Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make.sh: python: can't open file Permission denied #214

Closed
junaruga opened this issue Jul 29, 2020 · 11 comments
Closed

make.sh: python: can't open file Permission denied #214

junaruga opened this issue Jul 29, 2020 · 11 comments

Comments

@junaruga
Copy link
Member

I am trying to set up my development environment on my local machine reading README.md.

My environment is

  • Fedora 32
  • Docker 19.03.11 (installed by RPM: moby-engine-19.03.11-1.ce.git42e35e6.fc32.x86_64).
$ docker --version
Docker version 19.03.11, build 42e35e6
  • Docker compose 1.26.2 (installed by pip3 install docker-compose --user).
$ docker-compose --version
docker-compose version 1.26.2, build unknown

Do you have any idea to fix the following error I faced?

$ ./make.sh
...
Starting chris_ultron_backend_pfcon_service_1  ... done
python: can't open file 'check_db_connection.py': [Errno 13] Permission denied
python: can't open file 'manage.py': [Errno 13] Permission denied
python: can't open file 'manage.py': [Errno 13] Permission denied

$ echo $?
2

Thanks.
@jbernal0019
Copy link
Member

@junaruga The Backend instructions for Fedora here should help you. Once you make it work can you please create a wiki page in your fork explaining the details for Fedora and give me the link?

@junaruga
Copy link
Member Author

junaruga commented Jul 29, 2020
edited
Loading

Sure. Okay. I will create the wiki page. I am happy to do it.

@junaruga
Copy link
Member Author

@jbernal0019 Is there already "The Backend instructions for Fedora" somewhere?

@jennydaman jennydaman mentioned this issue Jul 30, 2020
Closed
@junaruga
Copy link
Member Author

junaruga commented Jul 31, 2020
edited
Loading

Here is the full log for ./make.sh.

Interestingly python: can't open file 'manage.py': [Errno 13] Permission denied disappeared in case of the SE Linux mode permissive. But there is DB connection error instead of that.

I referred this document to disable SE Linux temporarily.
https://www.tecmint.com/disable-selinux-in-centos-rhel-fedora/

@junaruga
Copy link
Member Author

Seeing the commands, ./unmake.sh ; sudo rm -fr FS; rm -fr FS; ./make.sh, does ./make.sh executed by regular user create files in FS directory in root user's home directory?

@junaruga
Copy link
Member Author

It looks same with SE Linux mode permissive.

@rudolphpienaar
Copy link
Member

Seeing the commands, ./unmake.sh ; sudo rm -fr FS; rm -fr FS; ./make.sh, does ./make.sh executed by regular user create files in FS directory in root user's home directory?

No. The FS dir is created in the dir from which you run the make.sh.

The cumbersome double rm was to assure deletion of the FS dir on restart. The FS dir, created by the make.sh is first owned by the user running the script. This dir will, however, contain files owned by root due to running containerized plugins. On NFS shared dir spaces with rootsquash on, root would not be able to fully delete the dir. Hence this awkward setup.

Feel free to improve...

@junaruga
Copy link
Member Author

Thanks for the answer. "FS directory in root user's home directory" was my mistake. Sorry.

I assume "files owned by root due to running containerized plugins." is related to a permission to write the files in volume mount from inside container. It's related to uid map. We might be able to fix it not to use sudo rm -fr FS.

@junaruga
Copy link
Member Author

Let me share my working log.

Now I installed Docker CE removing the moby-engine Docker official RPM repository on Fedora 32, seeing the official page.
Then I noticed network does not work inside a container.

Remove moby RPMs in Fedora RPM repository.

$ sudo dnf remove moby-engine
$ sudo dnf remove docker-compose
$ sudo rm -rf /var/lib/docker

Install Docker CE Fedora 31 binary RPMs and docker-compose on Fedora 32

The current environment is cgroups v1 by sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0".

$ cat /etc/fedora-release 
Fedora release 32 (Thirty Two)

$ curl -fsSL https://get.docker.com -o get-docker.sh

$ sudo sh get-docker.sh
...
Errors during downloading metadata for repository 'docker-ce-stable':
  - Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/stable/repodata/repomd.xml (IP: 99.86.243.99)

Edit the downloaded repository config file, replacing $releasever (= host Fedora version = 32) to 31, knowing that is tricky and hackable.

$ sudo vi /etc/yum.repos.d/docker-ce.repo

$ sudo dnf install docker-ce docker-ce-cli containerd.io

$ rpm -qf /usr/bin/docker
docker-ce-cli-19.03.12-3.fc31.x86_64

Install docker-compose from the official source.

$ curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o docker-compose
$ chmod +x docker-compose
$ sudo mv docker-compose /usr/local/bin/

$ docker -v
Docker version 19.03.12, build 48a66213fe

$ docker-compose -v
docker-compose version 1.26.2, build eefe0d31

Run make.sh

$ ./make.sh
...
^[[1A^[[2K^MStarting chris_ultron_backend_pfcon_service_1  ... ^[[32mdone^[[0m^M^[[1BCould not connect to database service!
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/urllib3/connection.py", line 159, in _new_conn
    conn = connection.create_connection(
  File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 84, in create_connection
    raise err
  File "/usr/local/lib/python3.8/dist-packages/urllib3/util/connection.py", line 74, in create_connection
    sock.connect(sa)
OSError: [Errno 113] No route to host
...

Test with the simple Dockerfile.

$ cat Dockerfile
FROM ubuntu:latest

ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get -y update

The network does not work inside the container.

$ docker system prune -a -f

$ docker build --rm -t test/ubuntu .
...
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Temporary failure resolving 'archive.ubuntu.com'
...

The following command with --network=host works.

$ docker system prune -a -f
$ docker build --rm -t test/ubuntu --network=host .

I am investigating seeing such as this document now.

@junaruga
Copy link
Member Author

Then I noticed network does not work inside a container.

Sorry, Now the network inside a container works after running the following commands, referring Whitelist docker in firewall and docker/for-linux#955 (comment) .

$ sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0
$ sudo firewall-cmd --permanent --zone=FedoraWorkstation --add-masquerade
$ sudo firewall-cmd --reload

@junaruga
Copy link
Member Author

I would close this ticket, as I succeeded to run make.sh without errors on both docker-ce from docker official repository and moby from fedora official repository. Thank you for your help.

I summarized the steps here.
https://github.com/junaruga/ChRIS_ultron_backEnd/wiki/Setup-Docker-on-Fedora-32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@junaruga @rudolphpienaar @jbernal0019