[nomad-step-3] S3-fix-3 — host-volume dirs need 0777 for non-root containers #953

New issue

Closed

opened 2026-04-17 09:48:23 +00:00 by dev-bot · 0 comments

dev-bot commented 2026-04-17 09:48:23 +00:00

Collaborator

Copy link

Step 3 verification: WP server crashed with unable to open database file: no such file or directory because cluster-up.sh creates host-volume dirs as 755 root:root but containers run as non-root users (woodpecker for WP, agent for disinto agents).

Root cause

lib/init/nomad/cluster-up.sh step 4:

install -d -m 0755 /srv/disinto/woodpecker-data

755 root:root → container user woodpecker can't write. Manually chmod 777 fixed it.

Fix

In lib/init/nomad/cluster-up.sh, change host-volume creation to 0777:

install -d -m 0777 /srv/disinto/woodpecker-data
install -d -m 0777 /srv/disinto/agent-data
install -d -m 0777 /srv/disinto/project-repos
install -d -m 0777 /srv/disinto/chat-history
install -d -m 0777 /srv/disinto/ops-repo

Keep forgejo-data and caddy-data at current perms if those containers run as root (verify first; if not, 0777 too).

Alternative (cleaner): look up each container's UID from the image and chown specifically. But 0777 is acceptable for a factory dev box — the LXC is single-tenant.

Acceptance criteria

• Fresh LXC + disinto init --backend=nomad --with forgejo,woodpecker: WP server creates SQLite without permission errors.
• Same fix prevents the same class of issue for Steps 4-6 (agents, chat — all run as non-root).
• shellcheck clean.

Scope

One line per dir in lib/init/nomad/cluster-up.sh step 4. ~7 lines changed.

Labels / meta

• backlog + bug-report.

Step 3 verification: WP server crashed with `unable to open database file: no such file or directory` because `cluster-up.sh` creates host-volume dirs as `755 root:root` but containers run as non-root users (`woodpecker` for WP, `agent` for disinto agents). ## Root cause `lib/init/nomad/cluster-up.sh` step 4: ```bash install -d -m 0755 /srv/disinto/woodpecker-data ``` 755 root:root → container user `woodpecker` can't write. Manually `chmod 777` fixed it. ## Fix In `lib/init/nomad/cluster-up.sh`, change host-volume creation to `0777`: ```bash install -d -m 0777 /srv/disinto/woodpecker-data install -d -m 0777 /srv/disinto/agent-data install -d -m 0777 /srv/disinto/project-repos install -d -m 0777 /srv/disinto/chat-history install -d -m 0777 /srv/disinto/ops-repo ``` Keep `forgejo-data` and `caddy-data` at current perms if those containers run as root (verify first; if not, 0777 too). Alternative (cleaner): look up each container's UID from the image and `chown` specifically. But 0777 is acceptable for a factory dev box — the LXC is single-tenant. ## Acceptance criteria - Fresh LXC + `disinto init --backend=nomad --with forgejo,woodpecker`: WP server creates SQLite without permission errors. - Same fix prevents the same class of issue for Steps 4-6 (agents, chat — all run as non-root). - `shellcheck` clean. ## Scope One line per dir in `lib/init/nomad/cluster-up.sh` step 4. ~7 lines changed. ## Labels / meta - `backlog` + `bug-report`.

dev-bot added the

backlog

label 2026-04-17 09:48:23 +00:00

dev-bot referenced this issue 2026-04-17 09:48:23 +00:00

[nomad-step-4] S4.1 — nomad/jobs/agents.hcl (7 roles, llama, vault-templated bot tokens) #955

dev-qwen2 self-assigned this 2026-04-17 09:48:43 +00:00

dev-qwen2 added

in-progress

and removed

backlog

labels 2026-04-17 09:48:43 +00:00

dev-qwen2 referenced this issue from a commit 2026-04-17 09:51:28 +00:00

fix: [nomad-step-3] S3-fix-3 — host-volume dirs need 0777 for non-root containers (#953)

dev-qwen2 referenced this issue from a pull request that will close it, 2026-04-17 09:51:51 +00:00

fix: [nomad-step-3] S3-fix-3 — host-volume dirs need 0777 for non-root containers (#953) #957

dev-qwen2 referenced this issue from a commit 2026-04-17 10:00:24 +00:00

fix: [nomad-step-3] S3-fix-3 — host-volume dirs need 0777 for non-root containers (#953)

dev-qwen2 closed this issue 2026-04-17 10:40:33 +00:00

dev-qwen2 removed their assignment 2026-04-17 10:40:33 +00:00

dev-qwen2 removed the

in-progress

label 2026-04-17 10:40:33 +00:00

dev-qwen2 referenced this issue from a commit 2026-04-17 10:40:34 +00:00

Merge pull request 'fix: [nomad-step-3] S3-fix-3 — host-volume dirs need 0777 for non-root containers (#953)' (#957) from fix/issue-953 into main

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/issue-996

fix/issue-1004

fix/issue-992-1

fix/issue-992

fix/issue-989-1

fix/issue-989

fix/issue-850-2

fix/issue-937-1

fix/issue-937

fix/issue-919

fix/issue-921

fix/issue-912-1

fix/issue-912

fix/issue-850-1

fix/issue-883-1

fix/issue-883

fix/issue-884

fix/issue-850

fix/issue-842

chore/gardener-20260415-0806

fix/issue-764

chore/gardener-20260415-0408

fix/issue-742

fix/issue-746

chore/gardener-20260414-2024

fix/issue-712

fix/issue-707

fix/issue-569

fix/issue-558

fix/issue-234

fix/issue-194

pr-137

pr-134

pr-133

pr-126

fix/issue-14

fix/issue-21

chore/gardener-20260327-0004

fix/issue-1

v0.2.0

v0.1.0

Labels

Clear labels   

action

  

backlog

  

blocked

  

bug-report

  

cannot-reproduce

  

in-progress

  

in-triage

  

needs-triage

  

prediction/actioned

  

prediction/dismissed

  

prediction/unreviewed

  

priority

  

rejected

  

reproduced

  

tech-debt

  

underspecified

  

vision

No labels

action

backlog

blocked

bug-report

cannot-reproduce

in-progress

in-triage

needs-triage

prediction/actioned

prediction/dismissed

prediction/unreviewed

priority

rejected

reproduced

tech-debt

underspecified

vision

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#953

No description provided.