quickstart 5-min fails: permission denied

[sebastian-philipp]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

Hi!

I'm failing to run the 5-min quickstart:

Reproducing the bug (Sqlite)

➜  Repos git clone https://github.com/ory/hydra.git
Klone nach 'hydra'...
remote: Enumerating objects: 51952, done.
remote: Counting objects: 100% (140/140), done.
remote: Compressing objects: 100% (65/65), done.
remote: Total 51952 (delta 77), reused 121 (delta 73), pack-reused 51812
Empfange Objekte: 100% (51952/51952), 115.08 MiB | 11.73 MiB/s, fertig.
Löse Unterschiede auf: 100% (36400/36400), fertig.
➜  Repos cd hydra 
➜  hydra git:(master) docker-compose -f quickstart.yml \
    up --build
Creating network "hydra_intranet" with the default driver
Creating volume "hydra_hydra-sqlite" with default driver
Creating hydra_consent_1       ... done
Creating hydra_hydra-migrate_1 ... done
Creating hydra_hydra_1         ... done
Attaching to hydra_hydra-migrate_1, hydra_consent_1, hydra_hydra_1
consent_1        | 
consent_1        | > hydra-login-consent-logout@0.0.0 serve /usr/src/app
consent_1        | > node lib/app.js
consent_1        | 
hydra-migrate_1  | time=2024-02-09T13:42:41Z level=error msg=Unable to instantiate configuration. audience=application error=map[message:permission denied] service_name=Ory Hydra service_version=v2.2.0-rc.3
hydra-migrate_1  | Error: permission denied
hydra-migrate_1  | permission denied
hydra-migrate_1  | Usage:
hydra-migrate_1  |   hydra migrate sql <database-url> [flags]
hydra-migrate_1  | 
hydra-migrate_1  | Flags:
hydra-migrate_1  |   -h, --help            help for sql
hydra-migrate_1  |   -e, --read-from-env   If set, reads the database connection string from the environment variable DSN or config file key dsn.
hydra-migrate_1  |   -y, --yes             If set all confirmation requests are accepted without user interaction.
hydra-migrate_1  | 
hydra-migrate_1  | Global Flags:
hydra-migrate_1  |   -c, --config strings   Path to one or more .json, .yaml, .yml, .toml config files. Values are loaded in the order provided, meaning that the last config file overwrites values from the previous config file.
hydra-migrate_1  | 
hydra_1          | time=2024-02-09T13:42:42Z level=error msg=Unable to instantiate configuration. audience=application error=map[message:permission denied] service_name=Ory Hydra service_version=v2.2.0-rc.3
hydra_1          | Error: permission denied
hydra_1          | permission denied
hydra_1          | Usage:
hydra_1          |   hydra serve all [flags]
hydra_1          | 
hydra_1          | Flags:
hydra_1          |   -h, --help   help for all
hydra_1          | 
hydra_1          | Global Flags:
hydra_1          |   -c, --config strings   Path to one or more .json, .yaml, .yml, .toml config files. Values are loaded in the order provided, meaning that the last config file overwrites values from the previous config file.
hydra_1          |       --dev              Disables critical security checks to improve local development experience. Do not use in production.
hydra_1          |       --sqa-opt-out      Disable anonymized telemetry reports - for more information please visit https://www.ory.sh/docs/ecosystem/sqa
hydra_1          | 
hydra_hydra-migrate_1 exited with code 255
^CGracefully stopping... (press Ctrl+C again to force)
Stopping hydra_hydra_1         ... done
Stopping hydra_consent_1       ... done
Stopping hydra_hydra-migrate_1 ... done
➜  hydra git:(master) 

Tried to cat the config file from within the container (i.i.

entrypoint: cat /etc/config/hydra/hydra.yml 

) works. Thus it's not a permission error on the yaml file itself. Unfortunately, the error message lacks some details in order for me to solve this myself.

Same Error with Postgres:

➜  hydra git:(master) docker-compose -f quickstart.yml \
    -f quickstart-postgres.yml \
    up --build
hydra_consent_1 is up-to-date
hydra_hydra-migrate_1 is up-to-date
Starting hydra_postgresd_1 ... 
Starting hydra_postgresd_1 ... done
Attaching to hydra_consent_1, hydra_hydra-migrate_1, hydra_hydra_1, hydra_postgresd_1
hydra-migrate_1  | time=2024-02-09T13:54:05Z level=error msg=Unable to instantiate configuration. audience=application error=map[message:permission denied] service_name=Ory Hydra service_version=v2.2.0-rc.3
hydra-migrate_1  | permission denied
hydra-migrate_1  | Error: permission denied
hydra-migrate_1  | Usage:
hydra-migrate_1  |   hydra migrate sql <database-url> [flags]
hydra-migrate_1  | 
hydra-migrate_1  | Flags:
hydra-migrate_1  |   -h, --help            help for sql
hydra-migrate_1  |   -e, --read-from-env   If set, reads the database connection string from the environment variable DSN or config file key dsn.
hydra-migrate_1  |   -y, --yes             If set all confirmation requests are accepted without user interaction.
hydra-migrate_1  | 
hydra-migrate_1  | Global Flags:
hydra-migrate_1  |   -c, --config strings   Path to one or more .json, .yaml, .yml, .toml config files. Values are loaded in the order provided, meaning that the last config file overwrites values from the previous config file.
^CGracefully stopping... (press Ctrl+C again to force)
Stopping hydra_hydra_1         ... done
Stopping hydra_hydra-migrate_1 ... done
Stopping hydra_postgresd_1     ... done
Stopping hydra_consent_1       ... done
➜  hydra git:(master)

Relevant log output

No response

Relevant configuration

No response

Version

latest master

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker Compose

Additional Context

No response

[Anthem-whisper]

hi, I meet the same problem, does it been solved?

[Anthem-whisper]

hi, maybe i found the reason: i download the sourcecode.zip in release, the permission of the dir has some problem. try

chmod -R 755 ./contrib/quickstart/5-min/