Docker container fails after docker pull request. about irods-provider-postgres HOT 8 CLOSED

@browe-fs - It is failing because you are using sudo for all commands.
The directory created from the $ sudo mkdir var_irods call is going to be owned by root and unless you explicitly give write permissions to it for other users/group, you will get this error.

Couple of questions.

1. What OS are you running this on?
2. Why are you using sudo for all of your commands?

If you're on a Linux distro, I'd suggest adding your user to the docker group and then trying again without all of the sudo business.
Reference: https://docs.docker.com/engine/installation/linux/linux-postinstall/

from irods-provider-postgres.

@mjstealey - Thanks for the quick reply!

1. I'm running it on Centos 7 Atomic Host
2. I didn't realize to add myself to the docker group and got used to typing sudo. I since added myself and am no longer using the sudo command.

I tired to run the image again without the sudo command and with the volumes in my user's directory. I still received the same error message. I'm curious about this permission issue and am wonder if you have any other advice?

ls: cannot open directory '/var/lib/postgresql/data': Permission denied
cp: cannot create regular file '/var/lib/postgresql/data/postgresql.tar.gz': Permission denied

from irods-provider-postgres.

ls: cannot open directory '/var/lib/postgresql/data': Permission denied
cp: cannot create regular file '/var/lib/postgresql/data/postgresql.tar.gz': Permission denied

@browe-fs - I'll try to outline an example for you to try locally. Will do so on a CentOS 7 box for comparison. Should be copy/paste for the most part.

0. My setup

$ id
uid=1112(stealey) gid=1000(renci) ... ,992(docker), ...
$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
$ docker version
Client:
 Version:      17.09.0-ce
 API version:  1.32
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:41:23 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.09.0-ce
 API version:  1.32 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   afdb6d4
 Built:        Tue Sep 26 22:42:49 2017
 OS/Arch:      linux/amd64
 Experimental: false

1. Stop any running containers, remove them, and remove any existing docker images.

$ docker stop $(docker ps -a -q)
$ docker rm -fv $(docker ps -a -q)
$ docker rmi -f $(docker images -q)

2. Create the local directories to persist data to.

$ cd ~
$ mkdir -p var_irods etc_irods var_pgdata
$ ls
etc_irods  var_irods  var_pgdata

3. Run the irods-provider-postgres:4.2.2 image using the local volume mounts

$ cd ~
$ docker run -d --name provider \
	-h provider \
	-v $(pwd)/var_irods:/var/lib/irods \
	-v $(pwd)/etc_irods:/etc/irods \
	-v $(pwd)/var_pgdata:/var/lib/postgresql/data \
	mjstealey/irods-provider-postgres:4.2.2 \
	-i run_irods

4. Verify that the iRODS and PostgreSQL files have been written locally (may require sudo to ls as the iRODS files will be owned by UID=998 and the Postgres files will be owned by UID=999).

$ ls etc_irods/
core.dvm  core.fnm  core.re  host_access_control_config.json  hosts_config.json  server_config.json  service_account.config
$ ls var_irods/
clients  config  configuration_schemas  iRODS  irodsctl  log  msiExecCmd_bin  packaging  scripts  test  VERSION.json  VERSION.json.dist
$ sudo ls var_pgdata/
base	      pg_dynshmem    pg_logical    pg_replslot	 pg_stat      pg_tblspc    pg_wal		 postgresql.conf
global	      pg_hba.conf    pg_multixact  pg_serial	 pg_stat_tmp  pg_twophase  pg_xact		 postmaster.opts
pg_commit_ts  pg_ident.conf  pg_notify	   pg_snapshots  pg_subtrans  PG_VERSION   postgresql.auto.conf  postmaster.pid

5. Try some icommands (use the irods user within the container as this is what was mapped to the rods iRODS user)

$ docker exec -u irods provider ils
/tempZone/home/rods:
$ docker exec -u irods provider iadmin lz
tempZone
$ docker exec -u irods provider ienv
irods_version - 4.2.2
irods_session_environment_file - /var/lib/irods/.irods/irods_environment.json.0
irods_port - 1247
irods_maximum_size_for_single_buffer_in_megabytes - 32
irods_zone_name - tempZone
irods_host - provider
irods_user_name - rods
irods_transfer_buffer_size_for_parallel_transfer_in_megabytes - 4
schema_name - irods_environment
irods_server_control_plane_encryption_algorithm - AES-256-CBC
schema_version - v3
irods_encryption_salt_size - 8
irods_home - /tempZone/home/rods
irods_encryption_num_hash_rounds - 16
irods_default_resource - demoResc
irods_environment_file - /var/lib/irods/.irods/irods_environment.json
irods_default_number_of_transfer_threads - 4
irods_cwd - /tempZone/home/rods
irods_client_server_policy - CS_NEG_REFUSE
irods_match_hash_policy - compatible
irods_encryption_key_size - 32
irods_server_control_plane_port - 1248
irods_client_server_negotiation - request_server_negotiation
irods_server_control_plane_key - TEMPORARY__32byte_ctrl_plane_key
irods_encryption_algorithm - AES-256-CBC
irods_default_hash_scheme - SHA256
irods_server_control_plane_encryption_num_hash_rounds - 16

6. You can also attach to the provider container and run icommands from there.

$ docker exec -ti -u irods provider /bin/bash
irods@provider:~$ ils
/tempZone/home/rods:
irods@provider:~$ iadmin lu
rods#tempZone
irods@provider:~$ iadmin lr
bundleResc
demoResc

Further examples can be strung together using other containers or exposing ports to the host as described in the real-world usage example.

Hopefully this helps...

from irods-provider-postgres.

@mjstealey - I appreciate the guide to help out. I tried following the instructions and still received the same error. The container exits immediately so I got hung up on step 3 and none of the files were written locally. Our OS is on the same versions now, but I noticed that my docker version is behind. (Version:1.12.6) I will try to upgrade docker before re-trying.

from irods-provider-postgres.

ls: cannot open directory '/var/lib/postgresql/data': Permission denied
cp: cannot create regular file '/var/lib/postgresql/data/postgresql.tar.gz': Permission denied

@mjstealey - This permissions issue was cause by SE Linux. It was solved when adding a :z to the end of the volume mount.

($ docker run -ti --name provider -h provider -v /home/browe/var_irods:/var/lib/irods:z -v /home/browe/etc_irods:/etc/irods:z -v /home/browe/var_pgdata:/var/lib/postgresql/data:z mjstealey/irods-provider-postgres:4.2.2 -i run_irods)

from irods-provider-postgres.

@browe-fs - Interesting. Can I assume that the image works if you don't try to bind any volumes to it?

Couple of things to try.

1. Make your local directories read and writeable to all users before running. Example below.

$ cd ~
$ ls -alh
drwxr-xr-x  2 stealey renci    6 Nov 14 12:29 etc_irods
drwxr-xr-x  2 stealey renci    6 Nov 14 12:29 var_irods
drwxr-xr-x  2 stealey renci    6 Nov 14 12:29 var_pgdata

$ chmod -R 777 etc_irods/ var_irods/ var_pgdata/
$ ls -alh
drwxrwxrwx  2 stealey renci    6 Nov 14 12:29 etc_irods
drwxrwxrwx  2 stealey renci    6 Nov 14 12:29 var_irods
drwxrwxrwx  2 stealey renci    6 Nov 14 12:29 var_pgdata

2. Use the UID:GID setting options so that the container uses your values instead of the defaults. Initially try this with only the iRODS volumes (var_irods, etc_irods) being shared from the host and leave the Postgres one internal to the container. Example below.

$ id
uid=1112(stealey) gid=1000(renci) ... ,992(docker), ...
$ docker run -d --name provider \
	-h provider \
        -e UID_IRODS=1112 \
        -e GID_IRODS=1000 \
	-v $(pwd)/var_irods:/var/lib/irods \
	-v $(pwd)/etc_irods:/etc/irods \
	mjstealey/irods-provider-postgres:4.2.2 \
	-i run_irods

This example should change the container's irods user's UID:GID from 998:998 to 1112:1000 and be indistinguishable from my user at the host level.

from irods-provider-postgres.

@mjstealey - This permissions issue was cause by SE Linux. It was solved when adding a :z to the end of the volume mount.

Ah!! SE Linux getting in the way... this makes sense and I'm sorry I hadn't thought of this as a thing to look at. I'll make a note of this in the documents as something to check if using local volume mounts.

If you have any open issues that are now resolved, please go ahead and mark them as such.

from irods-provider-postgres.

Issue has been resolved, closing

from irods-provider-postgres.