Skip to content

Pre-create /home/redmine and set wide permissions on it #141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 16, 2018
Merged

Pre-create /home/redmine and set wide permissions on it #141

merged 1 commit into from
Nov 16, 2018

Conversation

tianon
Copy link
Member

@tianon tianon commented Nov 14, 2018

This should fix #138, and might fix #137 -- more testing required (not 100% sure we've completely reproduced all the failure modes we're seeing in #137, especially around /usr/local/bundle/config).

@wglambert what's the easiest way for me to help you test this and make sure it fixes at least the things you managed to reproduce? Do you need me to push it somewhere, or can you build it from here?

I guess realistically, anyone looking to help test this should be able to do so with something like this:

$ docker build --pull -t redmine:3.4 https://github.com/infosiftr/redmine.git#home-redmine:3.4

(and then use that now-locally-built redmine:3.4 image in your docker-compose.yml, etc.)

This was referenced Nov 14, 2018
Closed
Closed
@tianon
Copy link
Member Author

tianon commented Nov 14, 2018

Alternatively, you can use infosiftr/temp-redmine:3.4 for now (which is built from this PR).

@wglambert
Copy link

This fixes the errors of /home/redmine is not a directory. for normal and arbitrary user when using a populated database volume

docker-compose.yml

version: "3"
services:
  db:
    image: postgres:10.6
    restart: always
    volumes:
      - ./data/db:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=redmine
      - POSTGRES_PASSWORD=password
  redmine:
    image: infosiftr/temp-redmine:3.4
    restart: always
    ports:
      - "3000:3000"
    volumes:
      - ./data/redmine:/usr/src/redmine/files
    environment:
      - REDMINE_DB_POSTGRES=db
      - REDMINE_DB_USERNAME=redmine
      - REDMINE_DB_PASSWORD=password
    user: 1002:1002
$ docker-compose up -d
$ docker logs redmine-138_redmine_1
. . .
== 20170419144536 AddViewMessagesToAllExistingRoles: migrating ================
== 20170419144536 AddViewMessagesToAllExistingRoles: migrated (0.0060s) =======

[2018-11-14 22:46:02] INFO  WEBrick 1.3.1
[2018-11-14 22:46:02] INFO  ruby 2.4.5 (2018-10-18) [x86_64-linux]
[2018-11-14 22:46:02] INFO  WEBrick::HTTPServer#start: pid=1 port=3000

$ docker-compose down
Stopping redmine-138_db_1      ... done
Stopping redmine-138_redmine_1 ... done
Removing redmine-138_db_1      ... done
Removing redmine-138_redmine_1 ... done
Removing network redmine-138_default

$ docker-compose up -d
Creating network "redmine-138_default" with the default driver
Creating redmine-138_db_1      ... done
Creating redmine-138_redmine_1 ... done

$ docker logs redmine-138_redmine_1
The dependency tzinfo-data (>= 0) will be unused by any of the platforms Bundler is installing for. Bundler is installing for ruby but the dependency is only for x86-mingw32, x64-mingw32, x86-mswin32. To add those platforms to the bundle, run `bundle lock --add-platform x86-mingw32 x64-mingw32 x86-mswin32`.
The Gemfile's dependencies are satisfied
[2018-11-14 22:50:09] INFO  WEBrick 1.3.1
[2018-11-14 22:50:09] INFO  ruby 2.4.5 (2018-10-18) [x86_64-linux]
[2018-11-14 22:50:09] INFO  WEBrick::HTTPServer#start: pid=1 port=3000

@Silex
Copy link

Silex commented Nov 15, 2018
edited
Loading

I have a similar problem with secrets:

version: '3.7'
services:
  web:
    image: redmine:3.4.6-passenger
    restart: always
    command: passenger start --ssl --ssl-certificate /run/secrets/ssl-certificate --ssl-certificate-key /run/secrets/ssl-key --ssl-port 3443
    environment:
      REDMINE_DB_MYSQL_FILE: /run/secrets/database-hostname
      REDMINE_DB_DATABASE_FILE: /run/secrets/database-name
      REDMINE_DB_USERNAME_FILE: /run/secrets/database-username
      REDMINE_DB_PASSWORD_FILE: /run/secrets/database-password
      REDMINE_PLUGINS_MIGRATE: 1
    ports:
      - '80:3000'
      - '443:3443'
    depends_on:
      - database
    secrets:
      - source: redmine-configuration
        target: /usr/src/redmine/config/configuration.yml
      - ssl-certificate
      - ssl-key
      - database-hostname
      - database-username
      - database-password
      - database-name

The error is:

web_1_12df10ec82dc | chown: changing ownership of 'config/configuration.yml': Read-only file system

I think we need to add a variable like REDMINE_CONFIGURATION_FILE to avoid this.

Should I start another issue for this?

EDIT: I found that one trick is to mount the configuration using a volume instead of using a secret, but that is a bit ugly.

@yosifkit
Copy link
Member

@Silex, the real solution is to either mount the secret with the correct user (redmine) using the long syntax so that the chown doesn't trigger. Or use the improvements from this and the previous PR to run directly as the redmine user (id 999 from the container) using the user directive in the yaml to skip the chown (it is only run when the container is started as root).

@Silex
Copy link

Silex commented Nov 16, 2018

@yosifkit: right, good idea thanks!

@Silex
Copy link

Silex commented Nov 16, 2018
edited
Loading

For information using user: 'redmine:redmine' is simpler (instead of hardcoding uid).

@tianon: your image does not seem to work by me:

web_1_56cc1eb6c7e5 | There was an error while trying to write to `/usr/local/bundle/config`. It is
web_1_56cc1eb6c7e5 | likely that you need to grant write permissions for that path.

Here's the full service definition:

  web:
    image: infosiftr/temp-redmine:3.4
    #user: 'redmine:redmine'
    command: passenger start --ssl --ssl-certificate /run/secrets/ssl-certificate --ssl-certificate-key /run/secrets/ssl-key --ssl-port 3443
    environment:
      REDMINE_DB_MYSQL_FILE: /run/secrets/database-hostname
      REDMINE_DB_DATABASE_FILE: /run/secrets/database-name
      REDMINE_DB_USERNAME_FILE: /run/secrets/database-username
      REDMINE_DB_PASSWORD_FILE: /run/secrets/database-password
      REDMINE_PLUGINS_MIGRATE: 1
    ports:
      - '80:3000'
      - '443:3443'
    secrets:
      - source: redmine-configuration
        target: /usr/src/redmine/config/configuration.yml
      - ssl-certificate
      - ssl-key
      - database-hostname
      - database-username
      - database-password
      - database-name
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data/files:/usr/src/redmine/files
      - ./data/logs:/usr/src/redmine/log
      - ./initializers:/usr/src/redmine/config/initializers/customization
      - ./plugins:/usr/src/redmine/plugins
      - ./themes:/usr/src/redmine/public/themes

If I comment the line with the plugins then things work with the official image, but with your image I have this error:

web_1_56cc1eb6c7e5 | [FATAL tini (37)] exec passenger failed: No such file or directory

@tianon
Copy link
Member Author

tianon commented Nov 16, 2018 

web_1_56cc1eb6c7e5 | [FATAL tini (37)] exec passenger failed: No such file or directory

This is because the image I pushed does not contain passenger -- it's the base image. You'll want to comment out your command: line for now and run with the built-in WEBrick server for testing this.

If commenting out your plugins volume makes that error go away, then it has to be something weird one of your plugins is doing. Any details you can provide there? I tried quite a bit (including REDMINE_PLUGINS_MIGRATE=1) and can't reproduce, but I don't have any plugins installed.

I think this fix is still correct and important since it fixes the more common error in #137 and #138, and we should investigate your failures around /usr/local/bundle/config separately.

@tianon tianon merged commit a881541 into docker-library:master Nov 16, 2018
@tianon tianon deleted the home-redmine branch November 16, 2018 22:43
@tianon
Copy link
Member Author

tianon commented Nov 16, 2018

(Re-opened #137 to continue the /usr/local/bundle/config discussion/debugging.)

@tianon tianon mentioned this pull request Nov 20, 2018
Merged
tianon added a commit to infosiftr/stackbrew that referenced this pull request Nov 20, 2018
@tianon
Update docker-library images
c97e878 
- `elasticsearch`: 6.5.1
- `ghost`: 2.6.1
- `irssi`: `gpg --batch` (jessfraz/irssi#21)
- `joomla`: joomla-docker/docker-joomla#69
- `kibana`: 6.5.1
- `logstash`: 6.5.1
- `mariadb`: 10.3.11
- `matomo`: 3.7.0
- `openjdk`: 12-ea+20, windowsservercore-1803 for jdk8
- `redmine`: arbitrary user fixes (docker-library/redmine#141, docker-library/redmine#142)
- `tomcat`: 7.0.92
@tianon tianon mentioned this pull request Nov 20, 2018
Merged
autophagy pushed a commit to crate/official-images that referenced this pull request Dec 12, 2018
@tianon @autophagy
Update docker-library images
911ee37 
- `elasticsearch`: 6.5.1
- `ghost`: 2.6.1
- `irssi`: `gpg --batch` (jessfraz/irssi#21)
- `joomla`: joomla-docker/docker-joomla#69
- `kibana`: 6.5.1
- `logstash`: 6.5.1
- `mariadb`: 10.3.11
- `matomo`: 3.7.0
- `openjdk`: 12-ea+20, windowsservercore-1803 for jdk8
- `redmine`: arbitrary user fixes (docker-library/redmine#141, docker-library/redmine#142)
- `tomcat`: 7.0.92
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Redmine container fails to start 3.4.6 docker image write permission error.
4 participants
@tianon @wglambert @Silex @yosifkit