Packer: docker build's mkdir permission error

Created on 17 Feb 2017  路  7Comments  路  Source: hashicorp/packer

Can't get the simple docker builder example to work. The docker run step fails with a permission error when trying to make a directory that already exists. I'll include permission info below the output. The error happens within the latest version of docker, but I am not sure if the problem is with docker itself, or with packer setting up directories incorrectly. If I run the docker run command without the -v option, it seems to work, but I am not exactly sure what the implication of that is.

  • Packer version from packer version
    v0.12.2
  • Host platform
    linux (CentOS7)
  • Output
$ docker --version
Docker version 1.13.1, build 092cba3
$ ./packer build -only=docker build-docker_test.json
docker output will be in this color.

==> docker: Creating a temporary directory for sharing data...
==> docker: Pulling Docker image: amazonlinux:latest
    docker: latest: Pulling from library/amazonlinux
    docker: Digest: sha256:2010c88ac1e7c118d61793eec71dcfe0e276d72b38dd86bd3e49da1f8c48bf54
    docker: Status: Image is up to date for amazonlinux:latest
==> docker: Starting docker container...
    docker: Run command: docker run -v /home/broot/.packer.d/tmp/packer-docker135227261:/packer-files -d -i -t amazonlinux:latest /bin/bash
==> docker: Error running container: Docker exited with a non-zero exit status.
==> docker: Stderr: docker: Error response from daemon: error while creating mount source path '/home/broot/.packer.d/tmp/packer-docker135227261': mkdir /home/broot/.packer.d: permission denied.
==> docker:
Build 'docker' errored: Error running container: Docker exited with a non-zero exit status.
Stderr: docker: Error response from daemon: error while creating mount source path '/home/broot/.packer.d/tmp/packer-docker135227261': mkdir /home/broot/.packer.d: permission denied.


==> Some builds didn't complete successfully and had errors:
--> docker: Error running container: Docker exited with a non-zero exit status.
Stderr: docker: Error response from daemon: error while creating mount source path '/home/broot/.packer.d/tmp/packer-docker135227261': mkdir /home/broot/.packer.d: permission denied.


==> Builds finished but no artifacts were created.

I ran it once with cleanup turned off in order to see what the permissions of what is left behind looks like:

$ ls -ld .packer.d/ .packer.d/tmp .packer.d/tmp/packer-docker442117111/
drwxr-sr-x. 3 broot blue 2048 Feb 17 16:43 .packer.d/
drwxr-sr-x. 3 broot blue 2048 Feb 17 17:13 .packer.d/tmp
drwx--S---. 2 broot blue 2048 Feb 17 17:06 .packer.d/tmp/packer-docker442117111/
  • The _simplest example template and scripts_ needed to reproduce the bug.
{
  "builders": [{
    "type": "docker",
    "image": "amazonlinux:latest",
    "export_path": "/home/broot/scratch/Respond-Images/test.tar.gz"
}]
}
buildedocker docs
Source
picture WeatherGod

Most helpful comment

I think I figured it out. The problem isn't with packer, and it is only partly a problem with docker. In linux (at least, the centos7 system I have), a filepath cannot be resolved if the caller does not have 'x' permission to any directory component of that path. For my company, we set up the home directories to not give any permissions to those outside our group.

Since my directories are created with a completely different default group than the docker stuff runs as, the docker daemon didn't seem to be able to successfully stat that directory. Once I chmod'ed "o+x" my home directory, I was able to successfully run the docker command.

For packer's part, I could find no way to tell packer where I wanted it to create these temporary directories. Also, docker does not allow one to use relative paths for that filename, so I couldn't work around the problem by using a path relative to my CWD.

As for resolution, perhaps packer could detect this situation and emit a message explaining what might be wrong?

picture WeatherGod on 21 Feb 2017
👍3

All 7 comments

I think I figured it out. The problem isn't with packer, and it is only partly a problem with docker. In linux (at least, the centos7 system I have), a filepath cannot be resolved if the caller does not have 'x' permission to any directory component of that path. For my company, we set up the home directories to not give any permissions to those outside our group.

Since my directories are created with a completely different default group than the docker stuff runs as, the docker daemon didn't seem to be able to successfully stat that directory. Once I chmod'ed "o+x" my home directory, I was able to successfully run the docker command.

For packer's part, I could find no way to tell packer where I wanted it to create these temporary directories. Also, docker does not allow one to use relative paths for that filename, so I couldn't work around the problem by using a path relative to my CWD.

As for resolution, perhaps packer could detect this situation and emit a message explaining what might be wrong?

WeatherGod picture WeatherGod on 21 Feb 2017
👍3

For packer's part, I could find no way to tell packer where I wanted it to create these temporary directories.

We do have a way to override the temp directory path, but unfortunately it's not documented afaik. You can override where packer writes temp files for docker with $PACKER_TMP_DIR. I will see if I can document it.

mwhooker picture mwhooker on 21 Feb 2017

Thank you!

WeatherGod picture WeatherGod on 22 Feb 2017
👍1

I tried Chmod o+x on the home directory even then i am getting same error:
Command i tried:

-bash-4.2$ docker run -v /opt/freesurfer/6.0.0/license.txt:/fslicense.txt:ro            -v /home/vhasfcbhogas/BIDS:/data:ro            -v /home/vhasfcbhogas/testFm/fmriprep-1.3.2:/work            -w /work poldracklab/fmriprep:1.3.2            /data out/ participant --participant-label 215 --skip_bids_validation --sloppy --ignore slicetiming --fs-license-file /fslicense.txt

Output -
docker: Error response from daemon: error while creating mount source path '/home/vhasfcbhogas/BIDS': mkdir /home/vhasfcbhogas/BIDS: permission denied. ERRO[0000] error waiting for container: context canceled

  • Host Platform: CENTOS 7.6.1810
  • Docker version
    -bash-4.2$ docker --version Docker version 18.09.4, build d14af54266

Any suggestions @WeatherGod @mwhooker!

Thanks!

suyashdb picture suyashdb on 8 Apr 2019

Each component of the path /home/vhasfcbhogas/ needs to be executable by the docker daemon. Usually, this is the case for typical Linux installs. Furthermore, it looks like your daemon is trying to create a subdirectory, so perhaps you may need to create it ahead of time?

WeatherGod picture WeatherGod on 8 Apr 2019

I did chmod every component of /home/vhasfcbhogas however, the docker image will create few temp folders inside for processing.. I gave no control on them as they are created during processing and get deleted latter.. Not sure how to handle this situation.

suyashdb picture suyashdb on 8 Apr 2019

Please only use _GitHub Issues_ for reporting bugs and feature requests. Do not ask for general help here. Use _IRC #packer-tool on Freenode_ or the mailing list for that.

See https://www.packer.io/community/

_If you are describing a bug or a feature request please reopen and try to add some more details to make it clearer._

rickard-von-essen picture rickard-von-essen on 9 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

DanielBo picture DanielBo  路  3Comments
tleyden picture tleyden  路  3Comments
shashanksinha89 picture shashanksinha89  路  3Comments
mushon4 picture mushon4  路  3Comments
jesse-c picture jesse-c  路  3Comments