Synology Problème de permission avec BookBounty

[pdel]

Bonjour à tous,

Je me permets de poser là un petit problème de "permission denied" avec un packet visiblement peu utilisé...

Je suis sur un NAS Synology DSM 7.

J'ai déployé le stack avec Portainer :

services:
bookbounty:
image: thewicklowwolf/bookbounty:latest
container_name: bookbounty
environment:
- selected_path_type=folder
- library_scan_on_completion=True
- PUID=1026
- PGID=100
- TZ=Europe/Paris
ports:
- 5028:5028
volumes:
- /volume1/docker/bookbounty:/bookbounty/config
- /volume1/docker/calibre/downloads:/bookbounty/downloads
- /etc/localtime:/etc/localtime:ro
restart: unless-stopped

A noter que j'ai rajouter moi même les variables d'environnement PUID/PGID qui me sont propres... Et j'ai mis un port "aléatoire" à 5028, dans le code original il s'agissait du 5000 mais j'avais un code d'erreur car déjà utilisé par DSM.

Il se déploie bien mais j'obtiens l'erreur suivante dans le log :

[2024-10-20 12:09:37 +0200] [1] [INFO] Starting gunicorn 23.0.0
[2024-10-20 12:09:37 +0200] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
[2024-10-20 12:09:37 +0200] [1] [INFO] Using worker: geventwebsocket.gunicorn.workers.GeventWebSocketWorker
[2024-10-20 12:09:37 +0200] [7] [INFO] Booting worker with pid: 7

BookBounty Version: 0.1.7

Error Saving Config: [Errno 13] Permission denied: 'config/settings_config.json'

Dans l'inspection du paquet, j'ai ce code (sans trop savoir comment l'interprêter...) :

{
"AppArmorProfile": "docker-default",
"Args": [
"src.BookBounty:app",
"-c",
"gunicorn_config.py"
],
"Config": {
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"gunicorn",
"src.BookBounty:app",
"-c",
"gunicorn_config.py"
],
"DDSM": false,
"Domainname": "",
"Entrypoint": null,
"Env": [
"PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305",
"PYTHON_VERSION=3.12.5",
"PYTHON_PIP_VERSION=24.2",
"PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66d8a0f637083e2c3ddffc0cb1e65ce126afb856/public/get-pip.py",
"PYTHON_GET_PIP_SHA256=6fb7b781206356f45ad79efbb19322caa6c2a5ad39092d0d44d0fec94117e118",
"RELEASE_VERSION=0.1.7",
"selected_path_type=folder",
"library_scan_on_completion=True",
"PUID=1026",
"PGID=100",
"TZ=Europe/Paris"
],
"ExposedPorts": {
"5000/tcp": {},
"5028/tcp": {}
},
"Hostname": "4b6d4fffa4ce",
"Image": "thewicklowwolf/bookbounty:latest",
"Labels": {
"com.docker.compose.config-hash": "d373ccaac741caa22e3d26fa0ec484e98bab62f0f2c951c56d365bec807a9bbc",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "bookbounty",
"com.docker.compose.project.config_files": "docker-compose.yml",
"com.docker.compose.project.working_dir": "/volume1/docker/bookbounty",
"com.docker.compose.service": "bookbounty",
"com.docker.compose.version": "1.28.5"
},
"OnBuild": null,
"OpenStdin": false,
"StdinOnce": false,
"Tty": false,
"User": "general_user",
"Volumes": {
"/bookbounty/config": {},
"/bookbounty/downloads": {},
"/etc/localtime": {}
},
"WorkingDir": "/bookbounty"
},
"Created": "2024-10-20T10:09:28.058099846Z",
"Driver": "btrfs",
"ExecIDs": null,
"GraphDriver": {
"Data": null,
"Name": "btrfs"
},
"HostConfig": {
"AutoRemove": false,
"Binds": [
"/etc/localtime:/etc/localtime:ro",
"/volume1/docker/bookbounty:/bookbounty/config:rw",
"/volume1/docker/calibre/downloads:/bookbounty/downloads:rw"
],
"BlkioDeviceReadBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceWriteIOps": null,
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"CapAdd": null,
"CapDrop": null,
"Cgroup": "",
"CgroupParent": "",
"CgroupnsMode": "host",
"ConsoleSize": [
0,
0
],
"ContainerIDFile": "",
"CpuCount": 0,
"CpuPercent": 0,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpuShares": 0,
"CpusetCpus": "",
"CpusetMems": "",
"DeviceCgroupRules": null,
"DeviceRequests": null,
"Devices": null,
"Dns": null,
"DnsOptions": null,
"DnsSearch": null,
"Env": [
"PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305",
"PYTHON_VERSION=3.12.5",
"PYTHON_PIP_VERSION=24.2",
"PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66d8a0f637083e2c3ddffc0cb1e65ce126afb856/public/get-pip.py",
"PYTHON_GET_PIP_SHA256=6fb7b781206356f45ad79efbb19322caa6c2a5ad39092d0d44d0fec94117e118",
"RELEASE_VERSION=0.1.7",
"selected_path_type=folder",
"library_scan_on_completion=True",
"PUID=1026",
"PGID=100",
"TZ=Europe/Paris"
],
"ExtraHosts": null,
"GroupAdd": null,
"IOMaximumBandwidth": 0,
"IOMaximumIOps": 0,
"IpcMode": "private",
"Isolation": "",
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"Links": null,
"LogConfig": {
"Config": {},
"Type": "db"
},
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"NanoCpus": 0,
"NetworkMode": "bookbounty_default",
"OomKillDisable": false,
"OomScoreAdj": 0,
"PidMode": "",
"PidsLimit": null,
"PortBindings": {
"5028/tcp": [
{
"HostIp": "",
"HostPort": "5028"
}
]
},
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
],
"ReadonlyRootfs": false,
"RestartPolicy": {
"MaximumRetryCount": 0,
"Name": "unless-stopped"
},
"Runtime": "runc",
"SecurityOpt": null,
"ShmSize": 67108864,
"UTSMode": "",
"Ulimits": null,
"UsernsMode": "",
"VolumeDriver": "",
"VolumesFrom": []
},
"HostnamePath": "/volume1/@docker/containers/4b6d4fffa4ceba7e902ef9f057fb6d9c471d24233cd39bfad060ede1eec6b70f/hostname",
"HostsPath": "/volume1/@docker/containers/4b6d4fffa4ceba7e902ef9f057fb6d9c471d24233cd39bfad060ede1eec6b70f/hosts",
"Id": "4b6d4fffa4ceba7e902ef9f057fb6d9c471d24233cd39bfad060ede1eec6b70f",
"Image": "sha256:ac12b9a6404c722d3fde8f146fa8e8b40ad19940d7d1019af2249b22a60ee30e",
"LogPath": "/volume1/@docker/containers/4b6d4fffa4ceba7e902ef9f057fb6d9c471d24233cd39bfad060ede1eec6b70f/log.db",
"MountLabel": "",
"Mounts": [
{
"Destination": "/bookbounty/config",
"Mode": "rw",
"Propagation": "rprivate",
"RW": true,
"Source": "/volume1/docker/bookbounty",
"Type": "bind"
},
{
"Destination": "/bookbounty/downloads",
"Mode": "rw",
"Propagation": "rprivate",
"RW": true,
"Source": "/volume1/docker/calibre/downloads",
"Type": "bind"
},
{
"Destination": "/etc/localtime",
"Mode": "ro",
"Propagation": "rprivate",
"RW": false,
"Source": "/etc/localtime",
"Type": "bind"
}
],
"Name": "/bookbounty",
"NetworkSettings": {
"Bridge": "",
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"HairpinMode": false,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"MacAddress": "",
"Networks": {
"bookbounty_default": {
"Aliases": [
"bookbounty",
"4b6d4fffa4ce"
],
"DriverOpts": null,
"EndpointID": "448b7ab108815522ea66b22f8406a76b342eaa4d2f7e2bf72c939f4d28fe1aa9",
"Gateway": "172.20.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAMConfig": null,
"IPAddress": "172.20.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"Links": null,
"MacAddress": "02:42:ac:14:00:02",
"NetworkID": "23a54af614799f040cbd56a672840f4f3532173a987c0dba0d5d996507db8222"
}
},
"Ports": {
"5000/tcp": null,
"5028/tcp": [
{
"HostIp": "0.0.0.0",
"HostPort": "5028"
}
]
},
"SandboxID": "6d5513155f2fefb1d8d2422119f4a22452c847f2a5f1ef4880c465169ec15dcb",
"SandboxKey": "/var/run/docker/netns/6d5513155f2f",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null
},
"Path": "gunicorn",
"Platform": "linux",
"Portainer": {
"ResourceControl": {
"Id": 9,
"ResourceId": "2_bookbounty",
"SubResourceIds": [],
"Type": 6,
"UserAccesses": [],
"TeamAccesses": [],
"Public": false,
"AdministratorsOnly": true,
"System": false
}
},
"ProcessLabel": "",
"ResolvConfPath": "/volume1/@docker/containers/4b6d4fffa4ceba7e902ef9f057fb6d9c471d24233cd39bfad060ede1eec6b70f/resolv.conf",
"RestartCount": 0,
"State": {
"Dead": false,
"Error": "",
"ExitCode": 0,
"FinishedAt": "0001-01-01T00:00:00Z",
"FinishedTs": -62135596800,
"OOMKilled": false,
"Paused": false,
"Pid": 25052,
"Restarting": false,
"Running": true,
"StartedAt": "2024-10-20T10:09:33.484967443Z",
"StartedTs": 1729418973,
"Status": "running"
}
}

J'ai essayé de contacter l'auteur dans github, sa seule réponse a été :

You need to grant read/write access to PUID and PGID 1000:1000

J'ai essayé de le déployer avec PUTTY en root, mais j'ai exactement le même résultat...

Quelqu'un aurait une idée ?

Dans le cas contraire, quelqu'un aurait une solution alternative pour consulter libgen depuis readarr ? (lazylibrarian ne fonctionne pas comme je voudrais) ?

Merci d'avance,

Pdel !

 

[EVO]

Salut,
De ce que je vois, ce conteneur n'est pas prévu pour le changement de port interne, donc si tu veut changer le port externe tu peux le faire, comme ceci:

ports:
- 5028:5000

Mais le port interne ( ici 5000 ne semble pas pouvoir etre personnalisé ), cependant ce n'est pas un probleme, le conteneur étant en bridge, le simple changement du port externe permettera de ne pas avoir de conflit.

Concernant cette partie :

- PUID=1026
- PGID=100
- TZ=Europe/Paris

Je vois rien dans la doc qui permet de gérer cela comme tu le fait : https://github.com/TheWicklowWolf/BookBounty#configuration-via-environment-variables
Donc a mon avis, c'est tout simplement ... pas possible.

D'apres son github, l'image semble construite uniquement pour un utilisateur avec le PUID/GUID 1000:1000 https://github.com/TheWicklowWolf/BookBounty/issues/23
Donc j'essayerai d'appliquer cela en SSH sur le dossier, ( mais cela veut donc dire que depuis DSM l'acces deviendra surement impossible )

 

[pdel]

Merci beaucoup de la réponse rapide !
J'ai fait la modif sur le port, effectivement, je n'avais pas compris cette subtilité.
J'ai toujours la même erreur sur la permission mais le déploiement semble aller plus loin et le container peut s'ouvrir !!
Je vais voir si j'arrive à aller au bout des fonctionnalités comme ça.
Dans le cas contraire, je me permettrai de revenir vers toi pour savoir comment faire en SSH^^
Bonne soirée!

 

[pdel]

Salut @EVO,

Bon, ça se déploie bien, même si l'erreur de "permission denied" est toujours présente, mais je n'arrive pas à le connecter avec readarr...
Je ne sais pas si c'est en lien avec la permission et l'utilisateur en 1000:1000... ou autre chose ?

J'ai bien compris que mes variables PUID/PGID/TZ ne servent probablement à rien mais dans le doute...

Voici mes nouvelles données :

services:
  bookbounty:
    image: thewicklowwolf/bookbounty:latest
    container_name: bookbounty
    environment:
      - readarr_address=http://192.168.1.23:8787
      - readarr_api_key=XXXXXXXXXXXXXXXXXXXXXX
      - sync_schedule=2, 20
      - selected_path_type=folder
      - library_scan_on_completion=True
      - selected_language=French
      - preferred_extensions_fiction=.epub
      - PUID=1026
      - PGID=100
      - TZ=Europe/Paris
    ports:
      - 5028:5000
    volumes:
      - /volume1/docker/bookbounty:/bookbounty/config
      - /volume1/docker/calibre/downloads:/bookbounty/downloads
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

[2024-11-01 16:38:00 +0100] [1] [INFO] Starting gunicorn 23.0.0
[2024-11-01 16:38:00 +0100] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
[2024-11-01 16:38:00 +0100] [1] [INFO] Using worker: geventwebsocket.gunicorn.workers.GeventWebSocketWorker
[2024-11-01 16:38:00 +0100] [7] [INFO] Booting worker with pid: 7
**************************************************
BookBounty Version: 0.1.7
**************************************************
Error Saving Config: [Errno 13] Permission denied: 'config/settings_config.json'
172.20.0.1 - - [2024-11-01 16:38:09] "GET /socket.io/?EIO=4&transport=polling&t=PBeO6X3 HTTP/1.1" 200 254 0.025172
172.20.0.1 - - [2024-11-01 16:38:09] "POST /socket.io/?EIO=4&transport=polling&t=PBeO7H2&sid=ePtdWmLRM-C0hqckAAAA HTTP/1.1" 200 198 0.019247
172.20.0.1 - - [2024-11-01 16:38:09] "GET /socket.io/?EIO=4&transport=polling&t=PBeO7H4&sid=ePtdWmLRM-C0hqckAAAA HTTP/1.1" 200 157 0.000399
172.20.0.1 - - [2024-11-01 16:38:09] "GET /socket.io/?EIO=4&transport=polling&t=PBeO7Hy&sid=ePtdWmLRM-C0hqckAAAA HTTP/1.1" 200 157 0.000373
172.20.0.1 - - [2024-11-01 16:38:35] "GET / HTTP/1.1" 200 9614 0.504104
172.20.0.1 - - [2024-11-01 16:38:35] "GET /socket.io/?EIO=4&transport=polling&t=PBeODfs HTTP/1.1" 200 254 0.026982
172.20.0.1 - - [2024-11-01 16:38:35] "POST /socket.io/?EIO=4&transport=polling&t=PBeODlh&sid=yYO6HIA1UDe1-vpbAAAC HTTP/1.1" 200 198 0.004019
172.20.0.1 - - [2024-11-01 16:38:36] "GET /static/style.css HTTP/1.1" 200 618 0.207423
172.20.0.1 - - [2024-11-01 16:38:36] "GET /static/script.js HTTP/1.1" 200 10172 0.839786
172.20.0.1 - - [2024-11-01 16:38:36] "GET /static/readarr.svg HTTP/1.1" 200 3626 0.049125
172.20.0.1 - - [2024-11-01 16:38:37] "GET /static/libgen.png HTTP/1.1" 200 9554 0.123804
172.20.0.1 - - [2024-11-01 16:38:37] "GET /socket.io/?EIO=4&transport=polling&t=PBeOE1w HTTP/1.1" 200 254 0.000651
172.20.0.1 - - [2024-11-01 16:38:37] "GET /static/logo.png HTTP/1.1" 200 18006 0.011172
172.20.0.1 - - [2024-11-01 16:38:37] "POST /socket.io/?EIO=4&transport=polling&t=PBeOE5q&sid=2tL9xP2rmpQGm5_FAAAE HTTP/1.1" 200 198 0.002876
172.20.0.1 - - [2024-11-01 16:38:37] "GET /socket.io/?EIO=4&transport=polling&t=PBeOE5r&sid=2tL9xP2rmpQGm5_FAAAE HTTP/1.1" 200 310 0.000975
172.20.0.1 - - [2024-11-01 16:38:37] "GET /socket.io/?EIO=4&transport=polling&t=PBeOE70&sid=2tL9xP2rmpQGm5_FAAAE HTTP/1.1" 200 157 0.000397
172.20.0.1 - - [2024-11-01 16:38:37] "POST /socket.io/?EIO=4&transport=polling&t=PBeOE72&sid=2tL9xP2rmpQGm5_FAAAE HTTP/1.1" 200 198 0.000860
172.20.0.1 - - [2024-11-01 16:38:37] "GET /socket.io/?EIO=4&transport=polling&t=PBeOE7J&sid=2tL9xP2rmpQGm5_FAAAE HTTP/1.1" 200 157 0.000979
Accessing Readarr API
Error Getting Missing Books: HTTPConnectionPool(host='192.168.1.23', port=8787): Max retries exceeded with url: /api/v1/wanted/missing?apikey=XXXXXXXXXXXXXXXXXXXXXX&page=1 (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7fcea8880800>, 'Connection to 192.168.1.23 timed out. (connect timeout=120.0)'))

A noter que quand j'essaye manuellement http://192.168.1.23:8787/api/v1/wanted/missing?apikey=XXXXXXXXXXXXXXXXXXXXXX&page=1, j'ai le résultat escompté...

Merci d'avance si quelqu'un à une idée !
pdel