This repository has been archived by the owner on Jul 28, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 41
LCOW: Docker Volumes don't support some fs operations that bind mounts support - CreateFile access denied #337
Comments
Iristyle
added a commit
to Iristyle/pupperware
that referenced
this issue
Sep 13, 2019
- docker-compose supports named volumes, which are different than the bind mounts that have been used thus far bind mounts expect that the host directory exists on disk and their behavior is a bit different, and is discussed in the docs at: https://docs.docker.com/storage/bind-mounts/ - While LCOW is happy to support both volumes and bind mounts, support from the platform is a bit different. Specifically it appears that bind mounts properly support symlinks (necessary during Postgres startup), while volumes do not. An issue has been filed to track that issue at moby/moby#39922 (originally filed at microsoft/opengcs#337) - Switch all volumes to named, except for the one Postgres data volume which must remain a bind mount
Left the same comment on the Moby issue: I should have paid closer attention to the "access denied" error that came back in my trace. Turns out this is permissions related and should hopefully be pretty straightforward to address (just need to find the least privilege to be granted, noting that NTFS junctions historically required admin privileges in Windows, and that changed a bit in Windows 10 - see https://blogs.windows.com/windowsdeveloper/2016/12/02/symlinks-windows-10/) Create the volume
Find the volume location on disk
Get current permissions
Grant Full permissions to the Windows users group
And read them back
Start Postgres with the named volume
Postgres output - success!
|
Wow @Iristyle you're a rockstar! Thanks so much for sharing your results. I was having the exact same problem and I would certainly give up before finding the way you came up with! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Launching Postgres Linux container under RS5 / 19H1 with a Docker bind mount works, but fails when a Docker volume is used.
Bind mount successful example
Startup logs
Volume failure example
Don't explicitly create / specify a volume so that an anonymous volume is created. The behavior is the same when manually creating a named volume with
docker volume create pg
and instead callingdocker run --volume pg:/var/lib/postgresql/data postgres:9.6
Startup logs
Environment info
docker version
docker info
Debugging
I used procmon to trace the API calls through
vmwp.exe
that seem to cause the specific failure. It appears thatCreateFile
is passed the same arguments in both cases, but getsaccess denied
when avolume
is used, but is successful with abind mount
:The stack trace for that API call is
Here's a procmon screenshot showing the sequence of API calls leading to the failures is pretty similar until the
access denied
Complete logs available in https://gist.github.com/Iristyle/f4867a954ab7545f38c030e4d91ef511
Postgres Info
Postgres is running the command
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"
in the container at the time of failure: https://github.com/docker-library/postgres/blob/master/docker-entrypoint.sh#L75Which I believe is originating from https://github.com/postgres/postgres/blob/REL9_6_STABLE/src/bin/initdb/initdb.c#L3260
And ultimately originates from the Postgres function
durable_link_or_rename
at https://github.com/postgres/postgres/blob/REL9_6_STABLE/src/backend/storage/file/fd.c#L707See also the related docker-library/postgres#253
The text was updated successfully, but these errors were encountered: