atuin
atuin copied to clipboard
atuinsh
Missing homedir and usergroup in docker image
While deploying Atuin from docker there is a problem with the application image. It lacks atuin's home directory and can't assign proper permission since there is no atuin user group.
It can be fixed quite easily by changing the line:
https://github.com/atuinsh/atuin/blob/e53c7c9dd61fb6a4f80dc78e7bcbbd23172812c2/Dockerfile#L21
to
RUN useradd -m -U -c 'atuin user' atuin && mkdir /config && chown atuin:atuin /config
It lacks atuin's home directory
What would be the reason for it to have a home directory? Service users don't tend to have those. Nobody should be running an interactive session as that user
True, I think the main reason for failure is the lack of an atuin user group. Then the chown command fails and later server can't start because it can't write the config.toml file into the config dir.
In that case, it's enough to add the -U parameter to the useradd command.
Could you let me know how you're trying to run this + what is actually failing for you?
Here you can see that /config is indeed owned by the atuin group, in the latest version of the Atuin container.
While Atuin does support config files, this is more for not-docker installs. You'll probably find it easier to configure via env vars.
I was trying to deploy Atuin with Portainer using docker-compose.yml. I only changed restart: to no.
Atuin app container starts and then fails with error (see attached file).
When I run just the app container from the latest image I got the same output as you:
@ThickDrinkLots did you get this working? I'm having the same issue with docker-compose but I'm using dockge instead of portainer.
Can't figure out the permissions issue. What's odd is why is it trying to create that file anyways when I provide the env variables
@zachatrocity yes. First I forked Atuin's repo and then I modified Dockerfile as I described in https://github.com/atuinsh/atuin/issues/1647#issue-2105435355
Then I made a new stack in Portainer and it worked.
Regarding the error of
Error: could not load server settings
Caused by:
0: failed to create file `/config/server.toml`
1: Permission denied (os error 13)
one of the workarounds could be creating a docker volume instead of mounting from host (assuming no changes to default settings).
volumes:
atuin_data: {}
services:
atuin:
restart: always
image: ghcr.io/atuinsh/atuin:v18.0.1
command: server start
volumes:
- atuin_data:/config
links:
- atuin-db:db
env_file:
- .env
environment:
ATUIN_HOST: "0.0.0.0"
ATUIN_PORT: 8080
ATUIN_OPEN_REGISTRATION: "true"
ATUIN_DB_URI: postgres://$ATUIN_DB_USERNAME:$ATUIN_DB_PASSWORD@db/atuin
RUST_LOG: info,atuin_server=debug
So I've been messing around the last few days trying to set up Atuin with docker-compose.yml on Portainer. I found the problem lies not in Atuin's Dockerfile, but in Portainer which for some reason doesn't change the owner of the config volume (for the database volume it changes the owner to 999 according to chown command in PostgreSQL Dockerfile: https://github.com/docker-library/postgres/blob/44ef8b226a40f86cf9df3f9299067db6779a3aa3/14/bullseye/Dockerfile#L188)
Inspired by this article I prepared docker-compose.yml which in the first place prepares server.toml file and puts it in the config directory. This file can be even empty.
Atuin, when starts, checks if config/server.toml is present and that's it.
version: '3.5'
services:
add-config:
image: debian:bullseye-slim
volumes:
- "./config:/config"
environment:
ATUIN_CONFIG: |
## host to bind, can also be passed via CLI args
# host = "127.0.0.1"
## port to bind, can also be passed via CLI args
# port = 8888
## whether to allow anyone to register an account
# open_registration = false
## URI for postgres (using development creds here)
# db_uri="postgres://username:password@localhost/atuin"
## Maximum size for one history entry
# max_history_length = 8192
## Maximum size for one record entry
## 1024 * 1024 * 1024
# max_record_size = 1073741824
## Webhook to be called when user registers on the servers
# register_webhook_username = ""
## Default page size for requests
# page_size = 1100
# [metrics]
# enable = false
# host = 127.0.0.1
# port = 9001
# [tls]
# enable = false
# cert_path = ""
# pkey_path = ""
command:
/bin/bash -c "echo \"$$ATUIN_CONFIG\" > /config/server.toml"
atuin:
image: ghcr.io/atuinsh/atuin:latest
restart: unless-stopped
command: server start
volumes:
- "./config:/config"
links:
- postgresql:db
ports:
- 8888:8888
environment:
ATUIN_HOST: "0.0.0.0"
ATUIN_OPEN_REGISTRATION: "true"
ATUIN_DB_URI: postgres://$ATUIN_DB_USERNAME:$ATUIN_DB_PASSWORD@db/atuin
depends_on:
add-config:
condition: service_completed_successfully
postgresql:
image: postgres:14
restart: unless-stopped
volumes: # Don't remove permanent storage for index database files!
- "./database:/var/lib/postgresql/data/"
environment:
POSTGRES_USER: $ATUIN_DB_USERNAME
POSTGRES_PASSWORD: $ATUIN_DB_PASSWORD
POSTGRES_DB: atuin
There is some more information about uid/gid with docker here: https://forum.atuin.sh/t/error-could-not-load-server-settings-docker-self-host/194/2?u=ellie
This does not require any changes to the dockerfile, any rebuilds, or anything like that.
There is some more information about uid/gid with docker here: https://forum.atuin.sh/t/error-could-not-load-server-settings-docker-self-host/194/2?u=ellie
This does not require any changes to the dockerfile, any rebuilds, or anything like that.
I've checked this on Portainer - it works for
user: "0:0"
values. And this one line makes my solution completely obsolete ;) Thanks!