search

brokenscripts / authentik_traefik

Authentik behind Traefik
288 stars 25 forks source link

Permission denied: /media/public #7

Closed dgarner-cg closed 1 month ago

dgarner-cg commented 1 month ago

I am having a major difficulty running this stack, surrounding the following error output:

2024-07-21 02:08:39 [info ] Migration needs to be applied migration=tenant_files.py 2024-07-21 02:08:39 [info ] releasing database lock Failed to read config file: ./lifecycle/gunicorn.conf.py Traceback (most recent call last): File "/ak-root/venv/lib/python3.12/site-packages/gunicorn/app/base.py", line 111, in get_config_from_filename spec.loader.exec_module(mod) File "<frozen importlib._bootstrap_external>", line 995, in exec_module File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed File "/lifecycle/gunicorn.conf.py", line 154, in <module> run_migrations() File "/lifecycle/migrate.py", line 100, in run_migrations migration.run() File "/lifecycle/system_migrations/tenant_files.py", line 15, in run TENANT_MEDIA_ROOT.mkdir(parents=True) File "/usr/local/lib/python3.12/pathlib.py", line 1311, in mkdir os.mkdir(self, mode) PermissionError: [Errno 13] Permission denied: '/media/public' warning error=exit status 1 event=gunicorn process died, restarting logger=authentik.router timestamp=2024-07-21T02:08:39Z ERR error=exit status 1 event=gunicorn failed to start, restarting logger=authentik.router timestamp=2024-07-21T02:08:39Z DBG event=Loaded config logger=authentik.lib.config timestamp=1721527719.4670758 file=/authentik/lib/default.yml DBG event=Loaded environment variables logger=authentik.lib.config timestamp=1721527719.4674754 count=11 INF event=Starting authentik bootstrap logger=authentik.lib.config timestamp=1721527720.5025237 INF event=PostgreSQL connection successful logger=authentik.lib.config timestamp=1721527720.519482 INF event=Redis Connection successful logger=authentik.lib.config timestamp=1721527720.5209928 INF event=Finished authentik bootstrap logger=authentik.lib.config timestamp=1721527720.521113 2024-07-21 02:08:40 [info ] waiting to acquire database lock 2024-07-21 02:08:40 [info ] Migration needs to be applied migration=tenant_files.py 2024-07-21 02:08:40 [info ] releasing database lock Failed to read config file: ./lifecycle/gunicorn.conf.py Traceback (most recent call last): File "/ak-root/venv/lib/python3.12/site-packages/gunicorn/app/base.py", line 111, in get_config_from_filename spec.loader.exec_module(mod) File "<frozen importlib._bootstrap_external>", line 995, in exec_module File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed File "/lifecycle/gunicorn.conf.py", line 154, in <module> run_migrations() File "/lifecycle/migrate.py", line 100, in run_migrations migration.run() File "/lifecycle/system_migrations/tenant_files.py", line 15, in run TENANT_MEDIA_ROOT.mkdir(parents=True) File "/usr/local/lib/python3.12/pathlib.py", line 1311, in mkdir os.mkdir(self, mode) PermissionError: [Errno 13] Permission denied: '/media/public' warning error=exit status 1 event=gunicorn process died, restarting logger=authentik.router timestamp=2024-07-21T02:08:40Z ERR error=exit status 1 event=gunicorn failed to start, restarting logger=authentik.router timestamp=2024-07-21T02:08:40Z DBG event=Loaded config logger=authentik.lib.config timestamp=1721527721.0249119 file=/authentik/lib/default.yml DBG event=Loaded environment variables logger=authentik.lib.config timestamp=1721527721.0253375 count=11 warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T02:08:41Z INF event=Starting authentik bootstrap logger=authentik.lib.config timestamp=1721527722.1081977 INF event=PostgreSQL connection successful logger=authentik.lib.config timestamp=1721527722.1249876 INF event=Redis Connection successful logger=authentik.lib.config timestamp=1721527722.1268034 INF event=Finished authentik bootstrap logger=authentik.lib.config timestamp=1721527722.126975 2024-07-21 02:08:42 [info ] waiting to acquire database lock 2024-07-21 02:08:42 [info ] Migration needs to be applied migration=tenant_files.py 2024-07-21 02:08:42 [info ] releasing database lock Failed to read config file: ./lifecycle/gunicorn.conf.py Traceback (most recent call last): File "/ak-root/venv/lib/python3.12/site-packages/gunicorn/app/base.py", line 111, in get_config_from_filename spec.loader.exec_module(mod) File "<frozen importlib._bootstrap_external>", line 995, in exec_module File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed File "/lifecycle/gunicorn.conf.py", line 154, in <module> run_migrations() File "/lifecycle/migrate.py", line 100, in run_migrations migration.run() File "/lifecycle/system_migrations/tenant_files.py", line 15, in run TENANT_MEDIA_ROOT.mkdir(parents=True) File "/usr/local/lib/python3.12/pathlib.py", line 1311, in mkdir os.mkdir(self, mode) PermissionError: [Errno 13] Permission denied: '/media/public' warning error=exit status 1 event=gunicorn process died, restarting logger=authentik.router timestamp=2024-07-21T02:08:42Z ERR error=exit status 1 event=gunicorn failed to start, restarting logger=authentik.router timestamp=2024-07-21T02:08:42Z DBG event=Loaded config logger=authentik.lib.config timestamp=1721527722.6360176 file=/authentik/lib/default.yml DBG event=Loaded environment variables logger=authentik.lib.config timestamp=1721527722.6364012 count=11 INF event=Starting authentik bootstrap logger=authentik.lib.config timestamp=1721527723.666236 INF event=PostgreSQL connection successful logger=authentik.lib.config timestamp=1721527723.6829164 INF event=Redis Connection successful logger=authentik.lib.config timestamp=1721527723.6844249 INF event=Finished authentik bootstrap logger=authentik.lib.config timestamp=1721527723.6845357 2024-07-21 02:08:43 [info ] waiting to acquire database lock 2024-07-21 02:08:43 [info ] Migration needs to be applied migration=tenant_files.py 2024-07-21 02:08:43 [info ] releasing database lock Failed to read config file: ./lifecycle/gunicorn.conf.py Traceback (most recent call last): File "/ak-root/venv/lib/python3.12/site-packages/gunicorn/app/base.py", line 111, in get_config_from_filename spec.loader.exec_module(mod) File "<frozen importlib._bootstrap_external>", line 995, in exec_module File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed File "/lifecycle/gunicorn.conf.py", line 154, in <module> run_migrations() File "/lifecycle/migrate.py", line 100, in run_migrations migration.run() File "/lifecycle/system_migrations/tenant_files.py", line 15, in run TENANT_MEDIA_ROOT.mkdir(parents=True) File "/usr/local/lib/python3.12/pathlib.py", line 1311, in mkdir os.mkdir(self, mode) PermissionError: [Errno 13] Permission denied: '/media/public' warning error=exit status 1 event=gunicorn process died, restarting logger=authentik.router timestamp=2024-07-21T02:08:43Z ERR error=exit status 1 event=gunicorn failed to start, restarting logger=authentik.router timestamp=2024-07-21T02:08:43Z DBG event=Loaded config logger=authentik.lib.config timestamp=1721527724.1895435 file=/authentik/lib/default.yml DBG event=Loaded environment variables logger=authentik.lib.config timestamp=

Why is /media/public being refused mkdir and chown here?

This is happening when being executed through an automation script I created and also when following instructions line by line.

Thank you,

brokenscripts commented 1 month ago

That looks like a host permission error. Have you tried manually creating that folder (/media) and recursively changing ownership to match who it should?

You could also comment out the bind mounts in the compose to verify it is a host permission issue.

Try one of those 2 and then re-run it and update.

dgarner-cg commented 1 month ago

Yes, I have attempted to create the folder within the container by exec -it into the container to create the public folder within the base media; and obviously on the host media already exists, which I created a public folder and chmod 755. but both of those solutions still result in permission denied when running the script.

I presume the public folder is where things are attempting to be mounted in the container.

Thoughts?

brokenscripts commented 1 month ago

I'm honestly not sure. If you created the media/public folders and chown them to the correct user, chmod shouldn't be needed. If you're using my stack exactly it's user id 1100. I didn't run into that and I am unable to reproduce. I would recommend you remove that bind mount from both container's and then recreate the stack, if that works it has something to do with your permissions on the host.

dgarner-cg commented 1 month ago

This is strange .. It's passed that now, but I am getting the following problems, would love your thoughts.

I commented out the CF secrets as I use another provider that's not supported by Traefik, so I am unsure how to deal with that .. However, moving on.

I copy / pasted the secret generation commands, even though I have a dedicated database, just to ensure there were no issues until I got this running.

I changed the port to the local Portainer from 9443 because it seems something is attempting to listen on 9443.

Now the following:

Postgresql log: The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted fixing permissions on existing directory /var/lib/postgresql/data ... 9chmod: /var/lib/postgresql/data: Operation not permitted chmod: /var/run/postgresql: Operation not permitted The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted fixing permissions on existing directory /var/lib/postgresql/data ... 9chmod: /var/lib/postgresql/data: Operation not permitted chmod: /var/run/postgresql: Operation not permitted The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted fixing permissions on existing directory /var/lib/postgresql/data ... 9chmod: /var/lib/postgresql/data: Operation not permitted chmod: /var/run/postgresql: Operation not permitted The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted fixing permissions on existing directory /var/lib/postgresql/data ... 9chmod: /var/lib/postgresql/data: Operation not permitted chmod: /var/run/postgresql: Operation not permitted The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted fixing permissions on existing directory /var/lib/postgresql/data ... 9chmod: /var/lib/postgresql/data: Operation not permitted chmod: /var/run/postgresql: Operation not permitted initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. fixing permissions on existing directory /var/lib/postgresql/data ... 9chmod: /var/lib/postgresql/data: Operation not permitted chmod: /var/run/postgresql: Operation not permitted The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted fixing permissions on existing directory /var/lib/postgresql/data ... 9chmod: /var/lib/postgresql/data: Operation not permitted chmod: /var/run/postgresql: Operation not permitted The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. initdb: error: could not change permissions of directory "/var/lib/postgresql/data": Operation not permitted fixing permissions on existing directory /var/lib/postgresql/data ...

Authentik log: DBG event=Loaded config path=inbuilt-default timestamp=2024-07-21T19:10:51Z DBG event=Loaded config path=/authentik/lib/default.yml timestamp=2024-07-21T19:10:51Z DBG event=Loaded config from environment timestamp=2024-07-21T19:10:51Z INF event=not enabling debug server, setAUTHENTIK_DEBUGtotrueto enable it. logger=authentik.go_debugger timestamp=2024-07-21T19:10:51Z INF event=Starting Metrics server listen=0.0.0.0:9300 logger=authentik.router.metrics timestamp=2024-07-21T19:10:51Z INF event=Starting HTTP server listen=0.0.0.0:9000 logger=authentik.router timestamp=2024-07-21T19:10:51Z INF event=Starting HTTPS server listen=0.0.0.0:9443 logger=authentik.router timestamp=2024-07-21T19:10:52Z DBG event=Loaded config logger=authentik.lib.config timestamp=1721589052.3256278 file=/authentik/lib/default.yml DBG event=Loaded environment variables logger=authentik.lib.config timestamp=1721589052.326341 count=11 INF event=Starting authentik bootstrap logger=authentik.lib.config timestamp=1721589053.452431 warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:10:56Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:01Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:07Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:12Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:17Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:22Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:27Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:32Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:37Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:42Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:47Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:11:52Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:12:22Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:12:52Z INF event=PostgreSQL connection failed, retrying... (connection timeout expired) logger=authentik.lib.config timestamp=1721589184.8296216 warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:13:23Z warning error=authentik starting event=failed to proxy to backend logger=authentik.router timestamp=2024-07-21T19:13:53Z

So obviously there is some error in connecting to the Postgres database, any thoughts on this?

Thank you very much for your time and attention, I know you are not the maintainer of any of these projects but just seeking wisdom from someone smarter than I. Cheers. :)

brokenscripts commented 1 month ago

That looks like host permission issues still. 

initdb: error: could not change permissions of directory
brokenscripts commented 1 month ago

Closing due to no additional updates.