Joel Almeida
Reputation: 62
Using a volume with a redmine docker container in Bluemix
I am trying to set up a Redmine instance in a Bluemix container, using the Redmine official Docker;
I can build the image and run the container with no problems.
If I add a volume to the container the build fail near the end with this log:
chown: cannot read directory 'files/files': Permission denied
8chown: changing ownership of 'files': Permission denied
I understand this is happening because the user in the container has no read/write privileges.
I have tried some solution attempts such as using
USER root
Before the chown. Even declaring the volume only after the chown (as suggested in the Docker page)
Alternatively, all the other solutions I've come across involve ssh to the container; what I cannot do as the container never runs ins the first place with the volume.
here is a copy of my Dockerfile and entrypoint.sh
FROM ruby:2.2-slim
# add the volumeeditor to grant permissions in bluemix
RUN groupadd --gid 1010 redmine
RUN useradd --uid 1010 --gid 1010 -m --shell /bin/bash redmine
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
wget \
&& rm -rf /var/lib/apt/lists/*
# grab gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true
# grab tini for signal processing and zombie killing
ENV TINI_VERSION v0.9.0
RUN set -x \
&& wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \
&& wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \
&& gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
&& rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \
&& chmod +x /usr/local/bin/tini \
&& tini -h
RUN apt-get update && apt-get install -y --no-install-recommends \
imagemagick \
libmysqlclient18 \
libpq5 \
libsqlite3-0 \
\
bzr \
git \
mercurial \
openssh-client \
subversion \
&& rm -rf /var/lib/apt/lists/*
ENV RAILS_ENV production
WORKDIR /usr/src/redmine
ENV REDMINE_VERSION 3.3.3
ENV REDMINE_DOWNLOAD_MD5 c946839c9a51dba48ae7c34c5351f677
RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_VERSION}.tar.gz" \
&& echo "$REDMINE_DOWNLOAD_MD5 redmine.tar.gz" | md5sum -c - \
&& tar -xvf redmine.tar.gz --strip-components=1 \
&& rm redmine.tar.gz files/delete.me log/delete.me \
&& mkdir -p tmp/pdf public/plugin_assets \
&& chown -R redmine:redmine ./
RUN buildDeps=' \
gcc \
libmagickcore-dev \
libmagickwand-dev \
libmysqlclient-dev \
libpq-dev \
libsqlite3-dev \
make \
patch \
' \
&& set -ex \
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \
&& rm -rf /var/lib/apt/lists/* \
&& bundle install --without development test \
&& for adapter in mysql2 postgresql sqlite3; do \
echo "$RAILS_ENV:" > ./config/database.yml; \
echo " adapter: $adapter" >> ./config/database.yml; \
bundle install --without development test; \
done \
&& rm ./config/database.yml \
&& apt-get purge -y --auto-remove $buildDeps
COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]
VOLUME /usr/src/redmine/files
EXPOSE 3000
CMD ["rails", "server", "-b", "0.0.0.0"]
docker-entrypoint.sh
#!/bin/bash
set -e
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
case "$1" in
rails|rake|passenger)
if [ ! -f './config/database.yml' ]; then
file_env 'REDMINE_DB_MYSQL'
file_env 'REDMINE_DB_POSTGRES'
if [ "$MYSQL_PORT_3306_TCP" ] && [ -z "$REDMINE_DB_MYSQL" ]; then
export REDMINE_DB_MYSQL='mysql'
elif [ "$POSTGRES_PORT_5432_TCP" ] && [ -z "$REDMINE_DB_POSTGRES" ]; then
export REDMINE_DB_POSTGRES='postgres'
fi
if [ "$REDMINE_DB_MYSQL" ]; then
adapter='mysql2'
host="$REDMINE_DB_MYSQL"
file_env 'REDMINE_DB_PORT' '3306'
file_env 'REDMINE_DB_USERNAME' "${MYSQL_ENV_MYSQL_USER:-root}"
file_env 'REDMINE_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}}"
file_env 'REDMINE_DB_DATABASE' "${MYSQL_ENV_MYSQL_DATABASE:-${MYSQL_ENV_MYSQL_USER:-redmine}}"
file_env 'REDMINE_DB_ENCODING' ''
elif [ "$REDMINE_DB_POSTGRES" ]; then
adapter='postgresql'
host="$REDMINE_DB_POSTGRES"
file_env 'REDMINE_DB_PORT' '5432'
file_env 'REDMINE_DB_USERNAME' "${POSTGRES_ENV_POSTGRES_USER:-postgres}"
file_env 'REDMINE_DB_PASSWORD' "${POSTGRES_ENV_POSTGRES_PASSWORD}"
file_env 'REDMINE_DB_DATABASE' "${POSTGRES_ENV_POSTGRES_DB:-${REDMINE_DB_USERNAME:-}}"
file_env 'REDMINE_DB_ENCODING' 'utf8'
else
echo >&2
echo >&2 'warning: missing REDMINE_DB_MYSQL or REDMINE_DB_POSTGRES environment variables'
echo >&2
echo >&2 '*** Using sqlite3 as fallback. ***'
echo >&2
adapter='sqlite3'
host='localhost'
file_env 'REDMINE_DB_PORT' ''
file_env 'REDMINE_DB_USERNAME' 'redmine'
file_env 'REDMINE_DB_PASSWORD' ''
file_env 'REDMINE_DB_DATABASE' 'sqlite/redmine.db'
file_env 'REDMINE_DB_ENCODING' 'utf8'
mkdir -p "$(dirname "$REDMINE_DB_DATABASE")"
chown -R redmine:redmine "$(dirname "$REDMINE_DB_DATABASE")"
fi
REDMINE_DB_ADAPTER="$adapter"
REDMINE_DB_HOST="$host"
echo "$RAILS_ENV:" > config/database.yml
for var in \
adapter \
host \
port \
username \
password \
database \
encoding \
; do
env="REDMINE_DB_${var^^}"
val="${!env}"
[ -n "$val" ] || continue
echo " $var: \"$val\"" >> config/database.yml
done
fi
# ensure the right database adapter is active in the Gemfile.lock
bundle install --without development test
if [ ! -s config/secrets.yml ]; then
file_env 'REDMINE_SECRET_KEY_BASE'
if [ "$REDMINE_SECRET_KEY_BASE" ]; then
cat > 'config/secrets.yml' <<-YML
$RAILS_ENV:
secret_key_base: "$REDMINE_SECRET_KEY_BASE"
YML
elif [ ! -f /usr/src/redmine/config/initializers/secret_token.rb ]; then
rake generate_secret_token
fi
fi
if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
gosu redmine rake db:migrate
fi
# https://www.redmine.org/projects/redmine/wiki/RedmineInstall#Step-8-File-system-permissions
mkdir -p tmp tmp/pdf public/plugin_assets
chown -R redmine:redmine files log public/plugin_assets
chmod -R 755 files log tmp public/plugin_assets
# remove PID file to enable restarting the container
rm -f /usr/src/redmine/tmp/pids/server.pid
if [ "$1" = 'passenger' ]; then
# Don't fear the reaper.
set -- tini -- "$@"
fi
set -- gosu redmine "$@"
;;
esac
exec "$@"
Any help will be appreciated.
Upvotes: 2
Views: 787
Answers (1)
bhpratt
Reputation: 384
To get around this, you have to temporarily add the non-root user to the root group to grant it write permissions on the volume mount. Here's an example in the documentation: https://console.ng.bluemix.net/docs/containers/container_volumes_ov.html#container_volumes_write
Upvotes: 0
Related Questions
- Multiple instances of Redmine on Docker
- How can I fix the permissions using docker on a bluemix volume?
- How can I backup volumes in the IBM Docker Cloud in Bluemix?
- Place files on a Bluemix container volume
- On Bluemix - handling volume for container group instances
- How to force a docker container in IBM Bluemix to connect a volume?
- How to access a container from a Bluemix app?
- How do you add a volume to a container in the IBM Bluemix Docker cloud?
- Volume not really mounted to docker container on IBM Bluemix
- How to docker exec to IBM bluemix containers