Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shared filesystem doesn't support Unix soft links #4180

Open
TonyWildish-BH opened this issue Dec 10, 2024 · 5 comments · May be fixed by #4193
Open

Shared filesystem doesn't support Unix soft links #4180

TonyWildish-BH opened this issue Dec 10, 2024 · 5 comments · May be fixed by #4193
Labels
feature

Comments

@TonyWildish-BH
Copy link

The shared filesystem doesn't support soft links in a Unix VM. This greatly restricts the usefulness of the storage.

For example, we've been advising people to install software on the shared storage, so they can avoid customising the actual VMs, so they can destroy and create VMs as needed on a daily basis. A lot of our researchers use conda, and installing a basic conda environment will almost inevitably pull in OpenSSL, which creates a soft-link between certificate files.

Steps to reproduce

  1. Create a workspace with shared storage.
  2. Create a Linux VM in that workspace, log in to it.
  3. Create a conda environment:
    conda create -p /path/to/shared-storage/my/env openssl

This fails with [Errno 95] Operation not supported: 'cacert.pem' -> '/shared-storage/conda/predict/ssl/cert.pem.

Or, simpler:

cd /path/to/shared-storage
touch a
ln -s a b
ln: failed to create symbolic link 'b': Permission denied

This is only one example, there are lots of tools out there that make use of soft links.

I don't know if there's a filesystem that supports soft links and is still mountable on Windows, one that could be easily implemented in Azure? If not, it would be worth considering supporting a Linux-only shared filesystem in addition to the workspace-wide shared filesystem. This would allow maximum flexibility.

The only workaround we have is to tell people to write installation scripts for the tools they want to install, and to put them on the shared storage. Then, at least, when a new machine is booted, they can run the scripts and reproduce their environment. That's not ideal.
@jonnyry
Copy link
Collaborator

jonnyry commented Dec 10, 2024

Have you looked at the NFS mount option for Azure Files?

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-linux

I don't know what the Windows support is like though.

@TonyWildish-BH
Copy link
Author

I've not looked into that, no. Can someone with more Windows expertise than me comment on what effect it might have on Windows machines if we switched the mount point to NFS?

One thing that would allow us to do is to start using Unix-level file permissions on the files. I had a request for that from a user just yesterday, asking how multiple users on a project can safely share the shared storage. That comes with its own issues, of course.

@marrobi
Copy link
Member

marrobi commented Dec 11, 2024

I don't believe NFS requires credentials which has caused challenges in the past. https://learn.microsoft.com/en-us/azure/storage/files/storage-files-how-to-mount-nfs-shares#step-2-configure-network-security

We've been here before, but never found a good cross platform file system. Blobfuse2 on top of Blob is another option, but just for Linux.

@ljtill
Copy link
Member

ljtill commented Dec 12, 2024

We should be able to fix this with mfsymlinks and updating the mount ownership, it can be added to the autofs configuration.

Add uid=1000,gid=1000,mfsymlinks to the echo statement.

AzureTRE/templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/vm_config.sh

Line 126 in cb42226

echo "$fileShareName -fstype=cifs,rw,dir_mode=0777,credentials=$smbCredentialFile :$smbPath" | sudo tee /etc/auto.fileshares > /dev/null

@marrobi
Copy link
Member

marrobi commented Dec 12, 2024

I've tested this and seems to work great. Thanks @ljtill .

marrobi added a commit that referenced this issue Dec 12, 2024
@marrobi
Fix Unix soft links support in shared filesystem
8af2073 
Fixes #4180

Enable Unix soft links support in shared filesystem for Unix VMs.

* **Autofs Configuration**
  - Add `uid=1000,gid=1000,mfsymlinks` to the `echo` statement in `templates/workspace_services/guacamole/user_resources/guacamole-azure-linuxvm/terraform/vm_config.sh` to support Unix soft links and set proper ownership and permissions.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/microsoft/AzureTRE/issues/4180?shareId=XXXX-XXXX-XXXX-XXXX).
@marrobi marrobi linked a pull request Dec 12, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Unix soft links support in shared filesystem microsoft/AzureTRE
4 participants
@ljtill @jonnyry @marrobi @TonyWildish-BH