wmnnd
commented
2 months ago Keila doesn’t need to be root, but it needs to be able to write to /opt/app. If you don’t see any other errors, this might be the reason for it.
Closed dompie closed 2 months ago
wmnnd
commented
2 months ago Keila doesn’t need to be root, but it needs to be able to write to /opt/app. If you don’t see any other errors, this might be the reason for it.
dompie
commented
2 months ago So your advice is to fix this in the container now manually and every time a new keila release is available?
dompie
commented
2 months ago The permissions now look like
~$ docker exec -ti keila-keila-1 sh
~ $ cd /opt/app/lib/tzdata-1.1.1/priv/
~/lib/tzdata-1.1.1/priv $ ls -la
total 4
drwxr-xr-x 1 default root 76 Jan 24 09:37 .
drwxr-xr-x 1 default root 30 Jan 24 09:37 ..
-rw-r--r-- 1 default root 9 Jan 24 09:37 latest_remote_poll.txt
drwxr-xr-x 1 default root 42 Jan 24 09:37 release_ets
drwxr-xr-x 1 default root 6 Jan 24 09:37 tmp_downloadsOh, so you were using the official Keila image? Sorry, I had assumed from your initial comment that you had created your own image.
dompie
commented
2 months ago Yes, I use official Keila image.
wmnnd
commented
2 months ago And you’re running it just as is - or did you make any modifications?
Can you try getting in the console and running this command?
Tzdata.DataLoader.download_new
dompie
commented
2 months ago ~/lib/tzdata-1.1.1/ebin $ cd ~
~ $ bin/keila remote
Erlang/OTP 26 [erts-14.2.1] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:1] [jit]
Interactive Elixir (1.15.7) - press Ctrl+C to exit (type h() ENTER for help)
iex(keila@240ab4b543c8)1> Tzdata.DataLoader.download_new
** (File.Error) could not write to file "/opt/app/lib/tzdata-1.1.1/priv/latest_remote_poll.txt": permission denied
(elixir 1.15.7) lib/file.ex:1117: File.write!/3
(tzdata 1.1.1) lib/tzdata/data_loader.ex:10: Tzdata.DataLoader.download_new/1
iex:1: (file)
iex(keila@240ab4b543c8)1> And you’re running it just as is - or did you make any modifications?
We have set up the container according to docs and have only changed the username to not having it run as root.
wmnnd
commented
2 months ago Ah, that might be the problem, then. Could you try using the user default instead of your custom user?
dompie
commented
2 months ago Is there another way? Unfortunately our process is not so...easy to "just" change the user in production environment.
wmnnd
commented
2 months ago Keila needs write access to some of the priv directories in /opt/app, so changing the user in the container is expected to break things. If you want to change the user (e.g. because you absolutely want to use a certain UID), you’ll also have to change the permissions/ownership in /opt/app.
dompie
commented
2 months ago It's common practice to have containers running as any user. Keila should not require a specific username to be available on the host system. Will break things for many people.
wmnnd
commented
2 months ago The specific user doesn’t need to exist on the host system, though.
wmnnd
commented
2 months ago If you want a specific local user mapped to the default user in the Keila container, you could look at the relevant options from your container runtime. You can find instructions for Docker specifically here: https://docs.docker.com/engine/security/userns-remap/
dompie
commented
2 months ago Fixed by removing user line in docker-compose.yml and restarting container.
Hello, I have setup keila using a Docker container (non-root) and imported some contacts using the API. Unfortunately after creating a campaign, no e-mails are sent and I see (about a million) errors in docker log popping up:
Is this something I can fix? Can this be the root cause why my test-campaigns are not sent?