search

ome / omero-server-docker

OMERO.server production docker image
https://hub.docker.com/r/openmicroscopy/omero-server/
BSD 2-Clause "Simplified" License
12 stars 26 forks source link

Document use of bind mounts #58

Open markovendelin opened 3 years ago

markovendelin commented 3 years ago

I have trouble with the use of bind mounts when using omero-server-docker. At the same time, with named volumes, all works as it should.

With the bind mounts, the server starts but does not allow to import images as if the data is read-only. Test was done by making a copy of working named volume solution into another location on the host.

Used start command:

docker run -d --name omero-server --restart unless-stopped --env-file omero.config.env \
  -v /var/lib/docker-data/omero/data:/OMERO -p 4063:4063 -p 4064:4064 omero-server

Corresponding working solution with named volume:

docker run -d --name omero-server --restart unless-stopped --env-file omero.config.env \
  -v omero-data:/OMERO -p 4063:4063 -p 4064:4064 omero-server

When checking permissions inside /OMERO, all seem to be the same.

Docker inspect returns

Not working bind mount

            {
                "Type": "bind",
                "Source": "/var/lib/docker-data/omero/data",
                "Destination": "/OMERO",
                "Mode": "z",
                "RW": true,
                "Propagation": "rslave"
            },

Working named volume:

            {
                "Type": "volume",
                "Name": "omero-data",
                "Source": "/var/lib/docker/volumes/omero-data/_data",
                "Destination": "/OMERO",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            },

Not sure how to debug it further.

joshmoore commented 3 years ago

Hi @markovendelin,

What are the permissions on the two directories?

?

You might try mounting parent directories (even /var/lib) read-only and investigating, both as root in the container but also as user id 1000 which is what OMERO runs as.

markovendelin commented 3 years ago

Hi @joshmoore,

that's what is odd - permissions and UID is the same when viewed from inside the container:

> ls -l /
drwxr-xr-x  11 omero-server root    11 May 25 06:39 OMERO
-rw-r--r--   1 root         root 12114 Nov 13  2020 anaconda-post.log

Same was checked inside /OMERO in the container.

Permissions and IDs were the same on the host for those directories.

Let me ask if you have managed to run OMERO server using bind mounts or only named volumes?

markovendelin commented 3 years ago

PS: maybe there is a difference. Let me check again

joshmoore commented 3 years ago

Let me check again

:+1: (Otherwise, I'd ask about selinux :wink:)

Let me ask if you have managed to run OMERO server using bind mounts or only named volumes?

We've definitely run with bind mounts.

markovendelin commented 3 years ago

Yes, issue was that the _data folder itself was not owned by user ID 1000. Should have spotted it myself, tbh.

I think it would make sense to add a note regarding ownership of the folders in case if someone runs into it as well. Corresponding folders are (with numerical IDs)

drwxr-xr-x 11 1000   0 11 May 25 11:39 data
drwxr-xr-x  5 1000 997  5 May 25 11:38 var
joshmoore commented 3 years ago

Thanks for letting us know, @markovendelin. I'll leave this open for the README update. (Feel free to suggest text if you have any strong opinions)