flame
flame copied to clipboard
Published
20 hours ago •
pawelmalak
pawelmalak
[BUG] Update to docker file breaks saving data on NFS
trafficstars
Deployment details:
- App version [e.g. v1.7.4]: 2.3.0
- Platform [e.g. amd64, arm64, arm/v7]: arm64
- Docker image tag [e.g. latest, multiarch]: multiarch
Bug description:
Before (in ver 2.2.1) there were no chown commands and everything worked well. After introducing chown node on startup, it results in errors which are stopping container from running.
chown: /app/data/db_backups/db-221-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-168-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-171-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-211-backup.sqlite: Operation not permitted
chown: /app/data/db_backups/db-170-backup.sqlite: Operation not permitted
chown: /app/data/db_backups: Operation not permitted
chown: /app/data/db_backups: Operation not permitted
chown: /app/data/themes.json: Operation not permitted
chown: /app/data/customQueries.json: Operation not permitted
chown: /app/data/uploads: Operation not permitted
chown: /app/data/uploads: Operation not permitted
chown: /app/data/config.json: Operation not permitted
chown: /app/data/db.sqlite: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
My docker compose:
version: "3.8"
services:
flame:
image: pawelmalak/flame:multiarch2.2.1
volumes:
- type: bind
source: /srv/nfs4/swarm-data/data/flame
target: /app/data
- /var/run/docker.sock:/var/run/docker.sock
...
Permissions on /srv/nfs4/swarm-data/data/flame are set to nobody:nogroup and chmod 777
ls -l of nfs flame directory:
➜ flame ls -l
total 60
-rwxrwxrwx 1 nobody nogroup 856 Jun 12 13:00 config.json
-rwxrwxrwx 1 nobody nogroup 141 Oct 12 2021 customQueries.json
drwxrwxrwx 2 nobody nogroup 4096 Jun 11 17:40 db_backups
-rwxrwxrwx 1 nobody nogroup 40960 Jun 12 12:45 db.sqlite
-rw-r--r-- 1 nobody nogroup 1734 Jun 12 12:54 themes.json
drwxrwxrwx 2 nobody nogroup 4096 Oct 5 2021 uploads
Steps to reproduce:
- Bind NFS location to /app/data with
root_squash - Run container
same problem, my deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: flame-deployment
labels:
app: flame
spec:
replicas: 1
selector:
matchLabels:
app: flame
template:
metadata:
labels:
app: flame
spec:
containers:
- name: flame
image: pawelmalak/flame:2.3.1
ports:
- containerPort: 5005
volumeMounts:
- mountPath: /app/data/
name: flame-data
subPath: flame
env:
- name: PASSWORD
value: xxxxxx
volumes:
- name: flame-data
persistentVolumeClaim:
claimName: flame-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: flame-pvc
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: sc-nfs # I made the nfs storage class with kubernetes-sigs/nfs-subdir-external-provisioner and it works well for other app like usememos/memos.
the pod log:
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
chown: /app/data: Operation not permitted
my local cluster is:
# kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.27.3+k3s1
Kustomize Version: v5.0.1
Server Version: v1.27.3+k3s1
Simply change the command to remove it:
command = ["sh", "-c", "node server.js"]
