Comments (8)
@browe-fs - It is failing because you are using sudo
for all commands.
The directory created from the $ sudo mkdir var_irods
call is going to be owned by root and unless you explicitly give write permissions to it for other users/group, you will get this error.
Couple of questions.
- What OS are you running this on?
- Why are you using
sudo
for all of your commands?
If you're on a Linux distro, I'd suggest adding your user to the docker
group and then trying again without all of the sudo
business.
Reference: https://docs.docker.com/engine/installation/linux/linux-postinstall/
from irods-provider-postgres.
@mjstealey - Thanks for the quick reply!
- I'm running it on Centos 7 Atomic Host
- I didn't realize to add myself to the docker group and got used to typing sudo. I since added myself and am no longer using the sudo command.
I tired to run the image again without the sudo command and with the volumes in my user's directory. I still received the same error message. I'm curious about this permission issue and am wonder if you have any other advice?
ls: cannot open directory '/var/lib/postgresql/data': Permission denied
cp: cannot create regular file '/var/lib/postgresql/data/postgresql.tar.gz': Permission denied
from irods-provider-postgres.
ls: cannot open directory '/var/lib/postgresql/data': Permission denied
cp: cannot create regular file '/var/lib/postgresql/data/postgresql.tar.gz': Permission denied
@browe-fs - I'll try to outline an example for you to try locally. Will do so on a CentOS 7 box for comparison. Should be copy/paste for the most part.
- My setup
$ id
uid=1112(stealey) gid=1000(renci) ... ,992(docker), ...
$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
$ docker version
Client:
Version: 17.09.0-ce
API version: 1.32
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:41:23 2017
OS/Arch: linux/amd64
Server:
Version: 17.09.0-ce
API version: 1.32 (minimum version 1.12)
Go version: go1.8.3
Git commit: afdb6d4
Built: Tue Sep 26 22:42:49 2017
OS/Arch: linux/amd64
Experimental: false
- Stop any running containers, remove them, and remove any existing docker images.
$ docker stop $(docker ps -a -q)
$ docker rm -fv $(docker ps -a -q)
$ docker rmi -f $(docker images -q)
- Create the local directories to persist data to.
$ cd ~
$ mkdir -p var_irods etc_irods var_pgdata
$ ls
etc_irods var_irods var_pgdata
- Run the irods-provider-postgres:4.2.2 image using the local volume mounts
$ cd ~
$ docker run -d --name provider \
-h provider \
-v $(pwd)/var_irods:/var/lib/irods \
-v $(pwd)/etc_irods:/etc/irods \
-v $(pwd)/var_pgdata:/var/lib/postgresql/data \
mjstealey/irods-provider-postgres:4.2.2 \
-i run_irods
- Verify that the iRODS and PostgreSQL files have been written locally (may require sudo to
ls
as the iRODS files will be owned by UID=998 and the Postgres files will be owned by UID=999).
$ ls etc_irods/
core.dvm core.fnm core.re host_access_control_config.json hosts_config.json server_config.json service_account.config
$ ls var_irods/
clients config configuration_schemas iRODS irodsctl log msiExecCmd_bin packaging scripts test VERSION.json VERSION.json.dist
$ sudo ls var_pgdata/
base pg_dynshmem pg_logical pg_replslot pg_stat pg_tblspc pg_wal postgresql.conf
global pg_hba.conf pg_multixact pg_serial pg_stat_tmp pg_twophase pg_xact postmaster.opts
pg_commit_ts pg_ident.conf pg_notify pg_snapshots pg_subtrans PG_VERSION postgresql.auto.conf postmaster.pid
- Try some icommands (use the irods user within the container as this is what was mapped to the rods iRODS user)
$ docker exec -u irods provider ils
/tempZone/home/rods:
$ docker exec -u irods provider iadmin lz
tempZone
$ docker exec -u irods provider ienv
irods_version - 4.2.2
irods_session_environment_file - /var/lib/irods/.irods/irods_environment.json.0
irods_port - 1247
irods_maximum_size_for_single_buffer_in_megabytes - 32
irods_zone_name - tempZone
irods_host - provider
irods_user_name - rods
irods_transfer_buffer_size_for_parallel_transfer_in_megabytes - 4
schema_name - irods_environment
irods_server_control_plane_encryption_algorithm - AES-256-CBC
schema_version - v3
irods_encryption_salt_size - 8
irods_home - /tempZone/home/rods
irods_encryption_num_hash_rounds - 16
irods_default_resource - demoResc
irods_environment_file - /var/lib/irods/.irods/irods_environment.json
irods_default_number_of_transfer_threads - 4
irods_cwd - /tempZone/home/rods
irods_client_server_policy - CS_NEG_REFUSE
irods_match_hash_policy - compatible
irods_encryption_key_size - 32
irods_server_control_plane_port - 1248
irods_client_server_negotiation - request_server_negotiation
irods_server_control_plane_key - TEMPORARY__32byte_ctrl_plane_key
irods_encryption_algorithm - AES-256-CBC
irods_default_hash_scheme - SHA256
irods_server_control_plane_encryption_num_hash_rounds - 16
- You can also attach to the provider container and run icommands from there.
$ docker exec -ti -u irods provider /bin/bash
irods@provider:~$ ils
/tempZone/home/rods:
irods@provider:~$ iadmin lu
rods#tempZone
irods@provider:~$ iadmin lr
bundleResc
demoResc
Further examples can be strung together using other containers or exposing ports to the host as described in the real-world usage example.
Hopefully this helps...
from irods-provider-postgres.
@mjstealey - I appreciate the guide to help out. I tried following the instructions and still received the same error. The container exits immediately so I got hung up on step 3 and none of the files were written locally. Our OS is on the same versions now, but I noticed that my docker version is behind. (Version:1.12.6) I will try to upgrade docker before re-trying.
from irods-provider-postgres.
ls: cannot open directory '/var/lib/postgresql/data': Permission denied
cp: cannot create regular file '/var/lib/postgresql/data/postgresql.tar.gz': Permission denied
@mjstealey - This permissions issue was cause by SE Linux. It was solved when adding a :z to the end of the volume mount.
($ docker run -ti --name provider -h provider -v /home/browe/var_irods:/var/lib/irods:z -v /home/browe/etc_irods:/etc/irods:z -v /home/browe/var_pgdata:/var/lib/postgresql/data:z mjstealey/irods-provider-postgres:4.2.2 -i run_irods)
from irods-provider-postgres.
@browe-fs - Interesting. Can I assume that the image works if you don't try to bind any volumes to it?
Couple of things to try.
- Make your local directories read and writeable to all users before running. Example below.
$ cd ~
$ ls -alh
drwxr-xr-x 2 stealey renci 6 Nov 14 12:29 etc_irods
drwxr-xr-x 2 stealey renci 6 Nov 14 12:29 var_irods
drwxr-xr-x 2 stealey renci 6 Nov 14 12:29 var_pgdata
$ chmod -R 777 etc_irods/ var_irods/ var_pgdata/
$ ls -alh
drwxrwxrwx 2 stealey renci 6 Nov 14 12:29 etc_irods
drwxrwxrwx 2 stealey renci 6 Nov 14 12:29 var_irods
drwxrwxrwx 2 stealey renci 6 Nov 14 12:29 var_pgdata
- Use the
UID:GID
setting options so that the container uses your values instead of the defaults. Initially try this with only the iRODS volumes (var_irods
,etc_irods
) being shared from the host and leave the Postgres one internal to the container. Example below.
$ id
uid=1112(stealey) gid=1000(renci) ... ,992(docker), ...
$ docker run -d --name provider \
-h provider \
-e UID_IRODS=1112 \
-e GID_IRODS=1000 \
-v $(pwd)/var_irods:/var/lib/irods \
-v $(pwd)/etc_irods:/etc/irods \
mjstealey/irods-provider-postgres:4.2.2 \
-i run_irods
This example should change the container's irods user's UID:GID from 998:998
to 1112:1000
and be indistinguishable from my user at the host level.
from irods-provider-postgres.
@mjstealey - This permissions issue was cause by SE Linux. It was solved when adding a :z to the end of the volume mount.
Ah!! SE Linux getting in the way... this makes sense and I'm sorry I hadn't thought of this as a thing to look at. I'll make a note of this in the documents as something to check if using local volume mounts.
If you have any open issues that are now resolved, please go ahead and mark them as such.
from irods-provider-postgres.
Issue has been resolved, closing
from irods-provider-postgres.
Related Issues (7)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from irods-provider-postgres.