Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container doesn't start #245

Closed
bensteinberg opened this issue May 30, 2024 · 6 comments · Fixed by #248
Closed

Container doesn't start #245

bensteinberg opened this issue May 30, 2024 · 6 comments · Fixed by #248
Assignees
@cdalvaro
Labels
bug Something isn't working

Comments

@bensteinberg
Copy link

Describe the bug
The salt_master container doesn't start, because of a permissions error:

chown: changing ownership of '/home/salt/data/keys/master.pem': Permission denied

To Reproduce
Steps to reproduce the behavior:

On an M1 Mac, I ran

wget https://raw.githubusercontent.com/cdalvaro/docker-salt-master/master/docker-compose.yml
docker compose up

Expected behavior
I expected the salt_master container to be running.

Additional info

% docker compose up
[+] Running 2/0
 ✔ Network saltdocker_default  Created                                                                                  0.0s
 ✔ Container salt_master       Created                                                                                  0.0s
Attaching to salt_master
salt_master  | [INFO] - Mapping UID and GID for salt:salt to 1000:1000 ...
salt_master  | [INFO] - Configuring directories ...
salt_master  | '/srv' -> '/home/salt/data/srv'
salt_master  | '/var/log/salt' -> '/home/salt/data/logs/salt'
salt_master  | [INFO] - Configuring logrotate ...
salt_master  | [INFO] - Configuring container timezone ...
salt_master  | [INFO] - Setting TimeZone -> Etc/UTC ...
salt_master  | [INFO] - Configuring salt-master service ...
salt_master  | [INFO] - Setting up salt keys ...
salt_master  | [INFO] -  ==> Setting up salt-master keys ...
salt_master  | [INFO] -      Creating new keys ...
salt_master  | [INFO] -  ==> Setting up GPG keys ...
salt_master  | [INFO] -      Could not find GPG keys. GPG setup skipped.
salt_master  | [INFO] - Setting up salt keys permissions ...
salt_master  | chmod: changing permissions of '/home/salt/data/keys/master.pem': Permission denied
salt_master exited with code 1
salt_master  | chown: changing ownership of '/home/salt/data/keys/master.pem': Permission denied
salt_master  | chown: changing ownership of '/home/salt/data/keys/master.pem': Permission denied
salt_master  | chown: changing ownership of '/home/salt/data/keys/master.pem': Permission denied
...

Version report (please complete the following information):

  • Host OS: Darwin myhostname 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:12:58 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T6000 arm64
  • Docker: Docker version 26.1.1, build 4cf5afa
  • Image tag: 3007.1

Additional context
This is the same as #226, I think. Let me know if I should have put this report in that issue.

I've experimented with changing PUID and PGID to my local uid and gid, but there's no difference.
@bensteinberg bensteinberg added the bug Something isn't working label May 30, 2024
@cdalvaro
Copy link
Owner

Thank you for opening this issue @bensteinberg, I'll try to fix it asap.

@cdalvaro
Copy link
Owner

This seems to be an error related with Docker Desktop for Mac and how Docker manage permissions.

Try this compose.yml instead:

services:
  master:
    container_name: salt_master
    image: ghcr.io/cdalvaro/docker-salt-master:latest
    restart: unless-stopped
    volumes:
      - ./roots:/home/salt/data/srv
      - keys:/home/salt/data/keys
      - logs:/home/salt/data/logs
    ports:
      - "4505:4505"
      - "4506:4506"
      ### salt-api port
      # - "8000:8000"
    healthcheck:
      test: ["CMD", "/usr/local/sbin/healthcheck"]
      start_period: 30s
    environment:
      DEBUG: false
      TZ: Europe/Madrid
      PUID: 1000
      PGID: 1000
      SALT_LOG_LEVEL: info
      ### salt-api settings
      # SALT_API_ENABLED: 'True'
      # SALT_API_USER: salt_api
      # SALT_API_USER_PASS: 4wesome-Pass0rd
      ### salt-minion settings
      # SALT_MINION_ENABLED: 'True'
      # SALT_MINION_ID: builtin.minion

volumes:
  keys:
    name: salt-master-keys
  logs:
    name: salt-master-logs

If you need to get access to keys or logs directory, you can do it using the Volumes inspector of the Docker Desktop app:

Screenshot 2024-05-31 at 11 50 37

Or, if you want to backup the keys volume, you can use the Volumes Backup & Share extension.

Also, you can try loomchild /volume-backup Docker image to create a tar.bz2 file.

docker run -v salt-master-keys:/volume --rm --log-driver none \
  loomchild/volume-backup backup > salt-master-keys-backup.tar.bz2

@bensteinberg
Copy link
Author

Thanks, @cdalvaro! I'll try it out. I'm hoping to store/manage the keys on the host. I'll let you know how it goes.

@cdalvaro
Copy link
Owner

cdalvaro commented Jun 1, 2024

Thanks, @cdalvaro! I'll try it out. I'm hoping to store/manage the keys on the host. I'll let you know how it goes.

Great! Thank you for your help!

cdalvaro added a commit that referenced this issue Jun 17, 2024
@cdalvaro
fix: Properly handle changing master keys permissions
0acd1ed 
Closes #245
cdalvaro added a commit that referenced this issue Jun 17, 2024
@cdalvaro
fix: Properly handle changing master keys permissions
69a0f69 
Closes #245
@cdalvaro cdalvaro mentioned this issue Jun 17, 2024
Merged
@cdalvaro
Copy link
Owner

Hi @bensteinberg! I've made some changes to the permissions management that fix your issue.

Could you try this image before I merge #248?

ghcr.io/cdalvaro/docker-salt-master:development

@bensteinberg
Copy link
Author

Hi @bensteinberg! I've made some changes to the permissions management that fix your issue.

Could you try this image before I merge #248?

ghcr.io/cdalvaro/docker-salt-master:development

Sorry for the delay -- thanks for doing this. I'll check it out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cdalvaro cdalvaro

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve salt user permissions management cdalvaro/docker-salt-master
2 participants
@bensteinberg @cdalvaro