Portainer: mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied

[kred-jon]

Name and Version

bitnami/keycloak

What steps will reproduce the bug?

1. Kubenetes with Microk8s in Ubuntu Server 20.04
2. Install Portainer
3. Using Helm in Portainer
4. add Repo: https://quay.io/repository/keycloak/keycloak
5. Install Keycloak

What is the expected behavior?

Keycloak pods will running:

keycloak-postgresql-0 1/1 Running 18 (3m8s ago) 70m keycloak-0 1/1 Running 12 (76s ago) 70m

What do you see instead?

keycloak-postgresql-0 0/1 CrashLoopBackOff 18 (3m8s ago) 70m keycloak-0 0/1 CrashLoopBackOff 12 (76s ago) 70m

Additional information

Error for keycloak-postgresql-0

postgresql 07:27:57.12 postgresql 07:27:57.12 Welcome to the Bitnami postgresql container postgresql 07:27:57.12 Subscribe to project updates by watching https://github.com/bitnami/containers postgresql 07:27:57.13 Submit issues and feature requests at https://github.com/bitnami/containers/issues postgresql 07:27:57.13 postgresql 07:27:57.15 INFO ==> ** Starting PostgreSQL setup ** postgresql 07:27:57.18 INFO ==> Validating settings in POSTGRESQL_* env vars.. postgresql 07:27:57.19 INFO ==> Loading custom pre-init scripts... postgresql 07:27:57.20 INFO ==> Initializing PostgreSQL database... mkdir: cannot create directory ‘/bitnami/postgresql/data’: Permission denied

Effected to keycloak-0

keycloak 07:32:31.11 keycloak 07:32:31.11 Welcome to the Bitnami keycloak container keycloak 07:32:31.11 Subscribe to project updates by watching https://github.com/bitnami/containers keycloak 07:32:31.11 Submit issues and feature requests at https://github.com/bitnami/containers/issues keycloak 07:32:31.12 keycloak 07:32:31.12 INFO ==> ** Starting keycloak setup ** keycloak 07:32:31.13 INFO ==> Validating settings in KEYCLOAK_* env vars... keycloak 07:32:31.15 INFO ==> Trying to connect to PostgreSQL server keycloak-postgresql... timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" timeout reached before the port went into state "inuse" keycloak 07:35:01.22 ERROR ==> Unable to connect to host keycloak-postgresql

[kred-jon]

Screenshot from Portainer Applications List

[kred-jon]

It is cause by:

runAsUser: 1001 fsGroup: 1001

not registered in the kubenetes?

[corico44]

Hello @kred-jon Thank you for your comment. Based on what your error shows us, it seems that you don' have the permissions of the corresponding directories configured. Try to configure them with the corresponding permissions. For example, using the chmod command: sudo chown -R 1001:root ${YOUR_PATH}.

[kred-jon]

Hi @corico44 , appreciate with the response, which path should change the permission? inside the pods bash or in the Kubernetes server? can I have the sample?.

If in pods I cannot exec -it because the pods still not ready.

[corico44]

For clarification, the command should be chown -R 1001:root ${YOUR_PATH} or chown -R 1001:1001 ${YOUR_PATH} depending on the group you choose to use.

Permissions should be given to all listed directories on the volume. For example, if we have the volume specified like this:

volumes:
  - "./data/main/data:/bitnami/postgresql/data"

We should have permissions like this:

$ ls -al ./data/main

drwxrwx--- 3 1001 1001 4096  8월  2 16:19 .
drwxrwx--- 3 1001 1001 4096  8월  2 16:02 ..
drwxrwx--- 2 1001 1001 4096  8월  2 16:19 data

[kred-jon]

is it correct path? how should I access the full path?.

[corico44]

@kred-jon Your container volume has a mount point which has a source path and a destination path. The one whose permissions should be modified is the source path. For example, having the following mount point:

./data/main/data:/bitnami/postgresql/data

the permissions must be added to the different folders that make up the source path. In this case:

./data/main/data

And, referring to your question if /bitnami/postgresql is a valid path as the destination path of the volume mount point, the answer is yes. There is no problem and it should work.

[kred-jon]

The values.yaml been updated, and now it's running good.

Init Containers: init-chmod-data: Container ID: containerd://601cf84027d0b75dbe391fa7662ea9571565f6f4a28d7e92b5b6619f79b1460a Image: docker.io/bitnami/bitnami-shell:11-debian-11-r27 Image ID: docker.io/bitnami/bitnami-shell@sha256:69da2c87742d07ecc308bbd3aa12e797ec97a636e697bd59c7a4af34d4c28965 Port: Host Port: Command: /bin/sh -ec chown 1001:1001 /bitnami/postgresql mkdir -p /bitnami/postgresql/data chmod 700 /bitnami/postgresql/data find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" |
xargs -r chown -R 1001:1001 chmod -R 777 /dev/shm

[kred-jon]

If have problem to create Postgresql DB with permission denied. Try to add new parameter:

924 volumePermissions:
925    enabled: true

[corico44]

I'm glad it worked. Thank you for reporting the issue. Don't hesitate to open another issue if you need to!