search

pocketnetteam / pocketnet.core

Decentralized social network based on the blockchain
https://pocketnet.app
Apache License 2.0
109 stars 28 forks source link

Official Docker Compose YAML Unable to Open Settings File #623

Closed cahlenlee closed 6 months ago

cahlenlee commented 8 months ago

Official docker-compose.yml fails to run due to being unable to open settings.json.tmp. You have to remove the extraneous quotes mentioned in #621 to bypass that bug first.

'sudo docker compose up' results in the following output:

"sudo docker compose up [+] Running 1/1 ✔ Container pocketnet.core Created 1.0s Attaching to pocketnet.core pocketnet.core | 0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff pocketnet.core | 0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff pocketnet.core | Error: Failed saving settings file: pocketnet.core | - Error: Unable to open settings file /home/pocketcore/.pocketcoin/settings.json.tmp for writing pocketnet.core | pocketnet.core exited with code 0"

andyoknen commented 8 months ago

You need to make sure that you have write access to the directory that is configured to store the database.

    # Create a Volume for the Blockchain database directory
    volumes:
      - ~/.pocketcoin:/home/pocketcore/.pocketcoin
cahlenlee commented 8 months ago

It doesn't make a difference. For example, I can change it to this:

volumes:

With the ownership and permissions for the pocketnet folder given to the root user (I'm using sudo):

drwxr-xr-x 3 root root 4096 Nov 6 21:09 . drwxr-xr-x 7 root root 4096 Nov 6 18:22 .. -rwxr-xr-x 1 root root 936 Nov 6 21:09 docker-compose.yml drwxr-xr-x 2 root root 4096 Nov 6 21:09 .pocketcoin

The .pocketnet folder you see there was created by the 'docker compose up', so it is writing successfully, just not the settings file (which is also in a root owned/writeable folder).

lostystyg commented 8 months ago

There is a known messup in docker with permissions in mounted volumes. By default container is being run under pocketcore user that has 1000 uid and 1000 gid and thus its permissions will correspond to default host user that also commonly have the same uid and guid. The /docker/pocketnet/.pocketcoin folder is being created not by container itself but by docker CLI which is executed as root in your case and thus the folder also belongs to root (uid 0). So this result in container's process with uid 1000 trying to write in a directory owned by uid 0. If you really want to handle docker and datadir as root just add user: "root:root" in docker-compose.yml file for container:

     image: pocketnetteam/pocketnet.core:latest
     restart: on-failure
     stop_grace_period: 1m30s
+    user: "root:root"
     # Increasing the number of available file descriptors
     ulimits:
       nofile:

This will force the container's process to be run as root and so there will be no permission issues.

However, it is recommended to not use docker CLI as well as process inside container as well as volume resources as root due to security issues. Some notes about this here

andyoknen commented 7 months ago

@cahlenlee Have you been able to get the node to work?

HiHat commented 7 months ago 
     image: pocketnetteam/pocketnet.core:latest
     restart: on-failure
     stop_grace_period: 1m30s
+    user: "root:root"
     # Increasing the number of available file descriptors
     ulimits:
       nofile:

I have same issue so please add user option to the default docker-compose.yml!

andyoknen commented 7 months ago

We cannot recommend using the default root account - it is not secure. Using root can lead to uncontrolled access to the file system. By default, images are collected using an account with UID 1000 - in most cases, this corresponds to a regular user account.