search

tobybatch / kimai2

Docker containers for the kimai2 web application including docker-compose and kubernetes/helm deployment.
MIT License
183 stars 97 forks source link

1.30.5 permission problems #458

Closed mathias4github closed 1 year ago

mathias4github commented 1 year ago

container comes up but serves a 500 error.

if you add the script:

`#!/bin/bash

if [[ ! -d "var/" || ! -d "var/cache/prod/" ]]; then echo "Cache directory does not exist at: var/cache/prod/" exit 1 fi

if [[ ! -f "bin/console" ]]; then echo "Kimai console does not exist at: bin/console" exit 1 fi

rm -r var/cache/prod/* bin/console kimai:reload --env=prod chown -R www-kimai . chgrp -R www-data . chmod -R g+r . chmod -R 775 var/`

it comes up and works ... until you reboot the container

der-domi commented 1 year ago

I'm facing the same issue. @mathias4github , kindly asking when do I have to execute the script? The container does not start up when executing the stuff within /opt/kimai.

Thanks!

tobybatch commented 1 year ago

Sorry guys, this is an upshot of letting the server run as a delegated user. If you add:

USER_ID=33
GROUP_ID=33

Or whatever UID your files in the var folder are owned by

To your environment variables, that will set the user to www-data:www-data. I guess you are mounting file system folders, not docker volumes. Is that right?

mathias4github commented 1 year ago

@tobybatch it depends.

Typically, I mount volumes:

volumes:

mathias4github commented 1 year ago

tried it with the following options in the docker compose file:

user: 33:33 user: 1000:1000 user: 1000:33

neither of them fixed the bug

der-domi commented 1 year ago

I don't mount any volume or folder. Here is my docker-compose.yml.

Currently I'm working on the topic to get rid of the separate IPv4 db-net network. This is required since I upgraded to IPv6.

Maybe I have an additional TRUSTED_HOSTS issue. But the logs doesn't look like so

/opt/kimai# tail -f var/log/prod.log

[2023-01-24 09:28:16] request.INFO: Matched route "fos_user_security_login". {"route":"fos_user_security_login","route_parameters":{"_route":"fos_user_security_login","_controller":"App\\Controller\\Security\\SecurityController::loginAction","_locale":"de"},"request_uri":"http://kimai.example.com/de/login","method":"GET"} []
[2023-01-24 09:28:16] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2023-01-24 09:28:16] cache.WARNING: Failed to save key "ABCD" of type Doctrine\ORM\Query\ParserResult: fopen(/opt/kimai/var/cache/prod/pools/LDyCdeXPFx/ZYXW): Failed to open stream: Permission denied {"key":"ABCD","exception":"[object] (ErrorException(code: 0): fopen(/opt/kimai/var/cache/prod/pools/LDyCdeXPFx/ZYXW): Failed to open stream: Permission denied at /opt/kimai/vendor/symfony/cache/Traits/FilesystemCommonTrait.php:99)"} []
[2023-01-24 09:28:16] request.CRITICAL: Uncaught PHP Exception Twig\Error\RuntimeError: "An exception has been thrown during the rendering of a template ("Failed to create "/opt/kimai/var/cache/prod/translations": mkdir(): Permission denied")." at /opt/kimai/templates/security/login.html.twig line 4 {"exception":"[object] (Twig\\Error\\RuntimeError(code: 0): An exception has been thrown during the rendering of a template (\"Failed to create \"/opt/kimai/var/cache/prod/translations\": mkdir(): Permission denied\"). at /opt/kimai/templates/security/login.html.twig:4, Symfony\\Component\\Filesystem\\Exception\\IOException(code: 0): Failed to create \"/opt/kimai/var/cache/prod/translations\": mkdir(): Permission denied at /opt/kimai/vendor/symfony/filesystem/Filesystem.php:105)"} []
[2023-01-24 09:28:16] cache.WARNING: Failed to save key "Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController" of type array: fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/7505c5a54773): Failed to open stream: Permission denied {"key":"Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController","exception":"[object] (ErrorException(code: 0): fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/7505c5a54773): Failed to open stream: Permission denied at /opt/kimai/vendor/symfony/cache/Traits/FilesystemCommonTrait.php:99)"} []
[2023-01-24 09:28:16] cache.WARNING: Failed to save key "Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController%23__invoke" of type array: fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/7505c5a54773): Failed to open stream: Permission denied {"key":"Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController%23__invoke","exception":"[object] (ErrorException(code: 0): fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/7505c5a54773): Failed to open stream: Permission denied at /opt/kimai/vendor/symfony/cache/Traits/FilesystemCommonTrait.php:99)"} []
tobybatch commented 1 year ago

OK, I've rolled back that work, pushed, and re-run the builds. Pull fresh 1.30.5 and try again. The ownership may need to be fixed by hand. Sorry.

I'll have another go at this later with a better view on what it will mean for existing installs.

Thanks, and Sorry

3isenHeiM commented 1 year ago

I have the same problem with the latest build of the container (1h ago).

Here are the prod.log

[2023-01-23 23:20:32] request.CRITICAL: Uncaught PHP Exception Twig\Error\RuntimeError: "An exception has been thrown during the rendering of a template ("Failed to create "/opt/kimai/var/cache/prod/translations": mkdir(): Permission denied")." at /opt/kimai/templates/security/login.html.twig line 4 {"exception":"[object] (Twig\\Error\\RuntimeError(code: 0): An exception has been thrown during the rendering of a template (\"Failed to create \"/opt/kimai/var/cache/prod/translations\": mkdir(): Permission denied\"). at /opt/kimai/templates/security/login.html.twig:4, Symfony\\Component\\Filesystem\\Exception\\IOException(code: 0): Failed to create \"/opt/kimai/var/cache/prod/translations\": mkdir(): Permission denied at /opt/kimai/vendor/symfony/filesystem/Filesystem.php:105)"} []
[2023-01-23 23:20:32] cache.WARNING: Failed to save key "Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController" of type array: fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/68c39120dfab): Failed to open stream: Permission denied {"key":"Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController","exception":"[object] (ErrorException(code: 0): fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/68c39120dfab): Failed to open stream: Permission denied at /opt/kimai/vendor/symfony/cache/Traits/FilesystemCommonTrait.php:99)"} []
[2023-01-23 23:20:32] cache.WARNING: Failed to save key "Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController%23__invoke" of type array: fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/68c39120dfab): Failed to open stream: Permission denied {"key":"Symfony%5CComponent%5CHttpKernel%5CController%5CErrorController%23__invoke","exception":"[object] (ErrorException(code: 0): fopen(/opt/kimai/var/cache/prod/pools/j5j-2cUkbi/68c39120dfab): Failed to open stream: Permission denied at /opt/kimai/vendor/symfony/cache/Traits/FilesystemCommonTrait.php:99)"} []

Here are the rights in the /opt/kimai folder

drwxr-xr-x  6 www-data www-data 4.0K Jan 24 14:09 public
drwxr-xr-x 36 www-data www-data 4.0K Jan 24 14:06 src
-rw-r--r--  1 www-data www-data  20K Jan 24 14:06 symfony.lock
drwxr-xr-x 31 www-data www-data 4.0K Jan 24 14:06 templates
drwxr-xr-x  2 www-data www-data  20K Jan 24 14:06 translations
drwxr-xr-x 10     1000     1000 4.0K Jun  2  2022 var
drwxr-xr-x 51 www-data www-data 4.0K Jan 24 14:09 vendor
-rw-r--r--  1 www-data www-data 2.2K Jan 24 14:06 webpack.c

How can I correct the ownership in my docker-compose file ?

der-domi commented 1 year ago

As Toby mentioned: He reverted the change. Take care that you are using the latest image. I'm fine with the rollback.

3isenHeiM commented 1 year ago

I still have the same problem with the image: kimai/kimai2:fpm-1.30.2-prod, the UID 1000 is still set on /opt/kimai/var :/

Mortein commented 1 year ago

I still have the same problem with the image: kimai/kimai2:fpm-1.30.2-prod, the UID 1000 is still set on /opt/kimai/var :/

I had the same issue. For the application container, I only have the following volumes:

volumes:
  - /data/kimai/config/local.yaml:/opt/kimai/config/packages/local.yaml:ro`

To fix it, I:

  1. Stopped the container: docker-compose stop kimai
  2. Deleted the container: docker-compose rm kimai
  3. Brought everything up again to recreate the container: docker-compose up -d

The new container has the correct permissions, and everything is working as expected. drwxr-xr-x 9 www-data www-data 118 Jan 26 08:19 /opt/kimai/var

Just make sure you don't remove your database container.

3isenHeiM commented 1 year ago

Still not working :/ Here is the kimai container docker-compose section:

  kimai:
    image: kimai/kimai2:fpm-1.30.2-prod
    container_name: kimai
    environment:
      - DATABASE_URL=mysql://kimaiuser:XXXXXXXXXXXXX@mariadb/kimai
      - TRUSTED_HOSTS=nginx,localhost,XXXXXXXXXXX,127.0.0.1
    volumes:
      - kimai_kimai-public:/opt/kimai/public
      - kimai_kimai-var:/opt/kimai/var

I removed the image but the problem remains...

Mortein commented 1 year ago

1.30.5 is the version that was republished.

3isenHeiM commented 1 year ago

Sorry, but I stopped and removed all containers, used fpm-1.30.5-prod, started everything again, but the issue persists.

The var folder is a volume, as defined in the compose file:

      - kimai_kimai-var:/opt/kimai/var

From the console inside the container, I cannot chown the folder, since I don't have the permissions :/

What can I do to restore the rights of that folder ?

3isenHeiM commented 1 year ago

I read the docs and solved it ^^

https://github.com/tobybatch/kimai2/blob/fdab65327f97fea8904d101c18c265e48ad7d9e2/docs/troubleshooting.md#permissions

docker exec --user root CONTAINER_NAME chown -R www-data:www-data /opt/kimai/var