Update Oct 6 :
I have been messing around the idea of permissions but just got back from work so this is very much Work In Progress. What I noticed is that the “postgres” folder inside the Docker folder that has the docker-compose file had a lock icon on it. https://imgur.com/a/lZir4tt The owner is weird and doesn’t exist on the other computer. I don’t explain how this owner was created and that may be due to my poor understanding of Docker and docker-compose.
So I have made a pastebin with the docker compose here if anyone is interested in this little puzzle : https://pastebin.com/Vsh6S23G This docker-compose is basically the one from the installation guide from the app website, I just changed some passwords and users related stuff which are written as .
I tried using Déjà Dup Backups to sync my entire Docker folder which also contains Tandoor and it complained it could not sync the postgres folder either so defo something wrong with the permissions. Which explains why I can’t create a new recipe on the other computer, because it doesn’t have permission for that specific task. Oddly enough, I get a server 500 error, but if I refresh the recipe list, the new recipe that led to the server 500 error is, actually, there.
Would a pastebin of the .env help?
ORIGINAL POST :
Hello again, I hope it’s okay that I make several posts in a rather short time, I’m stumped.
I run a series of containers on old computer A for the recipe manager Tandoor Recipes.
I want to move it to another computer B so I initially thought I would: -copy the env and docker-compose -dump the source database
Move everything to the new computer, compose everything and fill the database from the dump.
I got 500 server errors so I went on Discord and asked what was the proper way of doing this. I’ve been told in theory I could shut everything down, pack my Tandoor folder in a zip, paste it on the target computer B and boot everything and voilà.
None of this works properly.
I do manage to get an instance of Tandoor running on my new computer, it displays every recipe I had originally, but it has an issue when trying to create a new recipe. I get a white page with “Server Error (500)”. It does not happen on the original Tandoor, despite being all the same files in theory.
I noticed that on my source computer, the postgres DB directory changes permission when I start the container, as well as the directory containing the recipe pictures. So I’m wondering if wrong permissions might be corrupting data while copying stuff?
Thanks
You must log in or register to comment.
you’re probably right about it being a permissions error but also including some relevant logs would be useful (or just stick all of them on pastebin or something and give us a link). could also be a docker misconfiguration considering it’s a different system and I assume they’re not identically set up with Ansible or something similar
edit: also id personally use tar because I’m not entirely sure zip files preserve linux permissions
edit again: from 2 seconds of google searches, I think I’m correct about that, so definitely try using tar
I tried using tar as you said, and it didn’t work. Which led me to investigate and realize the owner of the postgres folder is unknown to me. Changed it back with CHOWN but it reverts back to the weird owner when I restart the container so I’m missing some knowledge and know-how. I’m trying to figure out who sets that permission in the first place.
Agree with the other user that using tar and then zipping the tarball will preserve permissions.
Alternatively, you could open an ssh connection and rsync the files between machines.
Last option would be to export your recipes from the old host, build a new container from scratch on the new one, and import them back again: https://docs.tandoor.dev/features/import_export/
agreed, good find with that import/export feature, didn’t think to check for that since I don’t use tandoor. personally I’d just use the native import/export feature though since it feels less hacky than copying the whole DB imo. but if OP still wants to copy the files over, it might be easier to either just tar or tar + gzip rather than tar + zip so they can do it all in one command.
I thought so, too. I played around with the tar idea and it led me to discover the permissions are wrong on the original computer. I have added new info on the main post about it but basically the owner is “user:70” and I have no idea where that comes from. I tried using CHOWN to reset everything to my own user, which is the same on both computers (1000:1000 uidguid), but whenever I restart the container, it locks again.
The user and group id inside the container doesn’t have to match any user on your host machine. It’s possible that user:70 is configured as the user to launch inside the container, in which case you should set the ownership of the directory to match what the container expects.
Eg: The container for my torrent client runs as user 700 group 700. My host machine does not have either of those IDs defined. My torrent directory must be chown’d by 700:700 or else the container can’t read/write torrents.
As others have already mentioned, you are probably correct that it’s a permission error. You could follow the already posted advice to use tools that maintain permissions like rsync, but fixing this botched backup manually could help you learn how to deal with permissions and that’s a rather fundamental concept that anyone selfhosting would benefit from understanding.
If you decide to do this, I would recommend reading up on the concept of user and group permissions on linux and the commands that allow you to inspect ownership and permissions of directories and files as well as the UID and GID of users. Next step would be to understand how Docker handles permissions for mapped directories. You can get a few pointers from this short explanation by LSIO: https://docs.linuxserver.io/general/understanding-puid-and-pgid. Bear in mind that this is not a Docker standard, but something specific to LSIO Docker images. See also https://docs.docker.com/compose/compose-file/05-services/#long-syntax. This can also be set when using
docker runby using the--userflag.Logs can also help pinpoint the cause of the issue. The default docker compose setup in Tandoor’s docs sets up several containers, one of which acts as a database (
db_recipesbased onpostgres:15-alpine). Inspect that in real time usingdocker logs -f db_recipesto see the exact errors.I’ve done a couple of host migrations since using Docker for all my services.
I don’t even bother with database dumps or anything like that, I copy my compose files and mapped directories, being sure to preserve permissions, and all my services come back up without any issues.
Just make sure that the container is shutdown before you copy the database or you can getcorruption.
That’s basically what the author of the app told me to do. I’m having wrong permission issues I believe and I haven’t found yet who/what assigns the wrong permission when I start the container.
If you are able to see every recipe I’d rule out data corruption. If the issue arise only when try to create a new recipe (or editing an old one) the usual thing to check are permissions. Don’t zip but use some tools to maintain permissions (tar, rsync, etc) and try again
Good idea! I tried sync with my other computer and the software complained about not having permissions on the postgres folder. I investigated and found out postgres directory is owned by user:70. I have yet to find where that comes from. I changed it with a sudo chown but it reverts to the wrong owner when I restart the container.
