16

I am totally a newbie when it comes to Docker. And I am trying to understand it with a dummy project. I have a django project and my Dockerfile is inside the Django project's root folder. And my docker-compose.yml file is under the top root folder which contains django project folder and other config files.

my docker-compose.yml 

version: '3'
services:
  db:
    image: postgres
    container_name: dummy_project_postgres
    volumes:
      - ./data/db:/var/lib/postgresql/data

  event_planner:
    build: ./dummy_project
    container_name: dummy_project
    volumes:
      - .:/web
    ports:
      - "8000:8000"
    depends_on:
      - db
    links:
      - db:postgres

and my Dockerfile

FROM python:3
ENV PYTHONUNBUFFERED 1
RUN mkdir /web
WORKDIR /web
ADD requirements.txt /web/
RUN pip install -r requirements.txt
ADD . /web/

I am trying to run the following commands 

# stop and remove the existing containers
docker-compose stop
docker-compose rm -f

# up and run the container
docker-compose build
docker-compose up -d

docker-compose exec dummy_project bash

When I do docker-compose up -d, I see this error.

docker-compose up -d                                                                         
dummy_project_postgres is up-to-date
Starting dummy_project ... done
warning: could not open directory 'data/db/': Permission denied

I know this question asked before, but I didn't quite get the solution I need and I am stuck for hours now.

EDIT: I have all the permissions for all the folders under the top folder
EDIT2: sudo docker-compose up -d also results the same error.

Öykü
  • 252
  • 1
  • 3
  • 13
  • `sudo docker-compose up -d`? – copser Nov 06 '18 at 11:18
  • I did, Still, Permission denied. @PetarP – Öykü Nov 06 '18 at 11:22
  • On pycharm, there is a little lock icon on the data/db folder – Öykü Nov 06 '18 at 11:24
  • Have you SELinux enabled? Try mount volume like this: `./data/db:/var/lib/postgresql/data:z` or `./data/db:/var/lib/postgresql/data:Z` The z and Z volume flags are options for modifying selinux labels. – Raoslaw Szamszur Nov 06 '18 at 11:26
  • check if docker have sudo permissions, try playing in terminal first – copser Nov 06 '18 at 11:31
  • Just tried. stopped containers, removed them built again and up -d again, same issue. I also tried to next step `docker-compose exec dummy_project bash` but it said `No container found for dummy_project_1` @RaoslawSzamszur – Öykü Nov 06 '18 at 11:35

3 Answers3

17

I solved by adding ":z" to end of volume defintion

version: '3'
services:
  db:
    image: postgres
    container_name: dummy_project_postgres
    volumes:
      - ./data/db:/var/lib/postgresql/data:z

  event_planner:
    build: ./dummy_project
    container_name: dummy_project
    volumes:
      - .:/web
    ports:
      - "8000:8000"
    depends_on:
      - db
    links:
      - db:postgres

What ":z" means

Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Docker does not change the labels set by the OS.

To change the label in the container context, you can add either of two suffixes :z or :Z to the volume mount. These suffixes tell Docker to relabel file objects on the shared volumes. The z option tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Docker to label the content with a private unshared label. Only the current container can use a private volume.

https://docs.docker.com/engine/reference/commandline/run/#mount-volumes-from-container---volumes-from

what is 'z' flag in docker container's volumes-from option?

Farid Escate
  • 404
  • 5
  • 9
9

You're trying to mount ./data/db in /var/lib/postgresql/data and you're executing docker-compose with a non-privileged user.

So, we can have two possibilities:

  1. Problem with ./data/db permissions.
  2. Problem with /var/lib/postgresql/data

The simpiest solution is execute docker-compose with a privileged user (root), but if you don't want to do that, you can try this:

  • Give permissions to ./data/db (I see your EDIT that you've already done it).
  • Give permissions to /var/lib/postgresql/data

How can you give /var/lib/postgresql/data permissions? Read the following lines:

First, note that /var/lib/postgresql/data is auto-generated by postgre docker, so, you need to define a new Dockerfile which modifies these permissions. After that, you need also modify docker-compose to use this new Dockerfile.

./docker-compose.yml

version: '3'
services:
  db:
    build: 
      context: ./mypostgres
      dockerfile: Dockerfile_mypostgres
    container_name: dummy_project_postgres
    volumes:
      - ./data/db:/var/lib/postgresql/data

  event_planner:
    build: ./dumy_project
    container_name: dummy_project
    volumes:
      - .:/web
    ports:
      - "8000:8000"
    depends_on:
      - db
    links:
      - db:postgres

./dumy_project/Dockerfile --> Without changes

./mypostgres/Dockerfile_mypostgres

FROM postgres
RUN mkdir -p /var/lib/postgresql/data
RUN chmod -R 777 /var/lib/postresql/data
ENTRYPOINT docker-entrypoint.sh
Alejandro Galera
  • 3,445
  • 3
  • 24
  • 42
  • I did exactly what you said, in build, I get this `chmod: cannot access '/var/lib/postresql/data': No such file or directory ERROR: Service 'db' failed to build: The command '/bin/sh -c chmod -R 777 /var/lib/postresql/data' returned a non-zero code: 1` but I didnt get this part, sorry; shouldn't the `var/lib/..` folder supposed to be inside the docker container? We havent' create it yet but we are trying to change the permissions? – Öykü Nov 06 '18 at 11:48
  • That's because /var/lib/postgresql/data might be created by the entrypoint, so, directory doesn't exist before postgresql execution. Let me edit my answer with directory creation. – Alejandro Galera Nov 06 '18 at 11:55
  • okay this is strange, I can see that `Step 1/3 : FROM postgres` completed, `Step 2/3 : RUN mkdir -p /var/lib/postgresql/data` completed using cache, when on `Step 3/3 : RUN chmod -R 777 /var/lib/postresql/data`, `chmod: cannot access '/var/lib/postresql/data': No such file or directory ERROR: Service 'db' failed to build: The command '/bin/sh -c chmod -R 777 /var/lib/postresql/data' returned a non-zero code: 1` – Öykü Nov 06 '18 at 12:57
1

This solution is for case that your user is not present in docker group.

  1. First check if your user is in docker group:
grep 'docker' /etc/group
  1. Add user to docker group:
  • If the command return is empty, then create docker group:
sudo groupadd docker
  • Else if your user is not present in command return then add him to the group:
sudo usermod -aG docker $USER

  1. Reboot your system

  2. Test it again:

docker run hello-world

Tip: Remember to have the docker service started

If it works, try your docker-compose command again.

btd1337
  • 2,616
  • 2
  • 16
  • 25