container fails on startup

[mk270]

"docker logs sbot" yields the following error, repeated many times:

fs.js:646
  return binding.open(pathModule._makeLong(path), stringToFlags(flags), mode);
                 ^

Error: EACCES: permission denied, open '/home/node/.ssb/secret'
    at Object.fs.openSync (fs.js:646:18)
    at Object.fs.writeFileSync (fs.js:1299:33)
    at Object.exports.createSync (/home/node/.npm-global/lib/node_modules/scuttl
ebot-release/node_modules/ssb-keys/storage.js:104:8)
    at Object.exports.loadOrCreateSync (/home/node/.npm-global/lib/node_modules/
scuttlebot-release/node_modules/ssb-keys/index.js:89:20)
    at Object.<anonymous> (/home/node/.npm-global/lib/node_modules/scuttlebot-re
lease/node_modules/scuttlebot/bin.js:27:20)
    at Module._compile (module.js:653:30)
    at Object.Module._extensions..js (module.js:664:10)
    at Module.load (module.js:566:32)
    at tryModuleLoad (module.js:506:12)
    at Function.Module._load (module.js:498:3)

[ahdinosaur]

hi @mk270, how did you setup the server?

i just setup another two pubs, one using the automated setup and one using manual setup, i wasn't able to reproduce any errors, so i'm not sure what's wrong on my side.

[mk270]

I've retrodden my steps and taken notes:

• follow the README.md in ahdinosaur/ssb-pub
• go to "manual setup"
• boot up a Debian 9.3 VM, do the package installs / upgrades exactly as specified
• use "option a" to install ssb-pub image (i.e., "docker pull ahdinosaur/ssb-pub")
• do step 1 and step 2, to set up ~/ssb-pub-data and the various scripts (modulo having low memory in the VM)

Then

root@ginsburg:~# ./create-sbot 
792b4d805f883a9daf449d9ef1557817e3ccd7298016dd704f8e3aa81b21c9b3
root@ginsburg:~# docker container ls
CONTAINER ID        IMAGE                COMMAND             CREATED             STATUS                         PORTS               NAMES
792b4d805f88        ahdinosaur/ssb-pub   "sbot server"       15 seconds ago      Restarting (1) 3 seconds ago                       sbot

"docker logs sbot" still gives the same EACCESS problem against /home/node/.ssb/secret .. I'm assuming that the /home/node refers to the filesystem inside the container - I certainly don't have one in the host environment.

What is the "setup" stage you refer to?

[ahdinosaur]

@mk270 this is great thank you. :smiley_cat:

so i guess, can you double check your ./create-sbot with:

cat ./create-sbot

and then also double check your ~/ssb-pub-data permissions with:

ls -lh ~/ssb-pub-data

[mk270]

create-sbot:

#!/bin/bash

set -eu

ssb_host=gulag.ucant.org
mem=$(free -b --si | awk '/Mem\:/ { print $2 }')
memory_limit=$(( $mem - 200 * (10 ** 6) ))

docker run -d --name sbot \
   -v ~ssb/ssb-pub-data/:/home/node/.ssb/ \
   -e ssb_host="\$ssb_host" \
   -p 8008:8008 \
   --restart unless-stopped \
   ahdinosaur/ssb-pub

It's not clear from the instructions which user in the host system is supposed to be executing these commands (e.g., root, or a non-privileged user - in my setup you seem to need to be root to use the docker commands).

root@ginsburg:~# ls -ldn ~/ssb-pub-data/
drwxr-xr-x 2 1000 1000 4096 Dec 22 16:47 /root/ssb-pub-data/

[mplorentz]

@mk270 I think you have a typo in your create-sbot script. You have ~ssb instead of ~/ssb in your volume specifier.

[mk270]

Afraid that's not the problem:

root@ginsburg:~# cat create-sbot 
#!/bin/bash

set -eu

ssb_host=gulag.ucant.org
mem=$(free -b --si | awk '/Mem\:/ { print $2 }')
memory_limit=$(( $mem - 200 * (10 ** 6) ))

docker run -d --name sbot \
   -v ~ssb/ssb-pub-data/:/home/node/.ssb/ \
   -e ssb_host="\$ssb_host" \
   -p 8008:8008 \
   --restart unless-stopped \
   ahdinosaur/ssb-pub
root@ginsburg:~# finger ssb
-su: finger: command not found
root@ginsburg:~# ls /home/ssb
ssb-pub-data

Again, it's not clear from the instructions which user in the host system is supposed to be executing these commands (e.g., root, or a non-privileged user - in my setup you seem to need to be root to use the docker commands).

[mk270]

Ok, it turned out to be several problems, in particular https://github.com/docker/libnetwork/issues/1790

Thanks for the help.