Leon, thanks for the reply.
This website below helped me explain this for the SELinux :Z option:
https://www.tutorialworks.com/podman-rootless-volumes/
I stopped the container, deleted it and created a new container and didn’t notice any changes at this time for the UID for the directories on the host? Should I delete these directories, before creating a new container that will have bind
mounts to them or is there a best practice for this?
For the networking, and to get the UI, still doing what I detailed before.
Thanks
Chris
From: Leon N <leon9923@gmail.com>
Sent: Monday, October 4, 2021 9:47 PM
To: Miller, Christopher (NE) <Christopher.Miller@gd-ms.com>
Cc: podman mailing list <podman@lists.podman.io>
Subject: Re: [Podman] permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host
|
External E-mail
--- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.
|
Hey Chris,
The :Z changes makes volumes private to the container, it could be Selinux or it could be UID:GID issue for the bind mounts
After you exit the container does the UID change for the files on the host?
I'm not completely sure about this part but it may help you troubleshoot it.
For the network issue, you can simply use VM_IP:8081, I wasn't able to replicate the issue on my laptop.
Regards,
Leon
On Mon, 4 Oct, 2021, 23:31
Christopher.Miller@gd-ms.com, <Christopher.Miller@gd-ms.com> wrote:
First time poster. Coming from Docker background, using Podman since May of this year.
Help me make sense of this.
I am testing applying certs to a container in our dev environment, before replicating it to our production container. It was running as expected, and now I’m having issues when running the same commands (I’ve deleted the old container 1st before starting the work again).
If I run the following command:
sudo podman run -d –name hosta-nexus -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus.3:30.0
[usera@hosta /]$ sudo podman run --name hosta-nexus -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus3:3.30.0
mkdir: cannot create directory '../sonatype-work/nexus3': Permission denied
mkdir: cannot create directory '../sonatype-work/nexus3': Permission denied
Warning: Cannot open log file: ../sonatype-work/nexus3/log/jvm.log
Warning: Forcing option -XX:LogFile=/tmp/jvm.log
OpenJDK 64-Bit Server VM warning: Cannot open file ../sonatype-work/nexus3/log/jvm.log due to Permission denied
java.io.FileNotFoundException: ../sonatype-work/nexus3/tmp/i4j_ZTDnGON8hezynsMX2ZCYAVDtQog=.lock (Permission denied)
at java.io.RandomAccessFile.open0(Native Method)
at java.io.RandomAccessFile.open(RandomAccessFile.java:316)
at java.io.RandomAccessFile.<init>(RandomAccessFile.java:243)
at com.install4j.runtime.launcher.util.SingleInstance.check(SingleInstance.java:72)
at com.install4j.runtime.launcher.util.SingleInstance.checkForCurrentLauncher(SingleInstance.java:31)
at com.install4j.runtime.launcher.UnixLauncher.checkSingleInstance(UnixLauncher.java:88)
at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:67)
java.io.FileNotFoundException: /nexus-data/karaf.pid (Permission denied)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at java.io.FileOutputStream.<init>(FileOutputStream.java:101)
at org.apache.karaf.main.InstanceHelper.writePid(InstanceHelper.java:127)
at org.apache.karaf.main.Main.launch(Main.java:243)
at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)
at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)
at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69)
java.lang.RuntimeException: /nexus-data/log/karaf.log (Permission denied)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:102)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlersInternal(BootstrapLogManager.java:137)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlers(BootstrapLogManager.java:70)
at org.apache.karaf.main.util.BootstrapLogManager.configureLogger(BootstrapLogManager.java:75)
at org.apache.karaf.main.Main.launch(Main.java:244)
at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113)
at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85)
at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69)
Caused by: java.io.FileNotFoundException: /nexus-data/log/karaf.log (Permission denied)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.open(BootstrapLogManager.java:193)
at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.<init>(BootstrapLogManager.java:182)
at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:100)
... 12 more
Error creating bundle cache.
Unable to update instance pid: Unable to create directory /nexus-data/instances
Exception in thread "Thread-2" java.lang.SecurityException: Could not lock User prefs. Lock file access denied.
at java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:949)
at java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:937)
at java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:741)
at java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:836)
at java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:476)
at java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:50)
at java.util.prefs.FileSystemPreferences$4$1.run(FileSystemPreferences.java:454)
The following directories already exist on the host: /opt/nexus and /data/storage and are owned by nexus:nexus and the file permissions are 755.
BUT, if I run the following command (with user 0):
sudo podman run -dit --name hosta-nexus -u 0 -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus3:3.30.0
Why was the container running without the -u 0, and now I'm getting permission denied at rootless? Is there something, somewhere that is persisting that is causing the issue?
Also to clear things up, I’m opening the following port on the Container to the Host: 8081:80 , but if I type in localhost:8081 or localhost:80, the UI won’t come up. I have to inspect the running container, get the IP address, and then put in that ip address:8081 and then the web pages comes up. I’m not sure what I’m doing incorrectly here.
Thanks
Chris
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io