Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harbor db image throws ./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied errors after local build. #21006

Open
hajnalmt opened this issue Oct 7, 2024 · 1 comment
Open

Harbor db image throws ./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied errors after local build. #21006

hajnalmt opened this issue Oct 7, 2024 · 1 comment

Comments

@hajnalmt
Copy link

hajnalmt commented Oct 7, 2024
edited
Loading

After an install according to the docs, I didn't manage to setup harbor locally beacuse the db didn't start.

Problem description

The logs showed that the entrypoint gets permission denied when it calls the initdb.sh

docker logs harbor-db
./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied
./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied
./docker-entrypoint.sh: line 4: //initdb.sh: Permission denied
...

Reproduce the problem

I built the the db as BULDTARGET, switched the entrypoint to a sleep and indeed initdb.sh is mounted as root not the postgres user.

make build BUILDTARGET=_build_db
...

Execing into the image:

docker exec -it harbor-db sh
sh-5.2$ ls -la
total 80
drwxr-xr-x   1 root     root     4096 Oct  6 16:33 .
drwxr-xr-x   1 root     root     4096 Oct  6 16:33 ..
-rwxr-xr-x   1 root     root        0 Oct  6 16:33 .dockerenv
lrwxrwxrwx   1 root     root        7 Sep  5 22:38 bin -> usr/bin
drwxr-xr-x   1 root     root     4096 Oct  4 07:54 boot
drwxr-xr-x   5 root     root      340 Oct  6 16:33 dev
drwxr-xr-x   1 postgres postgres 4096 Oct  4 07:54 docker-entrypoint-initdb.d
-rwxrw----   1 postgres postgres 3297 Oct  2 21:50 docker-entrypoint.sh
-rwxrw----   1 postgres postgres  439 Oct  2 21:50 docker-healthcheck.sh
drwxr-xr-x   1 root     root     4096 Oct  6 16:33 etc
drwxr-xr-x   1 root     root     4096 Oct  4 07:53 home
-rwxrwx---   1 root     root     4263 Oct  2 21:50 initdb.sh
lrwxrwxrwx   1 root     root        7 Sep  5 22:38 lib -> usr/lib
lrwxrwxrwx   1 root     root        7 Sep  5 22:38 lib64 -> usr/lib
lrwxrwxrwx   1 root     root        9 Sep  5 22:38 media -> run/media
drwxr-xr-x   4 root     root     4096 Sep 13 06:38 mnt
dr-xr-xr-x 499 root     root        0 Oct  6 16:33 proc
drwxr-x---   1 root     root     4096 Oct  4 07:54 root
drwxr-xr-x   1 root     root     4096 Oct  4 07:54 run
lrwxrwxrwx   1 root     root        8 Sep  5 22:38 sbin -> usr/sbin
lrwxrwxrwx   1 root     root        7 Sep  5 22:38 srv -> var/srv
dr-xr-xr-x  13 root     root        0 Oct  6 16:33 sys
drwxrwxrwt   2 root     root     4096 Sep  5 22:38 tmp
-rwxrwx---   1 root     root     1184 Oct  2 21:50 upgrade.sh
drwxr-xr-x   1 root     root     4096 Oct  4 07:54 usr
drwxr-xr-x   1 root     root     4096 Sep 13 06:38 var

The problem is that this script is not added to the chown-ed one in the Dockerfile.

I am curious how this didn't come up for others. I checked and the official image doesn't have this problem because initdb has execute permissions.

docker exec -it harbor-db sh
sh-5.0$ ls -lah 
total 68K
drwxr-xr-x   1 root     root     4.0K Oct  7 07:22 .
drwxr-xr-x   1 root     root     4.0K Oct  7 07:22 ..
-rwxr-xr-x   1 root     root        0 Oct  7 07:22 .dockerenv
lrwxrwxrwx   1 root     root        7 Feb 24  2021 bin -> usr/bin
drwxr-xr-x   1 root     root     4.0K Oct 10  2022 boot
drwxr-xr-x   5 root     root      340 Oct  7 07:22 dev
drwxr-xr-x   1 postgres postgres 4.0K Oct 10  2022 docker-entrypoint-initdb.d
-rwxr--r--   1 postgres postgres 2.5K Oct 10  2022 docker-entrypoint.sh
-rwxr--r--   1 postgres postgres  439 Oct 10  2022 docker-healthcheck.sh
drwxr-xr-x   1 root     root     4.0K Oct  7 07:22 etc
drwxr-xr-x   1 root     root     4.0K Oct 10  2022 home
-rwxr-xr-x   1 root     root     4.2K Oct 10  2022 initdb.sh
lrwxrwxrwx   1 root     root        7 Feb 24  2021 lib -> usr/lib
lrwxrwxrwx   1 root     root        7 Feb 24  2021 lib64 -> usr/lib
lrwxrwxrwx   1 root     root        9 Feb 24  2021 media -> run/media
drwxr-xr-x   4 root     root     4.0K Sep 30  2022 mnt
dr-xr-xr-x 516 root     root        0 Oct  7 07:22 proc
drwxr-x---   2 root     root     4.0K Feb 24  2021 root
drwxr-xr-x   1 root     root     4.0K Oct 10  2022 run
lrwxrwxrwx   1 root     root        8 Feb 24  2021 sbin -> usr/sbin
lrwxrwxrwx   1 root     root        7 Feb 24  2021 srv -> var/srv
dr-xr-xr-x  13 root     root        0 Oct  7 07:22 sys
drwxrwxrwt   2 root     root     4.0K Feb 24  2021 tmp
-rwxr-xr-x   1 root     root     1.2K Oct 10  2022 upgrade.sh
drwxr-xr-x   1 root     root     4.0K Oct 10  2022 usr
drwxr-xr-x   1 root     root     4.0K Sep 30  2022 var

Same is true for upgrade.sh

I have a fairly old compose version:

  • Docker version 27.1.1, build 6312585
  • Docker Compose version v2.21.0
  • Harbor 2.11
@hajnalmt hajnalmt mentioned this issue Oct 7, 2024
Open
5 tasks
@hajnalmt
Copy link
Author

hajnalmt commented Oct 7, 2024
edited
Loading

There were PRs regarding this, but they were disregarded because the user supposedly used an ARM-based system. https://github.com/goharbor/harbor/pull/18766
I am using amd.

dpkg --print-architecture
amd64

I have an 11th gen Intel CPU.

lscpu | grep "Model name"
Model name:                           11th Gen Intel(R) Core(TM) i5-11500H @ 2.90GHz

With Ubuntu as OS:

cat /etc/os-release  | head -1
PRETTY_NAME="Ubuntu 22.04.4 LTS"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hajnalmt