Nginx Unit user UID has changed to 999, breaks git data source sync

Question

Nginx Unit user UID has changed to 999, breaks git data source sync

heapdavid opened this issue 2 months ago · comments

David Heap commented 2 months ago

Current Behavior

Hi,

We are running our containers as user 101

We are moving to using external data sources rather than mounting scripts into the container.

When we try to sync with our git repository, we get the error SyncError('Fetching remote data failed (DefaultIdentityNotFound): no username found') on the frontend and ERROR:root:Fetching remote data failed (DefaultIdentityNotFound): no username found in the logs.

When we run the worker container as root the error goes away and we can sync successfully.

When we run the worker container as a user that has a name in /etc/passwd and set the folder permissions on /opt/netbox/netbox/scripts to match the error goes away and we can sync successfully. When we try to run the main netbox container as that user (e.g. 33 - www-data) it fails to run with permission errors trying to do mkdirs or access the socket etc in the /opt/unit folder

While looking into it and comparing with an older netbox container we see a change in /etc/passwd:

Netbox 3.4.x container:

unit:x:101:101:unit user,,,:/nonexistent:/bin/false

Netbox 3.7.x container:

unit:x:999:999:unit user:/nonexistent:/bin/false

It looks like nginx unit changed to a static uid of 999 in v1.30 so should that be the default user that netbox-docker should be run as going forward? It seems to work so far in testing.

Proof of change of uid: nginx/unit#893

Related? #516

Thanks

Expected Behavior

We should be able to sync with external data sources when the containers are run as user 101

Docker Compose Version

Running in docker swarm not compose

Docker Version

Client: Docker Engine - Community
 Version:           25.0.5
 API version:       1.44
 Go version:        go1.21.8
 Git commit:        5dc9bcc
 Built:             Tue Mar 19 15:05:34 2024
 OS/Arch:           linux/amd64
 Context:           default

The git Revision

n/a, v3.7.5 container

The git Status

n/a, only container

Startup Command

docker stack deploy

NetBox Logs

ERROR:root:Fetching remote data failed (DefaultIdentityNotFound): no username found

Content of docker-compose.override.yml

n/a

Tobias Genannt · Answer 1 · Fri Apr 12 2024 00:41:52 GMT+0800 (China Standard Time)

In our docker-compose.yml we use user: 'unit:root', so it will use the new 999 id. You should configure your docker stack to run the container as 999 and change the ownership of the existing volume.

David Heap · Answer 2 · Fri Apr 12 2024 16:05:46 GMT+0800 (China Standard Time)

Ah of course, thanks!