Persistant volume issues

[LWDArjan]

I am trying to get the docker image to run on RHEL8.1 with podman as this has replaced docker and I am running into issues getting a persistent data volume. SELinux is disabled /sql is a dedicated disk (lvm with xfs fs)

podman run -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=****' -p 1405:1433 -v /sql/sql1/data:/var/opt/mssql/data -v /sql/sql1/log:/var/opt/mssql/log -v /sql/sql1/secrets:/var/opt/mssql/secrets mcr.microsoft.com/mssql/server:2019-latest SQL Server 2019 will run as non-root by default. This container is running as user mssql. To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216. 2020-02-04 14:21:08.43 Server Setup step is copying system data file 'C:\templatedata\master.mdf' to '/var/opt/mssql/data/master.mdf'. 2020-02-04 14:21:08.47 Server ERROR: Setup FAILED copying system data file 'C:\templatedata\master.mdf' to '/var/opt/mssql/data/master.mdf': 2(The system cannot find the file specified.) ERROR: BootstrapSystemDataDirectories() failure (HRESULT 0x80070002)

[root@

it works fine without any -v options but I want it to have its own dedicated disk.

[croblesm]

I think the problem is the type of volume you are trying to use with SQL Server. When using a known path from your host machine that is not mapped to an actual volume in your container platform it will act as a bind volume.

I will suggest to pre-stage the volumes with Podman first, then create your container as follows:

podman run \
-e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=****' \
-p 1405:1433 \
-v vlm_Data:/var/opt/mssql/data \
-v vlm_Log:/var/opt/mssql/log \
-v vlm_Secrets:/var/opt/mssql/secrets \
mcr.microsoft.com/mssql/server:2019-latest

Regards.

[839928622]

I face same situation. any workaround ?

[antheus-s]

I can't believe how hard it is to setup a container with 2019-latest and that it still causes this many issues..

[OmegaZero]

I think the problem is the type of volume you are trying to use with SQL Server. When using a known path from your host machine that is not mapped to an actual volume in your container platform it will act as a bind volume.

I will suggest to pre-stage the volumes with Podman first, then create your container as follows:

podman run \
-e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=****' \
-p 1405:1433 \
-v vlm_Data:/var/opt/mssql/data \
-v vlm_Log:/var/opt/mssql/log \
-v vlm_Secrets:/var/opt/mssql/secrets \
mcr.microsoft.com/mssql/server:2019-latest

Regards.

Problem is that this means that all volumes have to be in the podman volume directory. If you want them to be in a different location (i.e. /sql/data) then you can create the docker volume:

podman volume create <volume name> --opt type=none --opt device=<path to volume> --opt o=bind

but you can't start the container or you will get this error:

Error: error mounting volume mssql_2019_data for container e99f0c3110603d024ebc072f53a615c13ab28adcdd45ce8b4b14f10644139ef9: cannot mount volumes without root privileges: operation requires root privileges

I have been trying to mess with SQL on containers running as non-root for two weeks and have not been able to get persistent volumes working when running as non-root WITHOUT make the default group for the user 0. For instance, the below works, but the user is in the root group (my company will not allow this). I have not found a way to get around this - it may not even be possible without some sort of change in how the container works.

################## Works but with root group 0 ######################
#### Create account for container to run as
# uid and username can be different, but group MUST be 0 according to everything I've read from MS
$ username='mssql'
$ sudo useradd -m -s /bin/bash -u 10001 -g 0 $username
$ sudo passwd $username

#### Set up directories for mssql
$ instance='2022'
$ sudo mkdir -p -m 770 /sql/$instance/data /sql/$instance/log /sql/$instance/mssql /sql/$instance/secrets
$ sudo chown -R $(id -u $username):0 /sql/$instance

#### Setup for container
$ sudo -s -H -u $username
# get an error starting the container if you don't do this AND you su/sudo in.  If you don't want to do it just ssh into the user
$ loginctl enable-linger $(id -u $USER)
$ podman image pull mcr.microsoft.com/mssql/server:2022-latest

#### Run MSSQL Container
$ instance='2022'
$ podman run -p 1433:1433 --name mssql_$instance -u $(id -u $USER):0 -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=Password1!" -e "MSSQL_AGENT_ENABLED=True" -v /sql/$instance/data:/var/opt/mssql/data -v /sql/$instance/log:/var/opt/mssql/log -v /sql/$instance/secrets:/var/opt/mssql/secrets -v /sql/$instance/mssql:/var/opt/mssql -d mcr.microsoft.com/mssql/server:2022-latest

ls -lar /sql/2022/data
total 88336
-rw-r----- 1       306608 root  8388608 Feb 16 16:46 templog.ldf
-rw-r----- 1       306608 root  8388608 Feb 16 16:45 tempdb.mdf
-rw-r----- 1       306608 root  8388608 Feb 16 16:46 tempdb2.ndf
-rw-r----- 1       306608 root  1310720 Feb 16 16:46 msdblog.ldf
-rw-r----- 1       306608 root 16056320 Feb 16 16:46 msdbdata.mdf
-rw-r----- 1       306608 root  4915200 Feb 16 16:46 model_replicatedmaster.mdf
-rw-r----- 1       306608 root  1835008 Feb 16 16:46 model_replicatedmaster.ldf
-rw-r----- 1       306608 root  1310720 Feb 16 16:45 model_msdblog.ldf
-rw-r----- 1       306608 root 16056320 Feb 16 16:45 model_msdbdata.mdf
-rw-r----- 1       306608 root  8388608 Feb 16 16:45 model.mdf
-rw-r----- 1       306608 root  8388608 Feb 16 16:45 modellog.ldf
-rw-r----- 1       306608 root  2097152 Feb 16 16:46 mastlog.ldf
-rw-r----- 1       306608 root  4915200 Feb 16 16:46 master.mdf
-rw-r----- 1       306608 root      256 Feb 16 16:45 Entropy.bin

But if you do the exact same thing and the user is not group 0 then it won't start

id mssql_2022_nr
uid=10020(mssql_2022_nr) gid=10020(mssql_2022_nr) groups=10020(mssql_2022_nr)

SQL Server 2022 will run as non-root by default.
This container is running as user 10020.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
/opt/mssql/bin/sqlservr: Error: The system directory [/.system] could not be created. File: LinuxDirectory.cpp:420 [Status: 0xC0000022 Access Denied errno = 0xD(13) Permission denied]