Hi folks
Let me preface this with, I gave up on this set-up and elected to follow the guide on here by @Scepterus and have docker running beautifully on TrueNAS, but being the stubborn a$$ I am, I want to know why I couldn’t get my set-up to work as described below. Any help is greatly appreciated.
I’ve been banging my head against the wall trying to sort out permissions issues when running a container that uses a remote SMB share for storing configuration files.
My set-up is as follows:
Running Proxmox as my hypervisor with:
- TrueNAS Scale as the NAS
- Debian VM for hosting Docker
The TrueNAS VM has a single pool, with 1 dataset for SMB shares and 1 dataset for NFS shares which I implemented for troubleshooting purposes
I have credentials steve:steve (1000:1000), supersecurepassword with Full Control ACL permissions on the SMB share. I can access this share via windows and TrueNAS CLI as Steve and have all expected permissions behaving as expected.
On the Debian host, I have created user steve:steve (1000:1000) with supersecurepassword.
I have been able to successfully mount and map the share within the debian host using cifs using:
//192.168.10.206/dockerdata /mnt/dockershare cifs uid=1000,gid=1000,vers=3.0,credentials=/root/.truenascreds 0 0
The credentials are:
username=steve
password=supersecurepassword
I can read/write from Debian CLI through the mount point, view files, modify files, etc.
I have also successfully mounted & read/write the share with these additional options:
file_mode=0777,dir_mode=0777,noexec,nosuid,nosetuids,nodev
Now here’s where I start having problems. I can create a container user docker compose, portainer (manual creation and stack for compose) but run into database errors as the container attempts to start.
Please note that my YML files are formatted correctly but may appear incorrect here as I copied and pasted over from SO.
version: "2.1"
services:
babybuddytestsmbmount:
image: lscr.io/linuxserver/babybuddy:latest
container_name: babybuddytestsmbmount
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- CSRF_TRUSTED_ORIGINS=http://127.0.0.1:8000,https://babybuddy.domain.com
ports:
- 1801:8000
restart: unless-stopped
volumes:
- /mnt/dockershare/babybuddy:/config
Docker will create all folders and files, start the container but the webui will return a server 500 error. The logs indicate these database errors which results in a large number of exceptions:
sqlite3.OperationalError: database is locked
django.db.utils.OperationalError: database is locked
django.db.migrations.exceptions.MigrationSchemaMissing: Unable to create the django_migrations table (database is locked)
I also tried mounting the SMB share in a docker volume using the following:
version: "2.1"
services:
babybuddy:
image: lscr.io/linuxserver/babybuddy:latest
container_name: babybuddy
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- CSRF_TRUSTED_ORIGINS=http://127.0.0.1:8000,https://babybuddy.domain.com/
ports:
- 1800:8000
restart: unless-stopped
volumes:
- dockerdata:/config
volumes:
dockerdata:
driver_opts:
type: "cifs"
o: "username=steve,password=supersecurepassword,uid=1000,gid=1000,file_mode=0777,dir_mode=0777,noexec,nosuid,nosetuids,nodev,vers=3.0"
device: "//192.168.10.206/dockerdata"
Docker again is able to create the container, create & mount the volume, create all folders and files, but encounters the same DB errors indicated above.
I believe this is because the container is trying to access the SMB share as root, which TrueNAS will not permit. I have verified that all files and folders are under the correct ownership, and during troubleshooting have also stopped the container, recursively chown and chgrp the dataset to root:root, restarting the container and no dice. Changing the SMB credentials on the debian host to root results in a failure to connect.
Testing to ensure I didn’t have a different issue causing problems, I was able to sucessfully start the container locally on the host as well as using a remote NFS share from the same TrueNAS VM.
I have also played with the dataset permissions, changing owners within TrueNAS, attempting permissions without ACL with steve:steve as owner:group, etc.
Each of these variations was done with fresh dataset for SMB and a wipeout and recreation of docker as well as reinstalls of debian.
Any help or suggestions would be greatly appreciated.
I also tried this with Ubuntu as the docker host and attempted to have docker run under the steve user to disastrous results.