Docker Community Forums

Share and learn in the Docker community.

Permission Denied error when building a service dependent on a database service


(Krystalcode) #1

I am encountering an error while trying to build a service that depends on another service (database) that has its data defined as a volume. I have seen it in a couple of different cases using MariaDB and ElasticSearch.

Example definitions are (nothing strange here):

elasticsearch:
  image: elasticsearch
  container_name: elasticsearch
  volumes:
    - ./docker/.volumes/elasticsearch:/usr/share/elasticsearch/data

api:
  build          : ./docker
  dockerfile     : Dockerfile-api
  container_name : api
  volumes        :
    - .:/src
  working_dir    : /src

When I execute “docker-compose build api”, I get the following error:

Building api_webhooks
Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 9, in <module>
    load_entry_point('docker-compose==1.6.2', 'console_scripts', 'docker-compose')()
  File "/usr/lib/python2.7/site-packages/compose/cli/main.py", line 56, in main
    command.sys_dispatch()
  File "/usr/lib/python2.7/site-packages/compose/cli/docopt_command.py", line 23, in sys_dispatch
    self.dispatch(sys.argv[1:], None)
  File "/usr/lib/python2.7/site-packages/compose/cli/docopt_command.py", line 26, in dispatch
    self.perform_command(*self.parse(argv, global_options))
  File "/usr/lib/python2.7/site-packages/compose/cli/main.py", line 191, in perform_command
    handler(project, command_options)
  File "/usr/lib/python2.7/site-packages/compose/cli/main.py", line 212, in build
    force_rm=bool(options.get('--force-rm', False)))
  File "/usr/lib/python2.7/site-packages/compose/project.py", line 248, in build
    service.build(no_cache, pull, force_rm)
  File "/usr/lib/python2.7/site-packages/compose/service.py", line 679, in build
    buildargs=build_opts.get('args', None),
  File "/usr/lib/python2.7/site-packages/docker/api/build.py", line 49, in build
    context = utils.tar(path, exclude=exclude, dockerfile=dockerfile)
  File "/usr/lib/python2.7/site-packages/docker/utils/utils.py", line 103, in tar
    t.add(os.path.join(root, path), arcname=path, recursive=False)
  File "/usr/lib64/python2.7/tarfile.py", line 2021, in add
    with bltn_open(name, "rb") as f:
IOError: [Errno 13] Permission denied: '/home/krystalcode/projects/api/docker/.volumes/elasticsearch/elasticsearch/nodes/0/indices/.marvel-es-2016.02.05/0/translog/translog-8023002078844058457.tlog'

I am using the following versions on Fedora 23.

Docker version 1.9.1, build ee06d03/1.9.1
docker-compose version 1.6.2, build 4d72027


(David Maze) #2

When you say:

The Docker engine tars up the entire contents of the docker directory, under your user ID, and tries to send it to the daemon as the build context (less what’s in the .dockerignore file). But, since you also say

that directory tree includes all of your Elasticsearch content, and since the Elasticsearch container runs as its own user, your default user can’t read it…hence the error.

I would recommend just deleting this “volumes” block entirely and letting the Elasticsearch (persistent) content live in a Docker-managed volume. (It’s not something you ever need to look at or manage directly, and you’re already keeping it in a hidden directory, so there’s not really a downside to having it less-accessible.)


(Krystalcode) #3

Thank you for the response, you’ve pointed toward the right direction.