I've had a docker based environment running for a few months, configured via docker-compose and have tried to add new Radarr/Tdarr containers to the configuration. When re-running the docker-compose command, it returns a Permission Denied error as follows:
dhevans@ubuntu:/htpc-svc$ sudo docker-compose pull && docker-compose up -d
Pulling plex-server ... done
Pulling homeassistant ... done
Pulling node-red ... done
Pulling watchtower ... done
Pulling radarr ... done
Pulling tdarr ... done
Traceback (most recent call last):
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "requests/adapters.py", line 449, in send
File "urllib3/connectionpool.py", line 727, in urlopen
File "urllib3/util/retry.py", line 410, in increment
File "urllib3/packages/six.py", line 734, in reraise
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker/api/client.py", line 214, in _retrieve_server_version
File "docker/api/daemon.py", line 181, in version
File "docker/utils/decorators.py", line 46, in inner
File "docker/api/client.py", line 237, in _get
File "requests/sessions.py", line 543, in get
File "requests/sessions.py", line 530, in request
File "requests/sessions.py", line 643, in send
File "requests/adapters.py", line 498, in send
requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker-compose", line 3, in <module>
File "compose/cli/main.py", line 81, in main
File "compose/cli/main.py", line 200, in perform_command
File "compose/cli/command.py", line 70, in project_from_options
File "compose/cli/command.py", line 153, in get_project
File "compose/cli/docker_client.py", line 43, in get_client
File "compose/cli/docker_client.py", line 170, in docker_client
File "docker/api/client.py", line 197, in __init__
File "docker/api/client.py", line 222, in _retrieve_server_version
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
[2464] Failed to execute script docker-compose
During my testing for these containers, I have removed the new images from the compose file, and it still returns the error. This would indicate to me that it is not to do with the new containers, but something with Docker that no longer functions.
If I run sudo docker-compose up or sudo docker-compose up radarr, the containers start fine and I am able to access the web services remotely. They function as expected until I kill the command. This would indicate to me that there is no real problem with the images or config, but that there is something stopping me from having my docker compose file from correctly starting the entire configuration.
version: "3.4"
services:
plex-server:
container_name: plex-server
image: linuxserver/plex
restart: unless-stopped
environment:
- PUID=${PUID} # default user id, defined in .env
- PGID=${PGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- VERSION=docker
network_mode: host
volumes:
- ${ROOT}/config/plex/db:/config # plex database
- ${ROOT}/data/config/plex/transcode:/transcode # temp transcoded files
- /mnt/elements:/elements
- /mnt/expansion:/expansion
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- ${ROOT}/config/homeassistant:/config
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
privileged: true
network_mode: host
node-red:
image: nodered/node-red:latest
restart: always
depends_on:
- "homeassistant"
user: root
environment:
- TZ=Europe/Zurich
# ports:
# - "1880:1880"
network_mode: host
volumes:
- ${ROOT}/config/nodered:/data
- /etc/localtime:/etc/localtime:ro
watchtower:
container_name: watchtower
image: v2tec/watchtower
network_mode: host
environment:
- LOG_LEVEL=info
- PUID=${PUID} # default user id, defined in .env
- PGID=${PGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- UMASK=022 #optional
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
radarr:
container_name: radarr
image: cr.hotio.dev/hotio/radarr
network_mode: bridge
ports:
- "7878:7878"
environment:
- PUID=${PUID}
- PGID=${PGID}
- UMASK=002
- TZ=${TZ}
volumes:
- ${ROOT}/config/radarr:/config # plex database
- /mnt/elements:/elements
- /mnt/expansion:/expansion
tdarr:
container_name: tdarr
image: ghcr.io/haveagitgat/tdarr:latest
restart: unless-stopped
network_mode: bridge
ports:
- 8265:8265 # webUI port
- 8266:8266 # server port
# - 8267:8267 # Internal node port
# - 8268:8268 # Example extra node port
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
- UMASK_SET=002
- serverIP=0.0.0.0
- serverPort=8266
- webUIPort=8265
- internalNode=true
- nodeID=MyInternalNode
volumes:
- ${ROOT}/config/tdarr/server:/app/server
- ${ROOT}/config/tdarr/config:/app/configs
- ${ROOT}/config/tdarr/logs:/app/logs
- ${ROOT}/data/tdarr/transcode_cache:/temp
- /mnt/elements:/elements
- /mnt/expansion:/expansion
tl;dr; Tried to add new containers to docker-compose. Always getting the error. Removed new containers, still get the error. Old websites still work, new websites only work via docker-compose-up. Everything is run as sudo. Please tell me what I'm doing wrong, or where to look as I've been hitting my head against a brick wall for a few hours now.
CodePudding user response:
I removed all but the first service, restarted the service.
I readded the services, one by one, starting the new one each time.
I did not receive any errors. I executed a sudo docker-compose down, all containers stopped. I reissued a sudo docker-compose up -d and all containers started without any errors.
I don't know why it worked this time and not before...
CodePudding user response:
It seems the error you get first was not a heisenbug, but should be reproducible any time you run docker-compose without sudo (as the Docker daemon socket is owned by root:docker).
To be more precise, the error was related to the fact you executed the command:
sudo docker-compose pull && docker-compose up -d #(1.)
which has not the same semantics as
sudo /bin/bash -c "docker-compose pull && docker-compose up -d" #(2.)
and thus, the docker-compose up -d part of command 1. was run without root permissions.
So if you want to combine both without running an extra bash process, you could just run:
sudo docker-compose pull && sudo docker-compose up -d
As an aside, note that it is possible to "remove" the sudo prefix from Docker commands, in at least 2 ways: join the docker group (which can be risky on a personal workstation), or use a bash alias; see e.g. this earlier answer of mine for details: docker.sock permission denied.