in C:\repos\app-1, the symlink that has been created within the linux containers can't be seen from the host.

This makes the IDE to be unable to follow C:\repos\app-1\vendor\lib-x and all the code-completion helpers are broken.

I already know Windows does not support symlink compatible with linux symlinks.

This forces us to look for an alternate solution.

Solution we've though with Samba

Initially I thought that as well as in the old topology a linux server just shared the filesystem via samba and the windows could just read the symlinks contents as they were demapped at the serverside and not the clientside, I thought that I could run another docker machine with a samba server just to locally share the "things seen from the linux" into the Windows host again.

To do so, I setup this docker-compose:

version: "3.7"
services:
    samba:
        container_name: samba
        hostname: samba
        image: dperson/samba
        volumes:
            - //c/Users/xavi/Documents/repos/test_samba:/mount
        ports:
            - "139:139"
            - "445:445"
        command: samba.sh -s "test_samba;/mnt/repos/test_samba;yes;no;yes;all"
        restart: always

But this conflicts as 445 is locally already used.

If I turn down the local SMB, then in the next reboot, docker is unable to share C:\ into docker (I was not consciuos it does this sharing via SMB, could it be turned into a NFS or so?)

If I map to another port, like 10445:445 then the client is unable to access it, as client samba ports in windows seem to be not configurable.

Mapping an IP

So I tried to map an IP:

version: "3.7"
services:
    samba:
        container_name: samba
        hostname: samba
        image: dperson/samba
        volumes:
            - //c/Users/xavi/Documents/repos/test_samba:/mount
        ports:
            - "139:139"
            - "192.168.4.83:445:445"
        command: samba.sh -s "test_samba;/mnt/repos/test_samba;yes;no;yes;all"
        restart: always
        networks:
            samba:
                ipv4_address: 192.168.4.83
networks:
    samba:
        ipam:
            driver: default
            config:
                -   subnet: "192.168.4.0/16"

But is seems that this still creates problems:

  • It seems the IP is only for internal docker networking but not seen from the host
  • It seems the original service still listens not to 127.0.0.1:445 but to 0.0.0.0:445 so still "blocking" the attachment to listen to 192.168.4.83:445

So question

How could I make a windows host to see the "demapped contents of symlinks" to make the IDE see the vendored content that is linked from inside docker linux containers?


Solution

  • TL;DR

    1. Run git-bash as administrator.
    2. Issue export MSYS=winsymlinks:nativestrict in git-bash.
    3. From there on, ln -s works in windows.
    4. Links are seen from inside the docker.

    Details

    We'll walk thru these steps:

    1. Preparation: Prepare a temporary dir with some files within the abc directory.
    2. See it fail: We'll try to make a symlink and see it fail.
    3. Create symlink: We'll create the symlink in windows and see it. We'll point xyz to abc.
    4. Run docker: We'll then run docker with ubuntu and change contents in xyz.
    5. Check in ubuntu container: We'll see the changes also in abc from within the docker.
    6. Check in windows host: Well check both abc and xyz from ouside the container.

    1. Preparation

    • In a git-bash go to /c and create a temporary dir tmp.
    • Inside it, create an abc dir and throw some contents there.
    cd /c
    mkdir tmp
    cd tmp/
    mkdir abc
    cd abc/
    echo 1111 > old_1
    echo 2222 > old_2
    echo 3333 > old_3
    

    Here's a sample session:

    preparation

    2. See it fail

    First let's try the "normal" way and see it fail.

    • In a git-bash, navigate to /c/tmp
    • Then do a symlink making xyz to point to abc: ln -s abc xyz
    • See it fails, by ls-ing the tmpand see xyz is a regular dir.
    • To be sure, create new content in xyz and see it's not there in abc.

    Try to create the link. It will not become a symlink, but rather create a copy of the directory.

    cd /c/tmp/
    ln -s abc xyz
    

    Create new_bad in xyz and don't see it in abc.

    cd xyz/
    touch new_bad
    cd ../abc/
    ls -l
    

    Clear the wrong xyz

    rm -Rf xyz/
    

    Here's a sample session:

    frustrated attempt

    3. Create symlink

    Here it comes the real stuff. The inspiration comes from @Slayvin's answer here, as well as here Git Bash shell fails to create symbolic links and the official git-for-windows repo here https://github.com/git-for-windows/git/pull/156

    • First open a new git-bash in Administrator mode. The reason is that only admins can create links in windows.

    git-bash in admin mode

    • Once you are a CLI admin, navigate to the destination and set this evironment variable:
    export MSYS=winsymlinks:nativestrict
    

    This will tell the runtime subsytem of git-bash to actually use the symlinks feature. As we are admins we'll succeed.

    • The do just "normal symlinks" as you would expect: ln -s abc xyz

    git bash with symlinks

    It works!!! Now next move is to test within docker!

    NOTE: As per Sebastian's answer here https://stackoverflow.com/a/40914277/1315009 you DON'T need to be administrator to create symlinks in git-bash if you enabled the developer tools. In the search-bar write for developers and enable it:

    find dev tools enable dev tools

    4. Run docker + 5. Check in docker

    • The bash with admin privileges is no longer needed. So we'll close it and re-instantiate a "normal" bash.
    • In it, run an ubuntu continainer with docker. Use -it to interact with the ubuntu's bash. Use winpty to allow -it to work.
    • Bind-mount the /c/tmp directory so both abc and xyz are reachable. I chose to mount it to /files.
    • From inside, cd /files and see that xyz is actually a symlink.
    • Create some new content in xyz

    Run and see:

    winpty docker run -it --rm --mount type=bind,source="c:\tmp",target=/files --name ubuntu-link ubuntu
    cd /files/
    ls -l
    

    Create content:

    cd xyz
    echo "yeaaahh" > new_good
    

    Check it's really a symlink by going to abc:

    cd ..
    cd abc/
    cat new_good
    

    Sample session:

    docker session

    6. Check in windows host

    • Step out from the docker. Stay in the git-bash.
    • Again: This git-bash does not need to be privileged. The only moment we had to be admin was to "create" the symlink in windows.
    • From the unprivileged bash, explore abc as well as xyz and see that there's the content we created from inside the docker, appearing in both the original directory and in the symlink.

    Sample session:

    enter image description here

    Final check

    We can finally go to a classical CMD to see how it looks like. We can see it's clearly indicated that it's a symlink for a directory and we also see the target there:

    enter image description here

    Golden touch

    If you have the "developer tools" activates as stated above, the only missing thing is the ENV VAR.

    We can set this by editing the .bashrc at your windows home:

    edit bashrc set the env var

    By doing this we can just use git-bash completely normally and start creating the symlinks from windows without any overload.

    it works

    Caution

    The symlinks created this way work from windows and are seen from inside docker. But not the oposite. If you create symlinks inside the container they don't get created in windows.

    Therefore, in mounted volumes, setup the symlinks always from git-bash and consume them from the container. If you create them from the container, they still can be consumed from the container. But won't be usable from windows.

    Conclussion

    It can be done fully from the linux flavour commands via git-bash. Only that you need to be admin to create the links and tell the git-bash runtime to use that feature. And that the link needs to be done from windows, instead from inside the ubuntu.