Permission errors when using podman compose

[kevin07042002]

Problem

When podman compose + podman is used instead of docker compose and docker the application doesn't start properly.

[solr]         | Executing /opt/solr/docker/scripts/solr-precreate openlibrary /opt/solr/server/solr/configsets/olconfig
[solr]         | Executing /opt/solr/docker/scripts/precreate-core openlibrary /opt/solr/server/solr/configsets/olconfig
[solr]         | Core openlibrary already exists
[solr]         | Starting Solr
[solr]         | *** [WARN] ***  Your Max Processes Limit is currently 62836. 
[solr]         |  It should be set to 65000 to avoid operational disruption. 
[solr]         |  If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to false in your profile or solr.in.sh
[solr]         | Java 17 detected. Enabled workaround for SOLR-16463
[solr]         | [0.001s][warning][pagesize] UseLargePages disabled, no large pages configured and available on the system.
[home]         | /bin/bash: /openlibrary/docker/ol-home-start.sh: Permission denied
[solr]         | CompileCommand: exclude com/github/benmanes/caffeine/cache/BoundedLocalCache.put bool exclude = true
[solr]         | WARNING: A command line option has enabled the Security Manager
[solr]         | WARNING: The Security Manager is deprecated and will be removed in a future release
[db]           | The files belonging to this database system will be owned by user "postgres".
[db]           | This user must also own the server process.
[db]           | 
[db]           | The database cluster will be initialized with locale "en_US.utf8".
[db]           | The default database encoding has accordingly been set to "UTF8".
[db]           | The default text search configuration will be set to "english".
[db]           | 
[db]           | Data page checksums are disabled.
[db]           | 
[db]           | fixing permissions on existing directory /var/lib/postgresql/data ... ok
[db]           | creating subdirectories ... ok
[db]           | selecting default max_connections ... 100
[db]           | selecting default shared_buffers ... 128MB
[covers]       | /bin/bash: /openlibrary/docker/ol-covers-start.sh: Permission denied
[solr]         | ERROR StatusLogger Reconfiguration failed: No configuration found for '1c4af82c' at 'null' in 'null'
[solr-updater] | /bin/bash: /openlibrary/docker/ol-solr-updater-start.sh: Permission denied
[infobase]     | /bin/bash: /openlibrary/docker/ol-infobase-start.sh: Permission denied
[web]          | Error: unable to start container feab6fcd32cd8644739e0a89d60d5e91e172a661bef03e1237f43420ee94fa38: generating dependency graph for container feab6fcd32cd8644739e0a89d60d5e91e172a661bef03e1237f43420ee94fa38: container 99f16f774675a3f668c5b4312d0f5e50cf12530137b0e5778ba623a2eed7f785 depends on container 7739c35040ca9479b21420c40a642a62f372bdcee254e106956ab2236d872621 not found in input list: no such container
[db]           | creating configuration files ... ok
[db]           | creating template1 database in /var/lib/postgresql/data/base/1 ... ok
[db]           | initializing pg_authid ... ok
[db]           | setting password ... ok
[db]           | initializing dependencies ... ok
[db]           | creating system views ... ok
[db]           | loading system objects' descriptions ... ok
[db]           | creating collations ... ok
[db]           | creating conversions ... ok
[db]           | creating dictionaries ... ok
[db]           | setting privileges on built-in objects ... ok
[db]           | creating information schema ... ok
[db]           | loading PL/pgSQL server-side language ... ok
[db]           | vacuuming database template1 ... ok
[db]           | copying template1 to template0 ... ok
[db]           | copying template1 to postgres ... ok
[db]           | syncing data to disk ... ok
[db]           | 
[db]           | Success. You can now start the database server using:
[db]           | 
[db]           |     postgres -D /var/lib/postgresql/data
[db]           | or
[db]           |     pg_ctl -D /var/lib/postgresql/data -l logfile start
[db]           | 
[db]           | 
[db]           | WARNING: enabling "trust" authentication for local connections
[db]           | You can change this by editing pg_hba.conf or using the option -A, or
[db]           | --auth-local and --auth-host, the next time you run initdb.
[db]           | ****************************************************
[db]           | WARNING: No password has been set for the database.
[db]           |          This will allow anyone with access to the
[db]           |          Postgres port to access your database. In
[db]           |          Docker's default configuration, this is
[db]           |          effectively any other container on the same
[db]           |          system.
[db]           | 
[db]           |          Use "-e POSTGRES_PASSWORD=password" to set
[db]           |          it in "docker run".
[db]           | ****************************************************
[db]           | waiting for server to start....LOG:  database system was shut down at 2024-10-11 17:28:13 UTC
[db]           | LOG:  MultiXact member wraparound protections are now enabled
[db]           | LOG:  autovacuum launcher started
[db]           | LOG:  database system is ready to accept connections
[db]           |  done
[db]           | server started
[db]           | 
[db]           | /usr/local/bin/docker-entrypoint.sh: sourcing /docker-entrypoint-initdb.d/ol-db-init.sh
[db]           | /usr/local/bin/docker-entrypoint.sh: line 142: /docker-entrypoint-initdb.d/ol-db-init.sh: Permission denied

Reproducing the bug

1. Go to your workdirectory and execute podman compose up
2. Wait until error occurs

• Expected behavior:
  • application accessible under http://localhost:8080 after podman compose up
• Actual behavior:
  • permission error and application not accessible

Context

• Browser (Chrome, Safari, Firefox, etc): Any
• OS (Windows, Mac, etc): Fedora 39
• Logged in (Y/N): N
• Environment (prod, dev, local): local

Breakdown

Requirements Checklist

• [ ] podman
• [ ] podman-compose

Related files

• /docker-entrypoint-initdb.d/ol-db-init.sh
• compose-files and related files

Stakeholders

---

Instructions for Contributors

• Please run these commands to ensure your repository is up to date before creating a new branch to work on this issue and each time after pushing code to Github, because the pre-commit bot may add commits to your PRs upstream.

[scottbarnes]

@kevin07042002, this is a bit of a puzzling one. I tried to replicate it with podman-compose, and although I got other errors related to indexing Solr and archive.org being down, I didn't get these errors.

Though this is typically a Windows solution, it may be worth trying https://github.com/internetarchive/openlibrary/wiki/Git-Cheat-Sheet#fix-line-endings-symlinks-and-git-submodules-only-for-windows-users-not-using-a-linux-vm. Since you're using Fedora you can ignore the notes about being administrator for the git commands.

Although the permissions errors may be a bit of a red herring, what do they happen to be? Here's what I get:

❯ \ls -l docker/ol-home-start.sh docker/ol-covers-start.sh docker/ol-solr-updater-start.sh docker/ol-infobase-start.sh docker/ol-db-init.sh
-rwxr-xr-x 1 scott scott 128 Mar 14  2024 docker/ol-covers-start.sh
-rwxr-xr-x 1 scott scott 374 Mar 14  2024 docker/ol-db-init.sh
-rwxr-xr-x 1 scott scott 233 Mar 14  2024 docker/ol-home-start.sh
-rwxr-xr-x 1 scott scott  93 Mar 14  2024 docker/ol-infobase-start.sh
-rwxr-xr-x 1 scott scott 583 Sep 13 06:53 docker/ol-solr-updater-start.sh

I don't know why it would help, but if you haven't tried podman-compose build --pull --nocache, that can mysteriously fix things a small proportion of the time.