Install via Docker Error: failed to load configuration: could not create config file: open /mattermost/config/config.json: permission denied

Summary
I am trying to install Mattermost team edition container on a rocky linux 9 vm using podman and podman-compose, when running the compose up command the Mattermost container fails exiting with error.

[mattermost@vm-com docker]$ id
uid=2000(mattermost) gid=2000(mattermost) groups=2000(mattermost),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[mattermost@vm-com docker]$ ls -l ./volumes/app/mattermost
total 0
drwxr-xr-x. 2 mattermost mattermost  6 Jan 25 01:38 bleve-indexes
drwxr-xr-x. 3 mattermost mattermost 21 Jan 25 01:38 client
drwxr-xr-x. 2 mattermost mattermost  6 Jan 25 01:38 config
drwxr-xr-x. 2 mattermost mattermost  6 Jan 25 01:38 data
drwxr-xr-x. 2 mattermost mattermost  6 Jan 25 01:38 logs
drwxr-xr-x. 2 mattermost mattermost  6 Jan 25 01:38 plugins
MATTERMOST_IMAGE=mattermost-team-edition
MATTERMOST_IMAGE_TAG=9.4

Steps to reproduce
podman-compose -f docker-compose.yml -f docker-compose.without-nginx.yml up -d

Expected behavior
Mattermost up and running

Observed behavior

mattermost@vm-com docker]$ podman ps -a
CONTAINER ID  IMAGE                                             COMMAND     CREATED         STATUS                                 PORTS                                                                   NAMES
d2684cfc89ca  docker.io/library/postgres:13-alpine              postgres    57 seconds ago  Up Less than a second                                                                                          docker_postgres_1
b9653db98835  docker.io/mattermost/mattermost-team-edition:9.4  mattermost  54 seconds ago  Exited (1) 51 seconds ago (unhealthy)  0.0.0.0:8065->8065/tcp, 0.0.0.0:8443->8443/tcp, 0.0.0.0:8443->8443/udp  docker_mattermost_1
[mattermost@vm-com docker]$ podman logs docker_mattermost_1
Error: failed to load configuration: could not create config file: open /mattermost/config/config.json: permission denied
Usage:
  mattermost [flags]
  mattermost [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  db          Commands related to the database
  export      Export data from Mattermost
  help        Help about any command
  import      Import data.
  jobserver   Start the Mattermost job server
  server      Run the Mattermost server
  version     Display version information

Flags:
  -c, --config string   Configuration file to use.
  -h, --help            help for mattermost

Use "mattermost [command] --help" for more information about a command.

podman does a few things very differently than Docker. It avoids running as root, which is a good thing from a security perspective, but stuff like this can happen. A good place to ask might be Discussions - Red Hat Customer Portal (you can join their Developer program for free to get access - https://developers.redhat.com/ ) Podman came out of Red Hat / Dan Walsh, so there’s a good chance that someone in the community there can help!

It’s been a long time since I tried to deploy with podman. I’ll play around and see if I can’t come up with a working strategy. But I wound up just going along and using Docker.

1 Like

This is at least partly an SELinux issue. In docker-compose.yml under security_opt for both containers add “- label"disable” like:

    security_opt:
      - no-new-privileges:true
      - label:disable

I’m still having an issue where the ownership isn’t getting set properly:

mattermost@0d4723e02e77:~$ ls -ln
total 640
-rw-r--r--. 1  2000  2000   2046 Jan 19 16:48 ENTERPRISE-EDITION-LICENSE.txt
-rw-r--r--. 1  2000  2000 598280 Jan 19 16:48 NOTICE.txt
-rw-r--r--. 1  2000  2000   7528 Jan 19 16:48 README.md
drwxr-xr-x. 2  2000  2000     37 Jan 19 16:49 bin
drwxr-xr-x. 2 65534 65534      6 Jan 25 15:58 bleve-indexes
drwxr-xr-x. 8  2000  2000  20480 Jan 19 16:48 client
drwxr-xr-x. 2 65534 65534      6 Jan 25 15:58 config
drwxr-xr-x. 2 65534 65534      6 Jan 25 15:58 data
drwxr-xr-x. 2  2000  2000     44 Jan 19 16:48 fonts
drwxr-xr-x. 2  2000  2000   4096 Jan 19 16:48 i18n
drwxr-xr-x. 2 65534 65534      6 Jan 25 15:58 logs
-rw-r--r--. 1  2000  2000    448 Jan 19 16:48 manifest.txt
drwxr-xr-x. 2 65534 65534      6 Jan 25 15:58 plugins
drwxr-xr-x. 2  2000  2000   4096 Jan 19 16:49 prepackaged_plugins
drwxr-xr-x. 2  2000  2000   4096 Jan 19 16:48 templates

But I will figure that out!

1 Like

I’m getting closer:

sudo chown -R 101999:101999 volumes/app/mattermost

I got those values via

podman top -l huser,hgroup

Now my file permissions are correct. However, it doesn’t appear that podman is passing i n the environment variables correctly… config.json is written, but with default values.

1 Like

By manually running the long, long ‘podman run’ command with the environment variables all spelled out, it works! I can log in. So I’m now guessing there’s something odd about how podman-compose expands variables, or how it’s read from the docker compose file?

1 Like