Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] when running docker-compose project with non-root user, root-only file permissions result in project startup failure #19

Open
fleischsalatinspace opened this issue Oct 25, 2021 · 2 comments
Open

[BUG] when running docker-compose project with non-root user, root-only file permissions result in project startup failure #19

fleischsalatinspace opened this issue Oct 25, 2021 · 2 comments
Labels
bug Something isn't working improvement

Comments

@fleischsalatinspace
Copy link
Collaborator

Version: master @ v2.1.4
Setup: prod

Description

With fix of #16 , the acme.json file in letsencrypt directory is persistent and has file permissions -rw------- 1 root root 15875 Okt 25 13:13 acme.json . This results in project startup failure because docker cannot mount the letsencrypt directory :

13:18 $ ./admin.sh up -d --build
Creating network "pathfinder-containers_pf" with the default driver
Building pf
Traceback (most recent call last):
  File "docker/utils/build.py", line 96, in create_archive
PermissionError: [Errno 13] Permission denied: '/srv/goryn-pathfinder/pathfinder-containers/letsencrypt/acme.json'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "bin/docker-compose", line 3, in <module>
  File "compose/cli/main.py", line 67, in main
  File "compose/cli/main.py", line 126, in perform_command
  File "compose/cli/main.py", line 1070, in up
  File "compose/cli/main.py", line 1066, in up
  File "compose/project.py", line 615, in up
  File "compose/service.py", line 346, in ensure_image_exists
  File "compose/service.py", line 1125, in build
  File "docker/api/build.py", line 160, in build
  File "docker/utils/build.py", line 31, in tar
  File "docker/utils/build.py", line 100, in create_archive
OSError: Can not read file in context: /srv/goryn-pathfinder/pathfinder-containers/letsencrypt/acme.json
[2078] Failed to execute script docker-compose

Workaround/Fix

Move the acme.json file outside of the project directory. Now traefik will request a new certificate from LE and create new acme.json file into letsencrypt directory. This is not a permanent solution as after some time we will hit lets encrypt rate limits.
@fleischsalatinspace
Copy link
Collaborator Author

This issue only affects users which do not work with the root user

@barndawgie
Copy link

I hit this as well. Will be common for users running on AWS since by default you login with a different account (e.g. ubuntu instead of root).

@fleischsalatinspace fleischsalatinspace added bug Something isn't working improvement labels Jan 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barndawgie @fleischsalatinspace