Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating stack from Git fail with relative path volumes & rootless docker #11695

Open
2 tasks done
adriengivry opened this issue Apr 25, 2024 · 4 comments
Open
2 tasks done

Creating stack from Git fail with relative path volumes & rootless docker #11695

adriengivry opened this issue Apr 25, 2024 · 4 comments
Labels
bug/need-confirmation kind/bug Applied to Bugs

Comments

@adriengivry
Copy link

adriengivry commented Apr 25, 2024
edited

Before you start please confirm the following.

Problem Description

Using docker rootless, I'm trying to deploy a stack from GitHub that has some relative paths in its docker-compose file. I've acquired a BE license, allowing me to use the "Enable relative path volumes" toggle, but it fails to create the stack.

Expected Behavior

I should be able to create a stack from a Git repository with relative paths with the BE license.

Actual Behavior

Creating the stack fail and throw an error.

With "Local filesystem" set to /mnt:

start unpacker container error: Error response from daemon: error while creating mount source path '/mnt/portainer-compose-unpacker': mkdir /mnt/portainer-compose-unpacker: permission denied

With "Local filesystem" set to /home/adrien (user folder, so the user which ran portainer have access to it):

an error occurred while running unpacker container with exit code 255: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.config-hash%22%3Atrue%2C%22com.docker.compose.project%3Dadrien-givry-website%22%3Atrue%7D%7D": dial unix /var/run/docker.sock: connect: permission denied

Steps to Reproduce

  1. Create a Git repository with relative paths
  2. Get a BE license
  3. Run Docker in rootless mode
  4. Run Portainer
  5. Try to create a stack from your Git repository
  6. Notice the issue

Portainer logs or screenshots

With "Local filesystem" set to /mnt:

start unpacker container error: Error response from daemon: error while creating mount source path '/mnt/portainer-compose-unpacker': mkdir /mnt/portainer-compose-unpacker: permission denied

With "Local filesystem" set to /home/adrien (user folder, so the user which ran portainer have access to it):

an error occurred while running unpacker container with exit code 255: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.config-hash%22%3Atrue%2C%22com.docker.compose.project%3Dadrien-givry-website%22%3Atrue%7D%7D": dial unix /var/run/docker.sock: connect: permission denied

Portainer version

2.19.5

Portainer Edition

Business Edition (BE/EE) with 5NF / 3NF license

Platform and Version

Docker version 26.1.0, build 9714adc

OS and Architecture

Debian 6.1.76-1 (2024-02-01)

Browser

Firefox 125.0.2 (64-bit)

What command did you use to deploy Portainer?

docker run -d -p 8000:8000 -p 9443:9443 --name=portainer --restart=always -v /$XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro -v portainer_data:/data portainer/portainer-ee

Additional Information

No response
@adriengivry
Copy link
Author

adriengivry commented Apr 25, 2024
edited

Workaround:

# Adding the rootless Docker user to the docker group
sudo usermod -aG docker $USER
newgrp docker

# Changing docker.sock permissions
sudo chmod 666 /var/run/docker.sock

# Restarting docker
systemctl restart docker

However this fixed this issue, I'm a bit concerned about this chmod 666 on the docker.sock, it might have side effects and be a security issue. Thoughts?

Edit: Even though this allows the stack to be deployed, the stack display no container, and the containers are created with sudo docker instead of docker.

@adriengivry
Copy link
Author

I've disabled rootfull docker, and trying to create a stack from a Git repository with relative path triggers this error:

an error occurred while running unpacker container with exit code 255: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

It seems like even though portainer is ran with rootless docker, it still tries to access rootfull docker to create this stack.
Maybe a bug in the relative path implementation using the sudo prefix where it shouldn't?

@BakasuraRCE
Copy link

BakasuraRCE commented May 10, 2024
edited

Don't ask me why this works, I don't understand the reason, but it does:

Create a symbolic link to the volume of your portainer on your host server

$ ln -s /home/USER_HERE/.local/share/docker/volumes/portainer-prod_portainer_data/_data /data

Now try to deploy but do not enable relative paths

This works well temporarily, but in an environment multi-node we need Portainer to solve it

@adriengivry
Copy link
Author

@BakasuraRCE Thanks for the answer! To be honest I just ditched rootless docker, and now I have 0 issue with Portainer, everything is so smooth 😅
Rootless docker is just a pain in the a** to deal with when using Portainer, half of the features are broken. Anyway, problem solved for me 😁

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/need-confirmation kind/bug Applied to Bugs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BakasuraRCE @adriengivry