admin/deploy-felhom-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUGFIX: Missing disk tools (sfdisk, mkfs.ext4, etc.)

Browse Source
This commit is contained in:
authentik Default Admin
2026-02-17 11:14:34 +01:00
parent 3fb9a58cec
commit ba67d6d4e7
1 changed files with 22 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files
TASK.md
+22 -184
View File
@@ -1,198 +1,36 @@
# BUGFIX: /dev/sdb not accessible inside container # BUGFIX: Missing disk tools (sfdisk, mkfs.ext4, etc.)
## Problem ## Problem
`sfdisk` not found in container PATH → partitioning fails.
`FormatAndMount` fails with `stat /dev/sdb: no such file or directory` because block device nodes ## Required packages
don't exist inside the container's `/dev`.
Even with `privileged: true`, Docker creates its own tmpfs at `/dev` with minimal device nodes. ### In the controller Dockerfile (container image)
The explicit `- /dev:/dev` volume mount in docker-compose.yml is silently overridden by Docker's ```dockerfile
internal `/dev` tmpfs setup — `docker inspect` shows no bind mount for `/dev`. RUN apt-get update && apt-get install -y --no-install-recommends \
fdisk \
## Root Cause e2fsprogs \
mount \
Docker always creates a fresh tmpfs for `/dev` inside containers. The `privileged: true` flag && rm -rf /var/lib/apt/lists/*
relaxes cgroup device access (the kernel allows I/O to any device), but doesn't populate `/dev`
with all host device nodes. The bind mount `- /dev:/dev` conflicts with Docker's own `/dev`
management and gets silently dropped.
## Fix
Mount host `/dev` at a **different path** inside the container. The device nodes at `/host-dev/sdb`
are real block devices that the kernel will allow I/O to (because `privileged: true`).
### 1. docker-compose.yml change
```yaml
volumes:
# ...existing...
# Block devices — mounted at /host-dev (can't override Docker's /dev)
- /dev:/host-dev:rw
``` ```
Change `- /dev:/dev` to `- /dev:/host-dev:rw` Provides:
- `fdisk` package → `sfdisk`, `fdisk`, `cfdisk`
- `e2fsprogs` package → `mkfs.ext4`, `e2fsck`, `tune2fs`
- `mount` package → `mount`, `umount`, `blkid`, `findmnt`, `lsblk`
### 2. Go code: Add host device path constant **Note:** `util-linux` (which provides `lsblk`, `blkid`, `mount`) is likely already installed as a base dependency. Check with `docker exec felhom-controller which lsblk` — if it exists, skip `mount` package. The critical missing ones are `fdisk` and `e2fsprogs`.
In `internal/storage/` package (e.g., `format_linux.go` or a new `paths.go`):
```go
const (
// HostDevPath is where the host's /dev is mounted inside the container.
// Docker overrides /dev with its own tmpfs, so we mount at /host-dev.
HostDevPath = "/host-dev"
// HostFstabPath is where the host's /etc/fstab is mounted.
HostFstabPath = "/host-fstab"
)
// HostDevicePath converts a standard device path to the container-accessible path.
// "/dev/sdb" → "/host-dev/sdb"
// "/dev/sdb1" → "/host-dev/sdb1"
func HostDevicePath(devPath string) string {
if strings.HasPrefix(devPath, "/dev/") {
return HostDevPath + "/" + strings.TrimPrefix(devPath, "/dev/")
}
return devPath
}
```
### 3. Update all device operations to use HostDevicePath()
In `format_linux.go` (or wherever FormatAndMount is):
```go
// Validation — check device exists
hostDev := HostDevicePath(req.DevicePath) // "/dev/sdb" → "/host-dev/sdb"
if _, err := os.Stat(hostDev); err != nil {
return fmt.Errorf("device not found: %s", req.DevicePath)
}
// Partition — use host device path
cmd := exec.Command("sfdisk", hostDev)
// Format — use host device path
cmd := exec.Command("mkfs.ext4", "-F", "-L", label, HostDevicePath(partPath))
// blkid — use host device path
cmd := exec.Command("blkid", "-o", "value", "-s", "UUID", HostDevicePath(partPath))
// mount — use host device path for source, real path for target
cmd := exec.Command("mount", HostDevicePath(partPath), mountPath)
```
### 4. Update ScanDisks blkid enrichment
In `scan_linux.go`, the `enrichWithBlkid` function and `getSystemDiskNames` function
use `blkid` which scans `/dev` by default. Update to scan `/host-dev`:
```go
// enrichWithBlkid — run blkid on /host-dev to get filesystem info
func enrichWithBlkid(disks []BlockDevice) {
// blkid by default scans /dev — we need it to scan /host-dev
// Option 1: Run blkid with explicit device paths from /host-dev
// Option 2: Run blkid -o export and it will find devices from /proc/partitions
// blkid -o export still works because it reads /proc/partitions (kernel-level)
// and then probes the devices. With privileged mode, it can probe via /proc.
// BUT the DEVNAME in output will say /dev/sdb1, not /host-dev/sdb1.
// That's fine — we match by device name anyway.
out, err := exec.Command("blkid", "-o", "export").Output()
// ... parsing as before, matching by /dev/xxx paths ...
}
// For getSystemDiskNames, blkid -U <uuid> returns /dev/xxx paths which is correct
// for fstab parsing (fstab uses /dev/xxx paths too).
// No changes needed there — it's just resolving UUIDs to device names.
```
**Note:** `blkid -o export` may not find devices if it can only see Docker's minimal `/dev`.
In that case, enumerate `/host-dev/sd*` explicitly:
```go
func enrichWithBlkid(disks []BlockDevice) {
for i := range disks {
for j := range disks[i].Partitions {
p := &disks[i].Partitions[j]
hostPath := HostDevicePath(p.Path) // "/host-dev/sdb1"
// Probe individually
if fstype, err := exec.Command("blkid", "-o", "value", "-s", "TYPE", hostPath).Output(); err == nil {
p.FSType = strings.TrimSpace(string(fstype))
}
if uuid, err := exec.Command("blkid", "-o", "value", "-s", "UUID", hostPath).Output(); err == nil {
p.UUID = strings.TrimSpace(string(uuid))
}
if label, err := exec.Command("blkid", "-o", "value", "-s", "LABEL", hostPath).Output(); err == nil {
p.Label = strings.TrimSpace(string(label))
}
}
}
}
```
### 5. fstab writing — use real /dev paths
When writing to fstab, use UUID-based entries (already the plan), so no /dev path needed:
```
UUID=<uuid> /mnt/hdd_1 ext4 defaults,nofail,noatime 0 2
```
The UUID is obtained from `blkid` using the `/host-dev/sdb1` path, but the UUID itself
is filesystem-level and doesn't depend on device path.
### 6. mount command — needs special handling
`mount /host-dev/sdb1 /mnt/hdd_1` should work because `/host-dev/sdb1` is a real block
device node (same major:minor as the host's `/dev/sdb1`). The kernel doesn't care about
the path — it uses the device numbers.
However, `mount` may also accept UUID directly:
```go
exec.Command("mount", "UUID="+uuid, mountPath)
```
This is even better — no device path needed at all. But it requires the kernel to find
the device, which should work since the device is visible in `/proc/partitions`.
**Recommended:** Use the device path approach (`mount /host-dev/sdb1 /mnt/hdd_1`) as
it's more explicit and debuggable.
### 7. Also update docker-setup.sh
If `docker-setup.sh` generates the controller compose file, update the `/dev` mount:
### On the host node (docker-setup.sh)
These should already exist on a standard Debian 13 install, but ensure:
```bash ```bash
# Was: apt-get install -y fdisk e2fsprogs util-linux
echo " - /dev:/dev" >> "$compose_file"
# Now:
echo " - /dev:/host-dev:rw" >> "$compose_file"
``` ```
Check in `docker-setup.sh` whether all necessary packages are deployed during installation (rsync, etc.) Add to docker-setup.sh's dependency installation section if not already there. The host needs these for `mount -a` (fstab reload) and as fallback.
### 8. Update documentation
Update CONTEXT.md, CHANGELOG.md, README.md
## Summary of changes
| File | Change |
|------|--------|
| `controller/docker-compose.yml` | `/dev:/dev``/dev:/host-dev:rw` |
| `controller/internal/storage/format_linux.go` | Use `HostDevicePath()` for all device operations |
| `controller/internal/storage/scan_linux.go` | Use `HostDevicePath()` for `blkid` probing |
| `controller/internal/storage/paths.go` (NEW) | `HostDevPath`, `HostFstabPath`, `HostDevicePath()` |
| `scripts/docker-setup.sh` | Update compose generation |
## Quick test after fix
## Quick verification after rebuild
```bash ```bash
# Rebuild + redeploy controller docker exec felhom-controller which sfdisk mkfs.ext4 blkid mount lsblk
# Then verify: # Should show paths for all five
docker exec felhom-controller ls -la /host-dev/sd*
# Should show: /host-dev/sda, /host-dev/sda1, sda2, sda3, /host-dev/sdb, /host-dev/sdb1
# Try format (from UI or manually):
docker exec felhom-controller blkid /host-dev/sdb1
# Should work (empty output = no filesystem, which is correct for unformatted)
``` ```