docker deployment fails to create crontab entry (building own image)

[hugalafutro]

Hi,
since I run on rpi4 I had to build the image, everything seems to be going ok, but running the image fails at the step where it wants to create the crontab entry.

logs from building the image:

[+] Building 194.6s (17/17) FINISHED                                                                                                                                                                                                                                               docker:default
 => [borgwarehouse internal] load build definition from Dockerfile                                                                                                                                                                                                                           0.0s
 => => transferring dockerfile: 813B                                                                                                                                                                                                                                                         0.0s
 => [borgwarehouse internal] load .dockerignore                                                                                                                                                                                                                                              0.0s
 => => transferring context: 128B                                                                                                                                                                                                                                                            0.0s
 => [borgwarehouse internal] load metadata for docker.io/library/node:18-bookworm-slim                                                                                                                                                                                                       1.4s
 => [borgwarehouse internal] load build context                                                                                                                                                                                                                                              1.0s
 => => transferring context: 21.96MB                                                                                                                                                                                                                                                         0.9s
 => [borgwarehouse  1/12] FROM docker.io/library/node:18-bookworm-slim@sha256:9f834baecd119515cb7705aa2e9b0c0313bed4a4dafbe274f2f25fbbb0d2bb37                                                                                                                                               0.0s
 => CACHED [borgwarehouse  2/12] RUN apt-get update && apt-get install -y     curl git jq jc borgbackup openssh-server sudo cron &&     apt-get upgrade -y &&     apt-get clean && rm -rf /var/lib/apt/lists/*                                                                               0.0s
 => CACHED [borgwarehouse  3/12] RUN echo "borgwarehouse ALL=(ALL) NOPASSWD: /usr/sbin/service ssh restart" >> /etc/sudoers                                                                                                                                                                  0.0s
 => CACHED [borgwarehouse  4/12] RUN echo "borgwarehouse ALL=(ALL) NOPASSWD: /usr/sbin/service cron restart" >> /etc/sudoers                                                                                                                                                                 0.0s
 => CACHED [borgwarehouse  5/12] RUN groupadd borgwarehouse                                                                                                                                                                                                                                  0.0s
 => CACHED [borgwarehouse  6/12] RUN useradd -m -g borgwarehouse borgwarehouse                                                                                                                                                                                                               0.0s
 => CACHED [borgwarehouse  7/12] RUN cp /etc/ssh/sshd_config /etc/ssh/moduli /home/borgwarehouse/                                                                                                                                                                                            0.0s
 => CACHED [borgwarehouse  8/12] WORKDIR /home/borgwarehouse/app                                                                                                                                                                                                                             0.0s
 => [borgwarehouse  9/12] COPY . .                                                                                                                                                                                                                                                           0.6s
 => [borgwarehouse 10/12] RUN chown -R borgwarehouse:borgwarehouse * .*                                                                                                                                                                                                                      1.0s
 => [borgwarehouse 11/12] RUN npm ci --only=production                                                                                                                                                                                                                                      77.5s
 => [borgwarehouse 12/12] RUN npm run build                                                                                                                                                                                                                                                 79.3s
 => [borgwarehouse] exporting to image                                                                                                                                                                                                                                                      33.7s
 => => exporting layers                                                                                                                                                                                                                                                                     33.7s
 => => writing image sha256:5ac2f549d7312cf82681a5813f7dbede12fd4964e7217b204504dd4ea0dd3f53                                                                                                                                                                                                 0.0s
 => => naming to docker.io/library/borgwarehouse-borgwarehouse

logs from trying to run the container:

[+] Running 2/2
 ✔ Network borgwarehouse_default  Created                                                                                                                                                                                                                                                    0.2s
 ✔ Container borgwarehouse        Started                                                                                                                                                                                                                                                    0.1s
borgwarehouse  | CRONJOB_KEY not found or empty. Generating a random key...
borgwarehouse  | NEXTAUTH_SECRET not found or empty. Generating a random key...
borgwarehouse  | /etc/ssh is empty, generating SSH host keys...
borgwarehouse  | ssh-keygen: generating new host keys: RSA ECDSA ED25519
borgwarehouse  | The authorized_keys file does not exist, creating...
borgwarehouse  | Adding cron job...
borgwarehouse  | must be privileged to use -u
borgwarehouse exited with code 1

Any help welcome, I'm really eager to switch to the docker deplyment asap.

[bigjdunham]

I'm getting the same error when using the latest docker images (not self created) on a 64-bit x86 VPS.

borgwarehouse | Adding cron job...
borgwarehouse | must be privileged to use -u

I attempted to solve the issue by adding the --privileged variable and that did not change it. Any other thoughts?

[hugalafutro]

I tried privileged:true to no avail as well.

I'm not good with Dockerfile and such but I tried this to no good outcome either:

added RUN echo "borgwarehouse ALL=(ALL) NOPASSWD: /usr/bin/crontab" >> /etc/sudoers into Dockerfile
changed the crontab line in docker-bw-init.sh to echo "$CRON_JOB" | sudo /usr/bin/crontab -u borgwarehouse - (tried sudo -u borgwarehouse to same result) and rebuilt image

but that causes error where sudo complains about no terminal to ask for password. As I said I'm a bit of a noob, but perhaps at least the approach I chose might be in the correct direction and it just doesn't work coz I make the changes wrong I dunno.

[bigjdunham]

I'm getting the same error when using the latest docker images (not self created) on a 64-bit x86 VPS.

borgwarehouse | Adding cron job... borgwarehouse | must be privileged to use -u

I attempted to solve the issue by adding the --privileged variable and that did not change it. Any other thoughts?

I ended up fixing it by making sure borgbackup was installed and creating a new user on the host system specifically for borgbackup.

[hugalafutro]

Hmm, I do not think that is a proper solution though, the whole point of docker deployment is to leave the host system unmodified. If this is the solution I might as well stay with the bare-metal install.

[hugalafutro]

Solved (without modifying host system)

Issue was I was using user "1000:1000" in docker-compose.yml even thought it said it has to run as user >1000 I ignored the instruction as of all of my 50+stacks, not a single one needs to run as anything other than 1000:1000

Amending the user in docker-compose.yml to 1001:1001 and then chowning the created directories + repo storage with 1001:1001 on host will work.

[+] Running 2/2
 ✔ Network borgwarehouse_default  Created                                                                                                                                                                                                                                                    0.3s
 ✔ Container borgwarehouse        Started                                                                                                                                                                                                                                                    0.1s
borgwarehouse  | CRONJOB_KEY not found or empty. Generating a random key...
borgwarehouse  | NEXTAUTH_SECRET not found or empty. Generating a random key...
borgwarehouse  | Adding cron job...
borgwarehouse  | Getting SSH fingerprints...
borgwarehouse  | Restarting OpenBSD Secure Shell server: sshd.
borgwarehouse  | Restarting periodic command scheduler: cronStopping periodic command scheduler: cron.
borgwarehouse  | Starting periodic command scheduler: cron.
borgwarehouse  |
borgwarehouse  | > borgwarehouse@2.0.0 start
borgwarehouse  | > next start
borgwarehouse  |
borgwarehouse  |   ▲ Next.js 13.5.4
borgwarehouse  |   - Local:        http://localhost:3000
borgwarehouse  |
borgwarehouse  |  ✓ Ready in 894ms

[Ravinou]

Hi everyone :)

You can't use 1000:1000 because borgwarehouse docker image is based on nodeJS. And this nodeJS image use 1000:1000 for node user.

That's why in the docker-compose file it is clearly indicated in line 10 : # UID:GID must match the user and group ID of the host folders and must be > 1000

So, in addition to the comment, I'm going to add a note in the documentation about this to draw even more attention to it. Thanks for your feedback.

I also have a friend who uses BorgWarehouse on Rapsberry pi and it works great 👌

I'll have to manage to provide an image on dockerhub for ARM architectures. I just have an issue on my PC to compile them with docker buildx. I'll have to test docker desktop.