Nginx Unit user UID has changed to 999, breaks git data source sync
heapdavid opened this issue · comments
Current Behavior
Hi,
We are running our containers as user 101
We are moving to using external data sources rather than mounting scripts into the container.
When we try to sync with our git repository, we get the error SyncError('Fetching remote data failed (DefaultIdentityNotFound): no username found')
on the frontend and ERROR:root:Fetching remote data failed (DefaultIdentityNotFound): no username found
in the logs.
When we run the worker container as root the error goes away and we can sync successfully.
When we run the worker container as a user that has a name in /etc/passwd
and set the folder permissions on /opt/netbox/netbox/scripts
to match the error goes away and we can sync successfully. When we try to run the main netbox container as that user (e.g. 33
- www-data
) it fails to run with permission errors trying to do mkdir
s or access the socket etc in the /opt/unit
folder
While looking into it and comparing with an older netbox container we see a change in /etc/passwd
:
Netbox 3.4.x container:
unit:x:101:101:unit user,,,:/nonexistent:/bin/false
Netbox 3.7.x container:
unit:x:999:999:unit user:/nonexistent:/bin/false
It looks like nginx unit changed to a static uid of 999 in v1.30 so should that be the default user that netbox-docker should be run as going forward? It seems to work so far in testing.
Proof of change of uid: nginx/unit#893
Related? #516
Thanks
Expected Behavior
We should be able to sync with external data sources when the containers are run as user 101
Docker Compose Version
Running in docker swarm not compose
Docker Version
Client: Docker Engine - Community
Version: 25.0.5
API version: 1.44
Go version: go1.21.8
Git commit: 5dc9bcc
Built: Tue Mar 19 15:05:34 2024
OS/Arch: linux/amd64
Context: default
The git Revision
n/a, v3.7.5 container
The git Status
n/a, only container
Startup Command
docker stack deploy
NetBox Logs
ERROR:root:Fetching remote data failed (DefaultIdentityNotFound): no username found
Content of docker-compose.override.yml
n/a
In our docker-compose.yml
we use user: 'unit:root'
, so it will use the new 999 id. You should configure your docker stack to run the container as 999 and change the ownership of the existing volume.
Ah of course, thanks!