Deployment failures in a variety of configurations, including locally built and docker hub images

[bensulli]

Hi,

I recognize this is open-source software. Much/all of it is built by volunteers. I would not submit this issue in most cases, but this is also an on-premises paid solution that I'm unable to even trial on my own server due to the difficulties I'm encountering with a bog-standard demo deploy. If the response to this ticket is "you're an idiot, you did this obvious thing wrong" or "fork and fix it yourself" so be it, I will accept that.

tl;dr
I can't find any documentation for a docker-compose.yml that pulls the necessary images from docker hub. I'm having no end of problems building these images manually (see below details). Virtually every other docker-based application I run (which is in the dozens) has off-the-shelf images that I can just deploy without fiddling with Dockerfiles, filesystem permissions, etc, so I'm surprised enterprise-grade applications like this don't just work with a simple docker-compose deployment.

I've looked through several of the guides (many of which contradict each other or are deprecated), including the other issues in this repo.

I have reviewed the below and always get some variation of fatal error on deploy:

• The repo readme
• PostgreSQL 9.4 deprecated #489 (comment) (which is for upgrades, not initial deployment)
• Building DB Failes #542
• mattermost cli tries to connect to localhost:5432 #399
• cp: can't create '/mattermost/config/config.json': Permission denied #407
• https://docs.mattermost.com/install/prod-docker.html (fails, as written, with ERROR: libressl3.3-libtls-3.3.3-r0: trying to overwrite usr/lib/libtls.so.20 owned by libretls-3.3.3-r0. on building the db image)
• docker-compose build fails: ERROR: Service 'db' failed to build:  #446 (marked as closed, but two others in addition to me report it's still happening)
• https://docs.mattermost.com/install/docker-local-machine.html (example docker run fails because there's no DB to connect to)

Thanks in advance for any feedback, suggestions, or ridicule at my incompetence.

The rest is some detail on the problems I'm encountering, but the above is the crux of the issue - it's very rare I need to futz around this much for a docker-based deploy of anything I run. Generally, I clone a repo (or even just copy/paste a docker-compose.yml sample), make a couple customizations for my use case, and docker-compose up -d and I'm done.

The key issue seems to be file permissions. When I run docker-compose as my regular non-root user, somehow it creates the volume directory as root? I'm no linux expert, but how is a non-root process creating a directory owned by root?

drwxr-xr-x  9 sulli sulli  4096 Jul  4 21:51 ./
drwxrwxr-x 45 sulli user   4096 Jul  4 21:17 ../
drwxr-xr-x  2 sulli sulli  4096 Jul  4 18:46 .circleci/
drwxr-xr-x  8 sulli sulli  4096 Jul  4 21:30 .git/
-rw-r--r--  1 sulli sulli   134 Jul  4 18:46 .gitignore
-rw-r--r--  1 sulli sulli   762 Jul  4 18:46 .travis.yml
-rwxr-xr-x  1 sulli sulli   609 Jul  4 18:46 CONTRIBUTING.md*
-rw-r--r--  1 sulli sulli 10173 Jul  4 18:46 LICENSE
-rw-r--r--  1 sulli sulli  2821 Jul  4 18:46 MAINTENANCE.md
-rw-r--r--  1 sulli sulli 11127 Jul  4 18:46 README.md
drwxr-xr-x  2 sulli sulli  4096 Jul  4 21:33 app/
drwxr-xr-x  5 sulli sulli  4096 Jul  4 18:46 contrib/
drwxr-xr-x  2 sulli sulli  4096 Jul  4 21:35 db/
-rwxr-xr-x  1 sulli sulli  1239 Jul  4 21:49 docker-compose.yml*
**drwxr-xr-x  5 root  root   4096 Jul  4 21:51 volumes/**
drwxr-xr-x  2 sulli sulli  4096 Jul  4 21:44 web/

resulting in...

Error: failed to load configuration: failed to create store: unable to load on store creation: failed to persist: failed to write file: open /mattermost/config/config.json: permission denied

Alright, so I tried using @mahenzon's container which attempts to set the permissions correctly and appears to do so. Now I run into this issue #399 which I'm unable to work around.

2021/07/04 22:17:56 [error] 10#10: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://172.29.0.4:8000/", host: "localhost:8080"

I'd be overjoyed to hear "you're an idiot, you didn't read (x) right", but I feel I've done quite a bit of due diligence to resolve this on my own before reporting.

My current docker-compose.yml is:

version: "3"

services:

  db:
    image: postgres
    restart: unless-stopped
    volumes:
      - ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      - POSTGRES_USER=mmuser
      - POSTGRES_PASSWORD=tJRkF6TsLF
      - POSTGRES_DB=mattermost

  app:
    image: mahenzon/mattermost-enterprise
    restart: unless-stopped
    volumes:
      - ./volumes/app/mattermost/config:/mattermost/config:rw
      - ./volumes/app/mattermost/data:/mattermost/data:rw
      - ./volumes/app/mattermost/logs:/mattermost/logs:rw
      - ./volumes/app/mattermost/plugins:/mattermost/plugins:rw
      - ./volumes/app/mattermost/client-plugins:/mattermost/client/plugins:rw
      - /etc/localtime:/etc/localtime:ro
    environment:
      - MM_USERNAME=mmuser
      - MM_PASSWORD=tJRkF6TsLF
      - MM_DBNAME=mattermost
      - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:tJRkF6TsLF@db:5432/mattermost?sslmode=disable&connect_timeout=10

  web:
    build: web
    ports:
      - "13531:8080"
    read_only: true
    restart: unless-stopped
    volumes:
      - ./volumes/web/cert:/cert:ro
      - /etc/localtime:/etc/localtime:ro
    cap_drop:
      - ALL

[bensulli]

I think I may finally have it working, though requiring a fair bit of deviation from documentation:

1. git clone https://github.com/mattermost/mattermost-docker.git
2. Modify the docker-compose to pull postgres from docker hub, rather than building it locally from the mattermost repo
3. Run mkdir -pv ./volumes/app/mattermost/{data,logs,config,plugins,client-plugins}
4. Run sudo chown -R 1000:1000 ./volumes/app/mattermost/ (change 1001 to your uid/gid if different)
5. docker-compose up --build
6. Once it's up and accessible, shut it down
7. Modify the config.json in volumes/app/mattermost/config with a siteurl and smtp, if needed
8. docker-compose up -d

My current docker file (with some items obfuscated)

version: "3"

services:

  db:
    image: postgres
    restart: unless-stopped
    volumes:
      - ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      - POSTGRES_USER=mmuser
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=mattermost

  app:
    build:
      context: app
      args:
         - PUID=1001
         - PGID=1001
    restart: unless-stopped
    volumes:
      - ./volumes/app/mattermost/config:/mattermost/config:rw
      - ./volumes/app/mattermost/data:/mattermost/data:rw
      - ./volumes/app/mattermost/logs:/mattermost/logs:rw
      - ./volumes/app/mattermost/plugins:/mattermost/plugins:rw
      - ./volumes/app/mattermost/client-plugins:/mattermost/client/plugins:rw
      - /etc/localtime:/etc/localtime:ro
    environment:
      - MM_USERNAME=mmuser
      - MM_PASSWORD=password
      - MM_DBNAME=mattermost
      - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:password@db:5432/mattermost?sslmode=disable&connect_timeout=10

  web:
    build: web
    ports:
      - "13531:8080"
    read_only: true
    restart: unless-stopped
    volumes:
      # This directory must have cert files if you want to enable SSL
      - ./volumes/web/cert:/cert:ro
      - /etc/localtime:/etc/localtime:ro
    cap_drop:
      - ALL

All that said, I'm not closing the issue, because if the above is an acceptable way to run Mattermost according to the maintainers, it should be documented somewhere.

It's also very problematic that things like siteurl seemingly can't be configured as environment variables in the docker-compose file. The deploy fails with numerous errors if I define a MM_SERVICESETTINGS_SITEURL in docker-compose.

[Kukks]

Hey there, we have something in this repo that we use in production: https://github.com/btcpayserver/btcpayserver-infra