moby: Postgres data volume is mounted with wrong permissions in Docker OSX beta
I just installed Docker OSX Beta on my local machine. I have two containers: a postgres container and a data container. The compose file is something along the lines of
postgres:
image: traede/postgres
ports:
- "5432:5432"
volumes_from:
- postgres_data
postgres_data:
image: busybox
volumes:
- /var/lib/postgresql/data
This works when I use compose within a machine VM. However, in the OSX beta I get the following output from
docker logs localservers_postgres_1
FATAL: data directory "/var/lib/postgresql/data" has group or world access
DETAIL: Permissions should be u=rwx (0700).
docker logs localservers_postgres_data_1
returns nothing
I am unsure as to why there is a difference between the Machine environment and my OSX environment?
Output of docker version
:
Client:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: 4dc5990
Built: Wed Apr 13 19:36:04 2016
OS/Arch: darwin/amd64
Server:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: a5315b8
Built: Thu Apr 14 10:19:52 2016
OS/Arch: linux/amd64
Output of docker info
:
Containers: 52
Running: 7
Paused: 0
Stopped: 45
Images: 181
Server Version: 1.11.0
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 282
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.4.6
Operating System: Alpine Linux v3.3
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.956 GiB
Name: docker
ID: IJCB:W5BI:RIKS:IGUJ:26HW:D355:MZ3Q:ULJV:LB2L:4PJD:V7IP:3HGQ
Docker Root Dir: /var/lib/docker
Debug mode (client): false
Debug mode (server): true
File Descriptors: 35
Goroutines: 74
System Time: 2016-04-15T14:59:16.465993504Z
EventsListeners: 1
Registry: https://index.docker.io/v1/
Additional environment details (AWS, VirtualBox, physical, etc.):
Local Macbook Pro machine, OSX version 10.11
Steps to reproduce the issue:
docker-compose up -d
docker logs localservers_postgres_1
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 28 (14 by maintainers)
The directory
/var/lib/postgresql/data
doesn’t exist in the VM because only certain host first-level directories are available: right now,/Users
,/Volumes
,/tmp
, and/private
. See Namespaces on https://beta.docker.com/docs/mac/osxfs/ for the full details. We’re currently considering changing the bind mount namespace behavior but this is how it works currently. Solutions for right now are either:/Mac
to the pathFinally, you may run into further issues running postgres on a shared bind mount as we don’t currently support
fallocate
or[f]stat[v]fs
but will in a Beta Coming Soon.Update!
But, I have this problem.Why?Could you help me?
@shabbirkagalwala Please keep in mind that the GitHub issue tracker is not intended as a general support forum, but for reporting bugs and feature requests. For other type of questions, consider using one of;
@esbenp @duykhoa is this still an issue for you on the latest Docker for Mac beta?
Just ran this;
@dsheets in this case, it’s not a bind-mounted directory, so
- /var/lib/postgresql/data
should create a new, “anonymous” volume.@esbenp is there a reason you’re using a data-only container? docker now has volume management functions (
docker volume ls
,docker volume create
). In this case, I suggest to use a named volume for your postgres data, e.g.You can find that volume with
docker volume ls
;thanks @samoht!
closing this issue, but feel free to comment here if you still run into this issue
@duykhoa oh, just got notified that there’s still an issue when bind-mounting a local directory for postgresql; https://forums.docker.com/t/beta-9-postgres-stat-files-corrupted-when-data-stored-on-host-mapped-volume/10819
So, yes (also for performance), using a volume instead of a bind-mounted host-directory is still the preferred approach
Oh, perhaps
docker-compose down
first to be sure the old containers and volumes of the project are removed (assuming there’s no important data in there)