Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postgres not deploying due to app ACL permissions for host path volumes #1562

Closed
cafawo opened this issue Feb 7, 2025 · 3 comments
Closed

Postgres not deploying due to app ACL permissions for host path volumes #1562

cafawo opened this issue Feb 7, 2025 · 3 comments
Assignees
@stavros-k
Labels
awaiting-feedback

Comments

@cafawo
Copy link

cafawo commented Feb 7, 2025

Howdy,

I am struggling with deploying

Name: postgres
App Version: 17.2
Version: 1.0.15
Source: hub.docker.com/_/postgres
Train: community
On: TrueNAS Scale ElectricEel-24.10.2

I have set up a dataset which should serve as the postgres data storage. I manage these datasets (initially) using NFSv4 ACL and already struggled to deploy postgres with these settings, however, I found the following fix here: https://forums.truenas.com/t/postgres-app-not-running-in-scale-electric-eel/25203/2

When you create your postgres dataset, do it with POSIX permissions. Click Edit on the Permissions widget then Set ACL. Set the owner to netdata and the group to docker (these correspond to 999:999). Tick the Apply Owner and Apply Group checkboxes and save the ACL. Then deploy the app as normal, using that dataset in your host path for postgres data storage.

After creating the data said using POSIX ACL, I had to switch back to NFSv4 ACL in order to get SMB shares to work. (Apparently: TrueNAS does not allow an SMB share to traverse datasets with mixed ACL types.)

With this, both SMB and postgres were working just fine.

However, after restarting TrueNAS, postgres does not deploy anymore, with the logs stating:

2025-02-05 20:03:57.242463+00:002025-02-05 20:03:57.242 UTC [1] FATAL: data directory “/var/lib/postgresql/data” has invalid permissions
2025-02-05 20:03:57.242490+00:002025-02-05 20:03:57.242 UTC [1] DETAIL: Permissions should be u=rwx (0700) or u=rwx,g=rx (0750).

Unless I am missing something, the permission management seems awfully complex. In contrast, Plex with ACL permissions runs just fine. Is there anything that I am missing or is this something that can be fixed?

Apologies for the long description and many thanks for your help.
@stavros-k
Copy link
Contributor

Postgres does not like ACLs, it requires the data to be owned by 999 user/group.
Posix ACLs is the only ones found to be working.
This is not something we can work around, because postgres does some strict checks about data ownership.

@stavros-k stavros-k self-assigned this Feb 7, 2025
@cafawo
Copy link
Author

cafawo commented Feb 7, 2025

Hi @stavros-k , the data is owned by 999 user/group:

Image

The permissions are NFSv4 though. I am a bit confused as this NFSv4 ACL setting seemed to have worked before the restart.

@stavros-k
Copy link
Contributor

The check happens when the postgres container starts.
So if you change it while its running it wont stop working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stavros-k stavros-k

Labels
awaiting-feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cafawo @stavros-k