9

I am trying to run my application using Docker and here is my yml file content to run the mongo container.

 services:
   mongodb:
    image: mongo:3.4
    #    ports:
    #        - "27017:27017"
    volumes:
      - ./data/mongo:/data/db
    restart: always

And getting this error in contianer: (Saw this error after running docker logs command)

chown: changing ownership of '/data/db': Operation not permitted

The host has ./data/mongo folder and here are the details.

drwxrwxrwx  2 nfsnobody nfsnobody 4096 May 11 23:13 mongo

I tried to run this on the host as suggested in one of the forums.

sudo chgrp 1000 ./data/mongo

Not sure how this would help to solve the issue because the error we get is insdide the container folder not the one from host, anyway i tried..

But got this response :

chgrp: changing group of ‘mongo’: Operation not permitted

How to solve this issue? is there any solution other than "chgrp"? Thank you.

Here is the full docker-compose.yml file

## You can generate a custom docker compose file automatically on http://reportportal.io/download (Step 2)

## This is example of Docker Compose for ReportPortal
## Do not forget to configure data volumes for production usage

## Execute 'docker-compose -p reportportal up -d --force-recreate'
## to start all containers in daemon mode
## Where:
##      '-p reportportal' -- specifies container's prefix (project name)
##      '-d' -- enables daemon mode
##      '--force-recreate' -- forces re-recreating of all containers

version: '2'

services:

  mongodb:
    image: mongo:3.4
    #    ports:
    #        - "27017:27017"
    volumes:
      - ./data/mongo:/data/db
    restart: always

  registry:
    image: consul:1.0.6
    volumes:
      - ./data/consul:/usr/share/consul/data
#    ports:
#      - "8500:8500"
#      - "8300:8300"
#      - "53:8600/udp"
    command: "agent -server -bootstrap-expect=1 -ui -client 0.0.0.0"
    environment:
      - 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
    restart: always


  uat:
    image: reportportal/service-authorization:4.2.0
    #ports:
    #  - "9999:9999"
    depends_on:
      - mongodb
    environment:
      - RP_PROFILES=docker
      - RP_SESSION_LIVE=86400 #in seconds
    #      - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  ### Another option for gateway
  ### Can be used instead of traefik
  #  gateway:
  #    image: fabiolb/fabio:1.5.8-go1.10
  #    ports:
  #      - "9998:9998" # GUI/management
  #      - "8080:9999" # HTTP exposed
  #    environment:
  #      - FABIO_REGISTRY_CONSUL_ADDR=registry:8500
  #      - FABIO_REGISTRY_CONSUL_REGISTER_NAME=gateway
  #      - FABIO_PROXY_ADDR=:9999;rt=300s;wt=300s
  #    restart: always



  gateway:
    image: traefik:1.6.6
    ports:
      - "4444:8080" # HTTP exposed
      - "8081:8081" # HTTP Administration exposed
#    expose:
#      - '8080'
    command:
      - --consulcatalog.endpoint=registry:8500
      - --defaultEntryPoints=http
      - --entryPoints=Name:http Address::8080
      - --web
      - --web.address=:8081
    restart: always

  index:
    image: reportportal/service-index:4.2.0
    environment:
      - RP_SERVER_PORT=8080
      - RP_PROXY_CONSUL=true
    depends_on:
      - registry
      - gateway
    restart: always

  api:
    image: reportportal/service-api:4.3.0
    depends_on:
      - mongodb
    environment:
      - RP_PROFILES=docker
      - JAVA_OPTS=-Xmx1g -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp
    #      - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  ui:
    image: reportportal/service-ui:4.3.0
    environment:
      - RP_SERVER.PORT=8080
      - RP_CONSUL.TAGS=urlprefix-/ui opts strip=/ui
      - RP_CONSUL.ADDRESS=registry:8500
    restart: always

  analyzer:
    image: reportportal/service-analyzer:4.3.0
    depends_on:
      - registry
      - gateway
      - elasticsearch
    restart: always

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.1.1
    restart: always
    volumes:
      - ./data/elasticsearch:/usr/share/elasticsearch/data
    environment:
      - bootstrap.memory_lock=true
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
  #    ports:
  #        - "9200:9200"

  jira:
    image: reportportal/service-jira:4.0.0
    environment:
      - RP_PROFILES=docker
    #     - RP_MONGO_URI=mongodb://localhost:27017
    restart: always

  rally:
    image: reportportal/service-rally:4.3.0
    environment:
      - RP_PROFILES=docker
    #     - RP_MONGO_URI=mongodb://localhost:27017
    restart: always
Codeformer
  • 2,060
  • 9
  • 28
  • 46
  • You can give full permission to all users for the directory (if that is safe for your environment) using '''chmod -R a+rwX directory/'''. If it still does not work it would be helpful to share your app structure and whole docker-compose and Dockerfile contents – Gray_Rhino May 12 '21 at 07:31
  • @Gray_Rhino , i tried this but have the same issue. Full content of the yml file has been added in the question. thank you.. – Codeformer May 12 '21 at 07:43

4 Answers4

8

Mongo startup script changes ownership on files in /data/configdb and /data/db if ran as root. Try running it as nfsnobody (the owner of local ./data/mongo) to skip this step:

services:
  mongodb:
    user: "nfsnobody" # insert either uid or name of the user
anemyte
  • 17,618
  • 1
  • 24
  • 45
  • 1
    This helped me solve a similar issue, though I needed to use the username in string form instead of the user ID – hampercm Jul 09 '21 at 19:15
  • @hampercm both ways are applicable but there is a little difference. If you use name, there must be a user with that name inside the container. With an ID this isn't mandatory. – anemyte Jul 10 '21 at 06:53
  • Similar to @hampercm I fixed a related problem with a bitcoin docker image, I listed all users and found `bitcoin` user in `/etc/passwd` and added it into docker-compose.yml. – Sergei Basharov May 13 '22 at 13:48
  • I got error of: Error response from daemon: unable to find user nfsnobody: no matching entries in passwd file – heisenberg Aug 31 '23 at 12:39
3

I tried to answer here for a similar question - https://stackoverflow.com/a/73238863/1294667

In short, we could mount to path /data instead of /data/db. With this, mongo is able to perform chown on /data/db internally.

Sairam Krish
  • 10,158
  • 3
  • 55
  • 67
0

It looks like you have user namespace remapping turned on.

Open below file in in your host computer

/etc/sysconfig/docker

And Add/Modify these options like below and if required replace root with your user

OPTIONS='--userns-remap=root:root'
Pooja Laad
  • 11
  • 2
0

Sharing the volume to a Windows or a Mac host could be limited or hard (see https://github.com/docker-library/mongo/issues/232#issuecomment-355423692). I had similar issues with arm64 Mac and Rancher Desktop, and decided to remove the volume but still had issues starting the mongo container.

If you don't really need the shared volume, and just need to resolve the errors, a docker-desktop solution could be:

services:
    mongodb:
        container_name: mongodb
        restart: always
        image: mongo
        volumes:
          - mongodata:/data/db
        ports:
          - '27017:27017'

volumes:
  mongodata:
    external: true
Arnon Lauden
  • 136
  • 1
  • 4