search

3liz / lizmap-docker-compose

Run Lizmap stack with docker-compose
31 stars 42 forks source link

Containers keep restarting #76

Closed gioman closed 5 days ago

gioman commented 5 days ago

I followed to the letter the readme in this repo, and the result is that after "docker compose up" there 2 containers that keep restarting, they are the qgis server and lizmap ones.

I examined the logs of those 2 containers and by the error messages (one of them being "QGSRV_USER must no be root !") I tried to comment the following two lines in the compose .yaml file

LIZMAP_USER: ${LIZMAP_UID} QGSRV_USER: ${LIZMAP_UID}:${LIZMAP_GID}

which worked.

I'm not sure anyway if this is the right fix or not.

dmarteau commented 5 days ago

Don't do that.

The problem occurs because you are trying to run the container as root (i.e LIZMAP_UID is set to the current user by default which is probably root in your case.

By removing the lines above you make the container running as a default non-root user in the container: this will lead to issues because ownership of mounted volumes will no match.

The message is also a warning that you should not run the services as root which may leads to potential securities issues !!!

The good practice is to create a lizmap user and the the LIZMAP_UID/LIZMAP_GID vars to the uid/gid of this user. From this all data volumes accessed from the qgis and lizmap containers must have the same lizmap ownership.

gioman commented 5 days ago

The good practice is to create a lizmap user and the the LIZMAP_UID/LIZMAP_GID vars to the uid/gid of this user. From this all data volumes accessed from the qgis and lizmap containers must have the same lizmap ownership.

@dmarteau thanks for the reply. So I would say that in the readme at least it should mention something along this lines:

useradd lizmap usermod -aG docker lizmap su lizmap cd ~ git clone... ... ... ...

right?

dmarteau commented 5 days ago

Imho this is out of scope because this is a matter of system/docker administration and not a software requirement.

As stated in the readme this is not a production ready docker stack and using it in production should be mitigated with your infrastructure requirements and securit concerns; the only thing that we can do is to prevent people to shoot themselves in the foot by forbidding some malpractices.

Gustry commented 5 days ago

Using docker compose, we assume you are already have a docker installation running.

It's very common question :

Otherwise, we would need to explain too many things in this single readme (such as how to install git in your code snippet, I took this as an example 😉)

gioman commented 5 days ago

Imho this is out of scope because this is a matter of system/docker administration and not a software requirement.

As stated in the readme this is not a production ready docker stack and using it in production should be mitigated with your infrastructure requirements and securit concerns; the only thing that we can do is to prevent people to shoot themselves in the foot by forbidding some malpractices.

@dmarteau I don't argue here, it is your thing. My personal opinion is that if docs/readme do not lead to a working installation/instance (regardless of s production ready or not) this leads to confusion and frustration, that ultimately hurts also you guys. But as said, no arguing here.