11

I'm at my wit's end with this, so hopefully you folks can help me. In OSX 10.11.2 with docker-machine, I've got a docker-compose file that should build a local Dockerfile and attach a MySQL container to it. The MySQL container should mount a local folder where I'm storing my database data, so if the container or VM comes down, I can just restart it without data loss. Problem is, when I run it, it throws a permissions error:

db_1  | 2015-12-23 19:17:59 7facaa89b740  InnoDB: Operating system error number 13 in a file operation.
db_1  | InnoDB: The error means mysqld does not have the access rights to
db_1  | InnoDB: the directory.

I've tried every permutation I can think of to get this to work. I was reading around and it may have something to do with how docker-machine handles permissions with OSX, but the documentation for docker-machine says that it mounts the /Users folder, so that shouldn't be an issue.

Here's the docker-compose.yml:

web:
  build: .
  ports:
    - "3000:3000"
  links:
    - db
db:
  image: mysql:5.6
  ports:
    - "3306:3306"
  volumes:
    - /Users/me/Development/mysql-data:/var/lib/mysql
  environment:
    MYSQL_ROOT_PASSWORD: mypass

Any ideas? I can't help but think it's something really simple. Any help would be most appreciated!

Edit:

  • Host - drwxr-xr-x 7 me staff 238 Dec 23 12:10 mysql-data/
  • VM - drwxr-xr-x 1 docker staff 238 Dec 23 20:10 mysql-data/

As to the container, it won't run with the volume mounted. Without the -v mount, it is:

  • Container - drwxr-xr-x 4 mysql mysql 4096 Dec 24 00:37 mysql
greggilbert
  • 1,313
  • 2
  • 13
  • 26
  • The output of `ls -lh` for the data directory in all three locations (host, vm, container) would be helpful for debugging. I think most likely what is happening is that directory is owned by root, and isn't letting the mysql user create new files. – dnephin Dec 23 '15 at 23:35
  • @dnephin, I've updated the question above with the data. Does that help? – greggilbert Dec 24 '15 at 00:39

2 Answers2

14

The issue this comes from is the userids used by Mac and Linux respectively. Mac does not like Linux wanting to use the 1 for the userID.

The way I worked around all the permissions craziness in my mac + docker-machine setup is to use this Dockerfile

FROM mysql:5.6

RUN usermod -u 1000 mysql
RUN mkdir -p /var/run/mysqld
RUN chmod -R 777 /var/run/mysqld

Instead of the plain MySQL 5.6 Image.

The last 2 lines are necessary, because changing the userid for the mysql user will mess up the build in permissions for that image. => you need the 777 permissions to make it run here :/

I know this is a little hacky, but so far the best solution I know to the permissions issue here.

Armin Braun
  • 3,645
  • 1
  • 17
  • 33
  • Okay, so that helped a lot! The image stays up at least. I'm not running it on a socket, though. Without the last two lines, though, I get this: `[ERROR] Can't start server : Bind on unix socket: Permission denied` `[ERROR] Do you already have another mysqld server running on socket: /var/run/mysqld/mysqld.sock ?` And then it does. Any ideas? – greggilbert Dec 24 '15 at 01:10
  • Oh sorry, my bad. I mixing thing sup a little here. If you switch user ids, this will mess with the permissions build into the base image. The userid 1000 will not have access to /var/run/mysqld => you need to adjust this manually. – Armin Braun Dec 24 '15 at 01:14
  • thanks for the note. Attempting to connect from the linked container says `ERROR 1130 (HY000): Host '172.17.0.3' is not allowed to connect to this MySQL server`, so I'm thinking that maybe I have to add my own `my.cnf` in there as well? – greggilbert Dec 24 '15 at 01:18
  • Likely this is not it. Did you start from a clean database or did it already have users in it ? Likely the initial users in that thing were created in a way that forbids remote access. I'd try rerunning this with an empty data directory to rule this possibility out before wasting time on a my.cnf. – Armin Braun Dec 24 '15 at 01:26
  • Actually, changing `my.cnf` helped. The big thing was adding in `bind-address = 0.0.0.0`. And now I can connect and everything! I also tried destroying the containers and images and rebuilding them, and the data was still intact. Thanks so much for the help! – greggilbert Dec 24 '15 at 01:33
  • @ArminBraun Looks like it works nice, I'll try it!!. However, is there any way to avoid hardcoding the UID = `1000` into the *dockerfile*? – alariva Nov 17 '16 at 05:15
  • @ArminBraun Sorry for bothering, but I could not make it, it seems that *mysqld* [halts when starting](https://snag.gy/t1Dc5w.jpg). I'd be grateful if you could drop any hint :) [My dockerfile](http://pastebin.com/bEr4tqnN) – alariva Nov 17 '16 at 05:30
  • 1
    @alariva could you provide the logs for mysqld in your case? I'm sure we can figure it out from there. You could just add something like `|| cat /var/log/mysql*` to the end of your command for starting mysql. (sorry don't know the log path by heart here, but should be close to the above) – Armin Braun Nov 17 '16 at 14:35
  • @ArminBraun Thanks! Sure, I'll check that out and tell you. Also let me know if you prefer me raising a new question or getting to a chat channel for not *trolling* this comments board. – alariva Nov 17 '16 at 14:42
  • @ArminBraun I [paste](http://pastebin.com/CATuWtdr) the output and [this is the dockerfile](http://pastebin.com/cw4LMT0T) I used. Looks like `SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'`, but I've no clue. Thanks! :) – alariva Nov 17 '16 at 15:12
  • 1
    @alariva ah now I see, sorry for missing the obvious. You cannot run `/etc/init.d/mysql start` from inside a `RUN` section (or during image build in general when using the debian master image)! Look at http://stackoverflow.com/questions/26938684/docker-io-init-d-script-not-working-on-start-container and the first answer there for more details. Sorry, but you'll need to reorganise your build somehow :( – Armin Braun Nov 18 '16 at 19:42
  • @ArminBraun thanks! I will check that out! I believe there are many things to sort out in this dockerfile. Would you kindly verify [this question](http://stackoverflow.com/q/40662300/2196310) since I could manage to get the desired by reorganizing a bit, but Im pretty sure that there are probably some important tweaks that would make it feel less hacky. Appreciate your hints! – alariva Nov 18 '16 at 19:51
2

Try to use the latest docker for mac instead of docker tools. Docker for Mac no longer uses VirtualBox, but rather HyperKit, a lightweight OS X virtualization solution built on top of Hypervisor.framework in OS X 10.10 Yosemite and higher.

I suggest also completely remove docker tools(they could co-exist): https://github.com/docker/toolbox/blob/master/osx/uninstall.sh

With docker for mac, you don't have to use permission hacks, it would just work like it would be on a linux build.

Alan
  • 596
  • 5
  • 18