buanet / ioBroker.docker

Official Docker Image for ioBroker
https://www.iobroker.net
MIT License
198 stars 69 forks source link

/opt/scripts/iobroker_startup.sh: line 169: /usr/bin/iobroker: Permission denied #71

Closed Springjunky closed 4 years ago

Springjunky commented 4 years ago

Welche Umgebung

Raspberry PI 4 mit 4GB

NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian

Was zuvor geschah

Ich habe den aktuellen Container und das Image was ca. 4 Wochen alt war gelöscht

docker container rm IOBroker
docker rmi buanet/iobroker:latest

und danach per docker-compose up -d IOBroker wieder gestartet

pi@raspi:~/Docker/IOBroker $ cat docker-compose.yml 
---
version: "3.5"
services:
  iobroker:
    restart: always
    image: buanet/iobroker
    hostname: iobroker.docker 
    container_name: IOBroker
    environment:
      - PACKAGES=vim net-tools nfs-common cifs-utils
    privileged: true
    ports:
      - 9081:9081 # Admin-Adapter
      - 9082:9082 # WebServer VIS und Float
      - 1880:1880 # Node Red
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /mnt/SamsungSSD120GB/DockerVolumes/IOBroker/opt/iobroker:/opt/iobroker
      - /mnt/SamsungSSD120GB/DockerVolumes/IOBroker/history:/history

danach erhielt ich folgende Fehlermeldung /opt/scripts/iobroker_startup.sh: line 169: /usr/bin/iobroker: Permission denied Ein exec in den Container bestätigte das auch nochmal, allerdings funktioniert der entsprechende Befehl mit bashdavor dennoch

pi@raspi:~ $ docker container exec -it IOBroker /bin/bash
root@iobroker:/opt/iobroker# iobroker object get system.adapter.admin.0 --pretty | grep -oP '(?<="host": ")[^"]*'
bash: /usr/bin/iobroker: Permission denied
root@iobroker:/opt/iobroker# bash iobroker object get system.adapter.admin.0 --pretty | grep -oP '(?<="host": ")[^"]*'
iobroker.docker
root@iobroker:/opt/iobroker# 

iobroker ist ja verlinkt auf /opt/iobroker, wiederum im Container zeigt sich folgendes

proot@iobroker:/opt/iobroker# ls -la /usr/bin/iobroker
lrwxrwxrwx 1 root root 22 Jan 27 13:08 /usr/bin/iobroker -> /opt/iobroker/iobroker
root@iobroker:/opt/iobroker# ls -la /opt/iobroker/iobroker
-rwxr-xr-x 1 iobroker iobroker 297 Jan 29 19:27 /opt/iobroker/iobroker
root@iobroker:/opt/iobroker# 

die Id von IOBroker im Container ist

root@iobroker:/opt/iobroker# id iobroker
uid=1000(iobroker) gid=1000(iobroker) groups=1000(iobroker),5(tty),20(dialout),29(audio)

da ich /opt/iobroker rausmounte habe ich mir mal die Rechte unter dem Mountpfad angeschaut, also auf dem Host selbst, dort steht

pi@raspi:/mnt/SamsungSSD120GB/DockerVolumes/IOBroker/opt/iobroker $ ls -la
-rwxr-xr-x   1 pi pi    297 Jan 29 19:27 iobroker

die ID von pi ist

pi@raspi:~ $ id
uid=1000(pi) gid=1000(pi) Gruppen=1000(pi),4(adm),20(dialout),24(cdrom),27(sudo),29(audio),44(video),46(plugdev),60(games),100(users),105(input),109(netdev),995(docker),997(gpio),998(i2c),999(spi)

das komplette Log

pi@raspi:~/Docker/IOBroker $ docker container logs -f IOBroker 

------------------------------------------------------------
---------------     2020-01-29 19:27:10      ---------------
------------------------------------------------------------

------------------------------------------------------------
-----       Welcome to your ioBroker-container!        -----
-----          Startupscript is now running.           -----
-----                Please be patient!                -----
------------------------------------------------------------

------------------------------------------------------------
-----              Debugging information               -----
-----                                                  -----
-----                      System                      -----
-----               arch:      armv7l                  -----
-----                                                  -----
-----                     Versions                     -----
-----               image:     v4.1.0                  -----
-----               node:      v10.18.1                -----
-----               npm:       6.13.4                  -----
-----                                                  -----
-----                       ENV                        -----
-----               ADMINPORT: 8081                    -----
-----               AVAHI:     false                   -----
-----               PACKAGES:  vim                    net-tools  nfs-common             cifs-utils                         -----
-----               REDIS:     false                   -----
-----               SETGID:    1000                    -----
-----               SETUID:    1000                    -----
-----               USBDEVICES: none                    -----
-----               ZWAVE:     false                   -----
------------------------------------------------------------

------------------------------------------------------------
-----         Step 1 of 5: Preparing container         -----
------------------------------------------------------------

Installing additional packages is set by ENV.
The following packages will be installed: vim net-tools nfs-common cifs-utils...
Done.

There are no changes in UID/ GID needed.

------------------------------------------------------------
-----   Step 2 of 5: Detecting ioBroker installation   -----
------------------------------------------------------------

Existing installation of ioBroker detected in /opt/iobroker.

------------------------------------------------------------
-----   Step 3 of 5: Checking ioBroker installation    -----
------------------------------------------------------------

(Re)Setting folder permissions (This might take a while! Please be patient!)...
Done.

Fixing "sudo-bug" by replacing sudo in iobroker with gosu...
Done.

/opt/scripts/iobroker_startup.sh: line 169: /usr/bin/iobroker: Permission denied
/opt/scripts/iobroker_startup.sh: line 169: [: !=: unary operator expected
------------------------------------------------------------
-----      Step 4 of 5: Applying special settings      -----
------------------------------------------------------------

Some adapters have special requirements/ settings which can be activated by the use of environment variables.
For more information take a look at readme.md on Github!

/opt/scripts/iobroker_startup.sh: line 192: /usr/bin/iobroker: Permission denied
/opt/scripts/iobroker_startup.sh: line 192: [: 8081: unary operator expected
------------------------------------------------------------
-----          Step 5 of 5: ioBroker startup           -----
------------------------------------------------------------

Starting ioBroker...

host.iobroker.docker check instance "system.adapter.admin.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.discovery.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.info.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.tr-064.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.ping.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.web.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.fritzdect.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.statistics.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.feiertage.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.fullcalendar.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.history.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.nut.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.email.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.schoolfree.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.iqontrol.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.backitup.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.countdown.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.scenes.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.spotify-premium.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.pollenflug.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.dwd.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.daswetter.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-colorpicker.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-canvas-gauges.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-bars.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-fancyswitch.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-hqwidgets.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-metro.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-timeandweather.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-google-fonts.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-history.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-rgraph.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.vis-weather.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.javascript.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.node-red.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.systeminfo.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.pushover.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.simple-api.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.influxdb.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.moma.0" for host "iobroker.docker"
host.iobroker.docker check instance "system.adapter.rpi2.0" for host "iobroker.docker"
cat: /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq: Permission denied

gerne helfe ich mit mehr Infos weiter ..

buanet commented 4 years ago

Hallo, ich würde gerne mal wissen an welchem Kommando er sich da verschluckt. Hatte die Tage schonmal einen ähnlichen Fall, auch ein Raspberry. Konnte es aber noch nicht nachstellen.

Kannst du mal folgendes in der Kommandozeile des Containers ausprobieren?

Zuerst: iobroker object get system.adapter.admin.0 --pretty | grep -oP '(?<="host": ")[^"]*'

Alternativ nur iobroker object get system.adapter.admin.0 --pretty

Falls du Lust und Zeit hast, kannst du auch mal einen Container aufsetzen in dem du der ENV eine andere UID un GID mit gibst. Vielleicht 1099 oder so... Kommt der Fehler dann auch?

MfG, André

Springjunky commented 4 years ago

Der verschluckt sich nicht an einem Befehl, es fehlen irgendwie Rechte .....

Wie man in der Ausgabe sieht ... mache ich bash iobroker ... anstatt nur iobroker funktioniert es

pi@raspi:~ $ docker container exec -it IOBroker /bin/bash
root@iobroker:/opt/iobroker# iobroker object get system.adapter.admin.0 --pretty | grep -oP '(?<="host": ")[^"]*'
bash: /usr/bin/iobroker: Permission denied
root@iobroker:/opt/iobroker# iobroker object get system.adapter.admin.0 --pretty
bash: /usr/bin/iobroker: Permission denied
root@iobroker:/opt/iobroker# 
root@iobroker:/opt/iobroker# 
root@iobroker:/opt/iobroker# 
root@iobroker:/opt/iobroker# bash iobroker object get system.adapter.admin.0 --pretty
{
  "_id": "system.adapter.admin.0",
  "type": "instance",
  "common": {
    "name": "admin",
...

Experimente

anderer Ort

kopiere ich iobroker innerhalb des Containers nach /tmp geht es

bash davor

Ich habe im Container in der Zeile 169 des /opt/scripts/iobroker_startup.sh ein bash vor den iobroker Befehl gesetzt der Part sieht nun so aus

set -x 
# Checking for first run of a new installation and renaming ioBroker
if [ -f /opt/iobroker/.install_host ]
then
  echo "Looks like this is a new and empty installation of ioBroker."
  echo "Hostname needs to be updated to " $(hostname)"..."
    sh /opt/iobroker/iobroker host $(cat /opt/iobroker/.install_host)
    rm -f /opt/iobroker/.install_host
  echo 'Done.'
  echo ' '
elif [ $(bash iobroker object get system.adapter.admin.0 --pretty | grep -oP '(?<="host": ")[^"]*') != $(hostname) ]
then
  echo "Hostname in ioBroker does not match the hostname of this container."
  echo "Updating hostname to " $(hostname)"..."
    sh /opt/iobroker/iobroker host $(iobroker object get system.adapter.admin.0 --pretty | grep -oP '(?<="host": ")[^"]*')
  echo 'Done.'
  echo ' '
fi
set +x

durch das set -x hatte ich folgende Ausgabe beim Start .. also alles OK :-) auch der Hostname wird dann korrekt ermittelt.

Fixing "sudo-bug" by replacing sudo in iobroker with gosu...
Done.

+ '[' -f /opt/iobroker/.install_host ']'
++ bash iobroker object get system.adapter.admin.0 --pretty
++ grep -oP '(?<="host": ")[^"]*'
++ hostname
+ '[' iobroker.docker '!=' iobroker.docker ']'
+ set +x
------------------------------------------------------------
-----      Step 4 of 5: Applying special settings      -----
------------------------------------------------------------

andere UID / GID

Auch eine andere UID GUID bringt leider nichts

pi@raspi:~ $ docker container logs -f IOBroker 

------------------------------------------------------------
---------------     2020-02-01 08:29:46      ---------------
------------------------------------------------------------

------------------------------------------------------------
-----       Welcome to your ioBroker-container!        -----
-----          Startupscript is now running.           -----
-----                Please be patient!                -----
------------------------------------------------------------

------------------------------------------------------------
-----              Debugging information               -----
-----                                                  -----
-----                      System                      -----
-----               arch:      armv7l                  -----
-----                                                  -----
-----                     Versions                     -----
-----               image:     v4.1.0                  -----
-----               node:      v10.18.1                -----
-----               npm:       6.13.4                  -----
-----                                                  -----
-----                       ENV                        -----
-----               ADMINPORT: 8081                    -----
-----               AVAHI:     false                   -----
-----               PACKAGES:  vim                    net-tools  nfs-common             cifs-utils                         -----
-----               REDIS:     false                   -----
-----               SETGID:    1099                    -----
-----               SETUID:    1099                    -----
-----               USBDEVICES: none                    -----
-----               ZWAVE:     false                   -----
------------------------------------------------------------

------------------------------------------------------------
-----         Step 1 of 5: Preparing container         -----
------------------------------------------------------------

Installing additional packages is set by ENV.
The following packages will be installed: vim net-tools nfs-common cifs-utils...
Done.

Different UID and/ or GID is set by ENV.
Changing UID to 1099 and GID to 1099...
Done.

------------------------------------------------------------
-----   Step 2 of 5: Detecting ioBroker installation   -----
------------------------------------------------------------

Existing installation of ioBroker detected in /opt/iobroker.

------------------------------------------------------------
-----   Step 3 of 5: Checking ioBroker installation    -----
------------------------------------------------------------

(Re)Setting folder permissions (This might take a while! Please be patient!)...
Done.

Fixing "sudo-bug" by replacing sudo in iobroker with gosu...
Done.

/opt/scripts/iobroker_startup.sh: line 169: /usr/bin/iobroker: Permission denied
/opt/scripts/iobroker_startup.sh: line 169: [: !=: unary operator expected
buanet commented 4 years ago

Hi, kannst du mal die neue Beta (v4.1.2beta) testen? Build läuft gerade, sollte in ein paar Minuten durch sein. :) Habe mal den Entrypoint im Dockerfile angepasst. Mich macht ein bisschen stutzig, dass es bei dir mit bash geht... Eigentlich sollte das Script so oder so als bash laufen. Jetzt rufe ich es explizit nochmal mit bash auf. Vielleicht hilft das ja schon.

MfG, André

Springjunky commented 4 years ago

leider der gleiche Fehler

IOBroker    |  
IOBroker    | ------------------------------------------------------------
IOBroker    | ---------------     2020-02-03 18:58:15      ---------------
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | ------------------------------------------------------------
IOBroker    | -----       Welcome to your ioBroker-container!        -----
IOBroker    | -----          Startupscript is now running.           -----
IOBroker    | -----                Please be patient!                -----
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | ------------------------------------------------------------
IOBroker    | -----              Debugging information               -----
IOBroker    | -----                                                  -----
IOBroker    | -----                      System                      -----
IOBroker    | -----               arch:      armv7l                  -----
IOBroker    | -----                                                  -----
IOBroker    | -----                     Versions                     -----
IOBroker    | -----               image:     v4.1.1beta              -----
IOBroker    | -----               node:      v10.18.1                -----
IOBroker    | -----               npm:       6.13.4                  -----
IOBroker    | -----                                                  -----
IOBroker    | -----                       ENV                        -----
IOBroker    | -----               ADMINPORT: 8081                    -----
IOBroker    | -----               AVAHI:     false                   -----
IOBroker    | -----               PACKAGES:  vim                    net-tools  nfs-common             cifs-utils                         -----
IOBroker    | -----               REDIS:     false                   -----
IOBroker    | -----               SETGID:    1000                    -----
IOBroker    | -----               SETUID:    1000                    -----
IOBroker    | -----               USBDEVICES: none                    -----
IOBroker    | -----               ZWAVE:     false                   -----
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | ------------------------------------------------------------
IOBroker    | -----         Step 1 of 5: Preparing container         -----
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | Installing additional packages is set by ENV.
IOBroker    | The following packages will be installed: vim net-tools nfs-common cifs-utils...
IOBroker    | Done.
IOBroker    |  
IOBroker    | There are no changes in UID/ GID needed.
IOBroker    |  
IOBroker    | ------------------------------------------------------------
IOBroker    | -----   Step 2 of 5: Detecting ioBroker installation   -----
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | Existing installation of ioBroker detected in /opt/iobroker.
IOBroker    |  
IOBroker    | ------------------------------------------------------------
IOBroker    | -----   Step 3 of 5: Checking ioBroker installation    -----
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | (Re)Setting folder permissions (This might take a while! Please be patient!)...
IOBroker    | Done.
IOBroker    |  
IOBroker    | Fixing "sudo-bug" by replacing sudo in iobroker with gosu...
IOBroker    | Done.
IOBroker    |  
IOBroker    | /opt/scripts/iobroker_startup.sh: line 169: /usr/bin/iobroker: Permission denied
IOBroker    | /opt/scripts/iobroker_startup.sh: line 169: [: !=: unary operator expected
IOBroker    | ------------------------------------------------------------
IOBroker    | -----      Step 4 of 5: Applying special settings      -----
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | Some adapters have special requirements/ settings which can be activated by the use of environment variables.
IOBroker    | For more information take a look at readme.md on Github!
IOBroker    |  
IOBroker    | /opt/scripts/iobroker_startup.sh: line 192: /usr/bin/iobroker: Permission denied
IOBroker    | /opt/scripts/iobroker_startup.sh: line 192: [: 8081: unary operator expected
IOBroker    | ------------------------------------------------------------
IOBroker    | -----          Step 5 of 5: ioBroker startup           -----
IOBroker    | ------------------------------------------------------------
IOBroker    |  
IOBroker    | Starting ioBroker...
IOBroker    |  
Springjunky commented 4 years ago

also setze ich bash vor iobroker läuft es und liefert auch das gewünschte Ergebnis .. wäre das nicht eine Lösung ?

Springjunky commented 4 years ago

Ich denke, ich habe es

/opt/iobroker liegt auf der gemounteten SSD und diese ist mit noexec gemounted

/dev/sda1 on /mnt/SamsungSSD120GB type ext4 (rw,nosuid,nodev,noexec,noatime,stripe=8191)

Das gleiche Verhalten habe ich auch bei anderen Docker-Container, auf reingemounteten Verzeichnissen der SSD bekomme ich immer "permission denied".

Leider hat ein kurzer Versuch in der fstab mit den Options

auto,nofail,noatime,users,rw,exec 0 0

dafür gesorgt, das der Pi nicht mehr gestartet hat .... da passe ich denn mal.

Vielleicht kann man es damit nachvollziehen ...

Nachtrag ...

ich habe die SSD grad mal on the fly remounted mit

sudo mount -o remount,exec /mnt/SamsungSSD120GB

und den Container neu gestartet => Fehler weg.

Die "Gegenprobe" also den Mount wieder mit noexec => Fehler wieder da.

Wer könnte mir nun die Mount-Options für die fstab liefern ;-)

buanet commented 4 years ago

...da war ich aber auch nicht ganz auf der Höhe, obwohl das noch gar nicht so lange her ist... bei "noexec" hat's dann aber doch noch klick gemacht... sorry

Just for documentation, this message I recived from @Surfer2010 :

Hi, i solved my "issue" before (i posted on your github) ... the reason is as simple as hard to find ... i tracked it down to permission issues as you also said, but ... my folder / the drive it was on, was mounted as "noexec" in the fstab ... that was the reason the container couldn't write all the files ....

Originally posted by @buanet in https://github.com/buanet/docker-iobroker/issues/28#issuecomment-505725906

Was mich aber weiterhin gerade noch beschäftigt ist, dass es wohl trotzdem geht, wenn man "bash" vor dem iobroker-command hat. Allerdings würde ich das ungern als Fix einbauen weil ich damit rechne, dass man dann ggf. in den Fehler läuft wenn man ioBroker über die Kommandozeile bedient oder ähnliches. Würde eher dazu plädieren den Mountpoint entsprechend zu konfigurieren.

Leider hat ein kurzer Versuch in der fstab mit den Options

auto,nofail,noatime,users,rw,exec 0 0

dafür gesorgt, das der Pi nicht mehr gestartet hat .... da passe ich denn mal.

müsste da nicht anstatt users eher user rein?

MfG, André

Springjunky commented 4 years ago

...da war ich aber auch nicht ganz auf der Höhe, obwohl das noch gar nicht so lange her ist... bei "noexec" hat's dann aber doch noch klick gemacht... sorry

Also ich bin froh, das die Ursache nun gefunden ist :-) hier gibt es nichts zu entschuldigen .. alles ist hier freiwillig und ich bin froh, das sich einer die Mühe macht, so einen Container zu bauen.

Vielleicht wäre das etwas für den Troubleshooting-Part im Readme ..