skip to Main Content

I am working with docker-compose as part of a sentry on-premise install.

Below is a snippet of the nginx portion of my docker-compose.yml. This is the nginx container configuration as provided to me. You’ll notice it has an existing volume mount.

nginx:
    << : *restart_policy
    ports:
      - '$SENTRY_BIND:80/tcp'
    image: 'nginx'
    volumes:
      - type: bind
        read_only: true
        source: ./nginx
        target: /etc/nginx
    depends_on:
      - web
      - relay

The problem is that I need additional mounts in order for my nginx configuration to work correctly. I need to be able to mount certs for SSL.
When I make the following modification to the nginx portion…

  nginx:
    << : *restart_policy
    ports:
      - '$SENTRY_BIND:80/tcp'
    image: 'nginx'
    volumes:
      - type: bind
        read_only: true
        source: ./nginx
        target: /etc/nginx
      - type: bind
        read_only: true
        source: ./certs
        target: /etc/nginx/certs
    depends_on:
      - web
      - relay
  relay:

… I get the following error when using docker-compose up -d:

Creating sentry_onpremise_nginx_1                                    ... error
Creating sentry_onpremise_ingest-consumer_1                          ... done
Creating sentry_onpremise_subscription-consumer-events_1             ... done
me/brad/repo/onpremise/certs" to rootfs at "/var/lib/docker/overlay2/357f60b96e866d8dd84d657f7cad55fad76420a61cc8cb35a10ebcb13bcf4060/merged/etc/nginx/certs" caused: mkdir /var/lib/docker/overlay2/357f60b96e866d8dd84d657f7cad55fad76420a61cc8cb35a10ebcb13bcf4060/merged/etc/nginx/certs: read-only file system: unknown

ERROR: for nginx  Cannot start service nginx: OCI runtime create failed: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: rootfs_linux.go:60: mounting "/home/brad/repo/onpremise/certs" to rootfs at "/var/lib/docker/overlay2/357f60b96e866d8dd84d657f7cad55fad76420a61cc8cb35a10ebcb13bcf4060/merged/etc/nginx/certs" caused: mkdir /var/lib/docker/overlay2/357f60b96e866d8dd84d657f7cad55fad76420a61cc8cb35a10ebcb13bcf4060/merged/etc/nginx/certs: read-only file system: unknown
ERROR: Encountered errors while bringing up the project.

Any help would be greatly appreciated. I’m not very experienced with docker/compose.

EDIT:
For what it’s worth, when I run docker exec -it sentry_onpremise_nginx_1 /bin/bash and attempt to create a directory inside the container, I am presented with a similar error:

root@83afd0c563de:/etc/nginx# mkdir certs
mkdir: cannot create directory 'certs': Read-only file system

2

Answers


  1. Chosen as BEST ANSWER

    This was resolved by placing the certs directory underneath the nginx directory. The mounts were conflicting with one another. Mounting to /etc/nginx first with RO was then blocking the mount to /etc/nginx/certs because it was trying to attach to a portion that was read only.


  2. you can create/run your container with –privileged parameter.

    like this:

    docker run --privileged -i --name master --hostname k8s-master -d ubuntu:20.04
    

    not the best solution, certainly.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search