Closed thalesmaoa closed 1 year ago
The uid inside the container for the node-red user is 1000 and this maps correctly on to a mounted volume.
I have pulled the latest and it is still definitely 1000, this can be proved by running
docker exec it <name of running container> id
e.g.
hardillb@x-wing:~/temp/nr$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
87774931f0f9 nodered/node-red "./entrypoint.sh" 5 minutes ago Up 5 minutes (healthy) 1880/tcp, 0.0.0.0:18830->1883/tcp, :::18830->1883/tcp epic_robinson
hardillb@x-wing:~/temp/nr$ docker exec -it epic_robinson id
uid=1000(node-red) gid=1000(node-red) groups=1000(node-red)
hardillb@x-wing:~/temp/nr$
I suspect there is something different about your environment.
/data
Indeed, something is really odd.
Following your steps, I get the same results. Can you try mine?
Performing as you presented:
$ docker pull nodered/node-red:latest
latest: Pulling from nodered/node-red
Digest: sha256:524316b9b84cb5bbfe006c117f3dad31ee806804b12e4b866047a65e2080e92d
Status: Image is up to date for nodered/node-red:latest
docker.io/nodered/node-red:latest
$ docker --version
Docker version 20.10.23, build 7155243
$ uname -a
Linux greenrock 5.15.84-v7+ #1613 SMP Thu Jan 5 11:59:48 GMT 2023 armv7l GNU/Linux
$ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 11 (bullseye)"
NAME="Raspbian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
$ docker run -d nodered/node-red
736ef607acf8339a1693df1c9d790eb5e1b7bc59b6f5e4b3d17736f2daffcf41
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
736ef607acf8 nodered/node-red "./entrypoint.sh" 35 seconds ago Up 34 seconds (healthy) 1880/tcp recursing_torvalds
$ docker exec -it recursing_torvalds id
uid=1000(node-red) gid=1000(node-red) groups=1000(node-red)
Steps to reach my result:
$ pwd
/home/thales/docker/nodered
$ ls -n
total 4
drwxr-xr-x 3 1000 1000 4096 jan 25 22:20 data
$ docker run -it -p 1880:1880 --name nodered -v /home/thales/docker/nodered/data:/data nodered/node-red
node:internal/fs/utils:345
throw err;
^
Error: EACCES: permission denied, copyfile '/usr/src/node-red/node_modules/node-red/settings.js' -> '/data/settings.js'
at Object.copyFileSync (node:fs:2817:3)
at copyFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:73:6)
at onFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:59:25)
at getStats (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:51:44)
at handleFilterAndCopy (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:36:10)
at Object.copySync (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:29:10)
at Object.<anonymous> (/usr/src/node-red/node_modules/node-red/red.js:129:20)
at Module._compile (node:internal/modules/cjs/loader:1105:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
at Module.load (node:internal/modules/cjs/loader:981:32) {
errno: -13,
syscall: 'copyfile',
code: 'EACCES',
path: '/usr/src/node-red/node_modules/node-red/settings.js',
dest: '/data/settings.js'
}
It seems that
--volume fullpath:/data
Is the source of problem.
did it solve it? I have the same problem...
No. If you follow the last line of wiki, the problem arise. Full path is the problem. Use docker volume doesn't through the error.
I had mounted a local directory for my test last night and did not see the problem.
I am looking for a Bullseyes build of Raspberry Pi to test on, but nothing has changed in the containers for many years.
@MinChoul0 Please supply the details I asked for earlier about the environment you are seeing the problem in so we can see if there are any common factors.
I suspect a change in the behaviour of docker, but until we can reliably reproduce this or see a common thread then we don't have enough information to pin it down.
pi@cluster:~ $ mkdir -p temp/data
pi@cluster:~ $ sudo chown 1000:1000 temp/data
pi@cluster:~ $ docker run -d -v /home/pi/temp/data:/data -p 1880:1880 nodered/node-red
2b1e870cabcb26ffb7abae3ac309fc00a23107811bcd4741cd67a91217375a25
pi@cluster:~ $ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b1e870cabcb nodered/node-red "./entrypoint.sh" 17 seconds ago Up 12 seconds (health: starting) 0.0.0.0:1880->1880/tcp quirky_shaw
5b5136863716 smallstep/step-ca "/bin/bash /entrypoi…" 7 weeks ago Up 7 weeks (unhealthy) 0.0.0.0:9000->9000/tcp step-ca
069f183360d3 ghcr.io/helm/chartmuseum:v0.15.0 "/chartmuseum" 2 months ago Up 8 weeks 0.0.0.0:8095->8095/tcp chartmuseum
39be6cbba294 docker-registry-ui "/docker-entrypoint.…" 2 months ago Up 8 weeks 80/tcp, 0.0.0.0:8080->8080/tcp docker-ui
a72eaf71533f registry "/entrypoint.sh /etc…" 2 months ago Up 7 weeks 0.0.0.0:5000->5000/tcp registry
pi@cluster:~ $ docker exec -it quirky_shaw id
uid=1000(node-red) gid=1000(node-red)
pi@cluster:~ $ ls -lh temp/data
total 36K
drwxr-xr-x 3 pi pi 4.0K Jan 26 13:38 lib
drwxr-xr-x 2 pi pi 4.0K Jan 26 13:38 node_modules
-rw-r--r-- 1 pi pi 120 Jan 26 13:38 package.json
-rw-r--r-- 1 pi pi 23K Jan 26 13:38 settings.js
pi@cluster:~ $ ls -lnh temp/data
total 36K
drwxr-xr-x 3 1000 1000 4.0K Jan 26 13:38 lib
drwxr-xr-x 2 1000 1000 4.0K Jan 26 13:38 node_modules
-rw-r--r-- 1 1000 1000 120 Jan 26 13:38 package.json
-rw-r--r-- 1 1000 1000 23K Jan 26 13:38 settings.js
pi@cluster:~ $ docker --version
Docker version 20.10.5+dfsg1, build 55c4c88
Still can't reproduce this on RPiOS Bullseye
@thalesmaoa what is the numerical uid of your user on the pi (output of id
)
Here is the output:
$ id
uid=1000(thales) gid=1000(thales) grupos=1000(thales),4(adm),20(dialout),24(cdrom),27(sudo),29(audio),44(video),46(plugdev),60(games),100(users),104(input),106(render),108(netdev),117(lpadmin),995(docker),997(gpio),998(i2c),999(spi)
If I run the same command as yours, I get different results:
thales@greenrock:~ $ mkdir -p temp/data
thales@greenrock:~ $ sudo chown 1000:1000 temp/data
thales@greenrock:~ $ docker run -it --rm -v /home/thales/temp/data:/data -p 1881:1880 nodered/node-red
node:internal/fs/utils:345
throw err;
^
Error: EACCES: permission denied, copyfile '/usr/src/node-red/node_modules/node-red/settings.js' -> '/data/settings.js'
at Object.copyFileSync (node:fs:2817:3)
at copyFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:73:6)
at onFile (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:59:25)
at getStats (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:51:44)
at handleFilterAndCopy (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:36:10)
at Object.copySync (/usr/src/node-red/node_modules/fs-extra/lib/copy/copy-sync.js:29:10)
at Object.<anonymous> (/usr/src/node-red/node_modules/node-red/red.js:129:20)
at Module._compile (node:internal/modules/cjs/loader:1105:14)
at Object.Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
at Module.load (node:internal/modules/cjs/loader:981:32) {
errno: -13,
syscall: 'copyfile',
code: 'EACCES',
path: '/usr/src/node-red/node_modules/node-red/settings.js',
dest: '/data/settings.js'
}
Is it poossible that, during container creation, it is trying to cp
folder content before it finishes to chown /data
?
# Add node-red user so we aren't running as root.
RUN useradd --home-dir /usr/src/node-red --no-create-home node-red \
&& chown -R node-red:node-red /data \
&& chown -R node-red:node-red /usr/src/node-red
I couldn't find docker file in the main branch. Any suggestion to debug it? Is there a way to add a sleep in between?
You are probably correct, it doesn't happen when using root
user:
$ sudo docker run -it -v /home/thales/docker/nodered/data:/data -p 1881:1880 nodered/node-red
The commands in the dockerfile are executed at build time not at run time, they just produce the filesystem within the container before it is run.
There is no possibility of a race condition here.
The only remaining difference is the docker version, you are on a slightly newer version by the look (20.10.23, build 7155243 vs 20.10.5+dfsg1, build 55c4c88)
But if this the cause of the problem then it is a bug in docker
The Dockerfile for the standard shipped containers is here https://github.com/node-red/node-red-docker/blob/master/.docker/Dockerfile.alpine
How did you install docker? Did you use the pre-packaged version in the raspberry pi os repo or direct from Docker?
Are you running docker desktop?
This issue appears to be releated: https://github.com/docker/desktop-linux/issues/31
I am running Docker CE not Docker Desktop which could explain the difference
You gave me a perfect hint.
I've installed using:
curl -sSL https://get.docker.com | sh
After that (https://docs.docker.com/engine/security/rootless/):
dockerd-rootless-setuptool.sh uninstall
But, there is a short note after nstallation:
export PATH=/home/jack/bin:$PATH
Some applications may require the following environment variable too: <-- It seems to be the case of this docker container.
export DOCKER_HOST=unix:///run/user/1000/docker.sock
And here is the sad part.
I'm used to install docker, and I've used this rootless script without noticing. I've just erase it. Added my user to docker group, and everything seems to work.
Your help was crucial to understand it. Thank you!
According to the wiki, user id
1000
and group id1000
is applicable to all Node-RED Docker images.However, latest uses
100999
.