Open cbermudez97 opened 2 years ago
I can reproduce this issue. More docs are needed about running in docker.
Besides having the right permissions, the data dir should be owned by the same used ID that is used by the docker process. The correct usage of user IDs within docker is a somewhat complicated topic which is explored in the following article:
https://medium.com/@mccode/understanding-how-uid-and-gid-work-in-docker-containers-c37a01d01cf
@zah Thanks for the link. Indeed, executing the following command makes the error goes away in my case:
sudo chown 1000:1000 -R <MY_HOST_DATA_DIR>
But perhaps some updates can be done so that such a manual configuration is not necessary for users.
Hit by this as well. But I'm trying to run Nimbus rootless in Podman (https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md)
I have a suspicion that having the binary built as user
as in there is the cause of those woes:
https://github.com/status-im/nimbus-eth2/blob/7c731a2bfb4820ef5c08e5e35df635b986ed4857/docker/dist/Dockerfile.amd64#L6C1-L19
Instead of putting the binaries in /home/user
they likely can be put in /usr/local/bin
, and we can remove a dependency on this user
user.
Some references:
Podman CLI commands
requires mapping a volume to /home/node
:
podman pod create \
--name taiko-a6-katla \
--volume $HOME/pod-data/taiko-a6-katla:/home/node
Lighthouse (working)
podman run -dt \
--pod taiko-a6-katla \
--name tko-a6-l1-cl-lighthouse \
docker.io/sigp/lighthouse:latest-modern \
lighthouse bn \
--datadir /home/node/l1-cl/lighthouse \
--network holesky \
--execution-endpoint http://localhost:8551 \
--execution-jwt /home/node/jwtsecret \
--http \
--http-address 0.0.0.0 \
--metrics \
--metrics-address 0.0.0.0 \
--checkpoint-sync-url https://checkpoint-sync.holesky.ethpandaops.io
Nimbus
podman run -dt \
--pod taiko-a6-katla \
--name tko-a6-l1-cl-nimbus-checkpoint-sync \
docker.io/statusim/nimbus-eth2:amd64-latest \
trustedNodeSync \
--data-dir=/home/node/l1-cl/nimbus/beacon_node \
--network=holesky \
--non-interactive \
--web3-url=http://localhost:8551 \
--with-deposit-snapshot \
--backfill=false \
--trusted-node-url=http://testing.holesky.beacon-api.nimbus.team
Describe the bug Im running a beacon node using docker compose while persisting the node data to a volume. When started the node fail after some errors about permissions for the data dir I used. First my data folder has 755 as permissions. When starting the node it fails with these:
Following the instructions there I changed my data folder permissions to 700. Running the node again shows these then:
To Reproduce
docker-compose.yml
with:openssl rand -hex 32 > jwtsecret
./data
and change its permissions to 755docker compose up beacon
./data
permissions to 700docker compose up beacon
Additional All the above commands were used as root.