search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.34k stars 2.38k forks source link

Permission denied (Errno 13) issue with Podman Rootless and docker-compose #13468

Closed cfeltz34 closed 2 years ago

cfeltz34 commented 2 years ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Start Podman with Rootless mode and compose container with docker-compose. --> PermissionError: [Errno 13] Permission denied (File "urllib3/connectionpool.py", line 677, in urlopen) No issue with Rootful mode

Steps to reproduce the issue:

  1. On Redhat 8.5, install "Podman", "docker-compose" and "podman-docker" yum module enable -y container-tools:rhel8 yum module install -y container-tools:rhel8 curl -L "https://github.com/docker/compose/releases/download/1.29.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose yum install -y podman-docker export PATH=/root/bin/:$PATH chmod 777 /var/run/docker.sock

  2. Start Podman with systemctl start podman.socket or podman system service --time=0 & export DOCKER_HOST="unix:/run/podman/podman.sock"

  3. Create "docker-compose.rabbitmq.yml" file ` version: '3.7'

services: rabbitmq: container_name: rclms.rabbitmq image: docker.io/rabbitmq:3.9.13-management environment:

networks: network: `

  1. Execute command : docker-compose -f docker-compose.rabbitmq.yml up -d

Describe the results you received: ` Traceback (most recent call last): File "urllib3/connectionpool.py", line 677, in urlopen File "urllib3/connectionpool.py", line 392, in _make_request File "http/client.py", line 1277, in request File "http/client.py", line 1323, in _send_request File "http/client.py", line 1272, in endheaders File "http/client.py", line 1032, in _send_output File "http/client.py", line 972, in send File "docker/transport/unixconn.py", line 43, in connect PermissionError: [Errno 13] Permission denied

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "requests/adapters.py", line 449, in send File "urllib3/connectionpool.py", line 727, in urlopen File "urllib3/util/retry.py", line 410, in increment File "urllib3/packages/six.py", line 734, in reraise File "urllib3/connectionpool.py", line 677, in urlopen File "urllib3/connectionpool.py", line 392, in _make_request File "http/client.py", line 1277, in request File "http/client.py", line 1323, in _send_request File "http/client.py", line 1272, in endheaders File "http/client.py", line 1032, in _send_output File "http/client.py", line 972, in send File "docker/transport/unixconn.py", line 43, in connect urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "docker/api/client.py", line 214, in _retrieve_server_version File "docker/api/daemon.py", line 181, in version File "docker/utils/decorators.py", line 46, in inner File "docker/api/client.py", line 237, in _get File "requests/sessions.py", line 543, in get File "requests/sessions.py", line 530, in request File "requests/sessions.py", line 643, in send File "requests/adapters.py", line 498, in send requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "docker-compose", line 3, in File "compose/cli/main.py", line 81, in main File "compose/cli/main.py", line 199, in perform_command File "compose/cli/command.py", line 70, in project_from_options File "compose/cli/command.py", line 153, in get_project File "compose/cli/docker_client.py", line 43, in get_client File "compose/cli/docker_client.py", line 170, in docker_client File "docker/api/client.py", line 197, in init File "docker/api/client.py", line 222, in _retrieve_server_version docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied')) [9561] Failed to execute script docker-compose `

Describe the results you expected: Container RabbitMQ should start.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      3.4.2
API Version:  3.4.2
Go Version:   go1.16.7
Built:        Thu Jan 13 11:15:49 2022
OS/Arch:      linux/amd64

Output of docker-compose version:

docker-compose version 1.29.0, build 07737305
docker-py version: 5.0.0
CPython version: 3.7.10
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.32-1.module+el8.5.0+13852+150547f7.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.32, commit: 4b12bce835c3f8acc006a43620dd955a6a73bae0'
  cpus: 2
  distribution:
    distribution: '"rhel"'
    version: "8.5"
  eventLogger: file
  hostname: SMR8-RC-UAT-API
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 4.18.0-348.12.2.el8_5.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 2963107840
  memTotal: 3917393920
  ociRuntime:
    name: runc
    package: runc-1.0.3-1.module+el8.5.0+13556+7f055e70.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.3
      spec: 1.0.2-dev
      go: go1.16.7
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 4257214464
  swapTotal: 4257214464
  uptime: 24m 10.67s
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
store:
  configFile: /home/administrateur/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-1.8-1.module+el8.5.0+13754+92ec836b.x86_64
      Version: |-
        fusermount3 version: 3.2.1
        fuse-overlayfs: version 1.8
        FUSE library version 3.2.1
        using FUSE kernel interface version 7.26
  graphRoot: /home/administrateur/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  volumePath: /home/administrateur/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.2
  Built: 1642068949
  BuiltTime: Thu Jan 13 11:15:49 2022
  GitCommit: ""
  GoVersion: go1.16.7
  OsArch: linux/amd64
  Version: 3.4.2

Package info (e.g. output of rpm -q podman or apt list podman):

podman-3.4.2-9.module+el8.5.0+13852+150547f7.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (Output of hostnamectl): Static hostname: SMR8-RC-UAT-API Icon name: computer-vm Chassis: vm Machine ID: b536df6814e24e8583eca2a68d16d5b0 Boot ID: 2936e5e43879468eb44319471baa5ddc Virtualization: vmware Operating System: Red Hat Enterprise Linux 8.5 (Ootpa) CPE OS Name: cpe:/o:redhat:enterprise_linux:8::baseos Kernel: Linux 4.18.0-348.12.2.el8_5.x86_64 Architecture: x86-64

Additional environment details (Output of hostnamectl): Static hostname: SMR8-RC-UAT-API Icon name: computer-vm Chassis: vm Machine ID: b536df6814e24e8583eca2a68d16d5b0 Boot ID: 2936e5e43879468eb44319471baa5ddc Virtualization: vmware Operating System: Red Hat Enterprise Linux 8.5 (Ootpa) CPE OS Name: cpe:/o:redhat:enterprise_linux:8::baseos Kernel: Linux 4.18.0-348.12.2.el8_5.x86_64 Architecture: x86-64

cfeltz34 commented 2 years ago

Fixed issue by redefining DOCKER_HOST variable : export DOCKER_HOST="unix:$XDG_RUNTIME_DIR/podman/podman.sock"

Pranavbalu commented 2 years ago

I'm having the same issue but redefining the DOCKER host as suggested didn't resolve it. Can someone help?

rhatdan commented 2 years ago

Please open a new issue with all of your information.

QGB commented 1 year ago

docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))