access a docker volume from another docker

1. offizieller Beitrag

    I hope I explain this OK - just looking for some help guidance on what I think is probably a permissions issue (but I can't solve it).


    I have a letsencrypt docker on OMV that automatically renews a ssl certificate for my duckdns domain for my home server. Working fine.


    I need to use this ssl certificate for my homeassistant (HA) server that is running on omv as another docker.


    So I created a folder in my HA config directory and then added a volume in my HA compose that points to the letsencrypt docker/volume that has the ssl certificate (see below)


    and it works - HA uses the certificate and when it renews HA uses the new certificate without me doing anything. Happy Days!


    My issue is that when i try to browse the HA config folder with the ssl certificate - it is empty (but HA can see it and use the certificate) - see screen shots...


    What is going on?


    using winSCP to browse - it's empty

    using docker exec to view files at the CLI - it is there!


    • Offizieller Beitrag

    I think you are not accessing the correct folder with WinSCP. Are you using symlinks? Any hidden folders? Can you show the Letsencrypt container yaml file?

    I think I am accessing the correct folder but there are effectively 2 volumes pointing to the same location - maybe this is the issue.


    No symlinks involved.


    Here is the compose from the letsencrypt container (see below) and a screenshot from the file location - that is working...


    My only clue is that the letsencrypt docker runs using root while HA is using my dedicated docker account 'appuser'



    Should you be pulling certs to /.../live/[blarblar]? That script:


    https://github.com/maksimstojkovic/docker-letsencrypt/.../start.sh#L95

    Code
    # Check for successful certificate generation
if [ ! -d "/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN#\*\.}" ] || \
   [ ! -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN#\*\.}/fullchain.pem" ] || \
   [ ! -f "/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN#\*\.}/privkey.pem" ]; then
  echo "ERROR: Failed to create SSL certificates"
  exit 1
fi
    • Offizieller Beitrag
    Zitat von jata1

    No symlinks involved.

    Are you sure you don't use symlinks or paths defined in environment variable files or something similar?

    If there are no symlinks involved the folder where the certificates are should be /omv-system/appdata/letsencrypt for both containers. So why are you looking for the folder with WinSCP in /omv-system/appdata/homeassistant/config/ssl/letsencrypt ? You should look for the previous route. The HA container is using the old path for that folder.

    And I also don't understand what the /config/ssl/letsencrypt folder has to do with all this. This folder is not defined in either container.

    thanks chente and olduser - appreciate your help.


    letsencrypt is working fine and generating the ssl cert into the folder on my host: /omv-system/appdata/letsencrypt


    But i need this to be accessible from within my HA config folder on my host: /omv-system/appdata/homeassistant/config/ssl


    So in my HA compose, I have the mapping to do this: /omv-system/appdata/letsencrypt:/config/ssl/letsencrypt


    And it is working fine - ssl cert is used by HA and the cert gets updated automatically.


    The only (minor issue is that I can't see the files on the host at the location /omv-system/appdata/homeassistant/config/ssl


    But I can see that they are available to the HA container using docker exec.


    So I am just trying to work out if there is a better way to do this where I can see/view the certificate files on the host location and inside the docker...



    I think I have thought of an answer but it still has some limitations...


    I could configure the letsencrypt compose to map the host location to /omv-system/appdata/homeassistant/config/ssl


    and then not add any additional mapping in the HA compose.


    I think this will work but the issue is that my ssl cert will be stored in my HA config and I would prefer it to be outside of HA so I can easily use it for other services.

    Zitat von jata1

    I have the mapping to do this: /omv-system/appdata/letsencrypt:

    Zitat von jata1

    I can't see the files on the host at the location /omv-system/appdata/homeassistant/config/ssl

    How would you be able to see files inside the latter on HOST?

    For that to happen, you would need to copy folder  /omv-system/appdata/letsencrypt to  /omv-system/appdata/homeassistant/config/ssl

    I can't understand how it's already working for you based on that directory being empty, your configs and that containers script... what am I missing... ? Why is it working... ?


    FWIW, just symlink the certs :-/ Not what you want, but how many times are you going to run into this problem?


    EDIT: What are ${PUID} and ${PGID}?

    • Offizieller Beitrag

    It is very simple. The /config/ssl/letsencrypt folder that HA "sees" is actually the /omv-system/appdata/letsencrypt folder on your host

    I don't think there's much more to explain, just understand how docker works. When the HA container writes or reads to its /config/ssl/letsencrypt folder it is actually doing so in the host's /omv-system/appdata/letsencrypt folder. It is a basic principle of how Docker works. It is normal that you do not see anything in the /config/ssl/letsencrypt folder because there is nothing in that folder, everything is in /omv-system/appdata/letsencrypt. This is how docker persistent data is made to survive, I don't know how else to better explain how docker works.

    • Offizieller Beitrag

    jata1

    Read here the part "That's all very well, but… What the hell is docker? :) " I hope that clears up these doubts for you... https://wiki.omv-extras.org/do…mv6:docker_in_omv#summary

    • Offizieller Beitrag
    Zitat von olduser

    EDIT: What are ${PUID} and ${PGID}?

    Those are environmental variables. See here: https://wiki.omv-extras.org/do…l_environmental_variables

    Thanks all. I get it now. I thought it was a permissions issue but it sounds like it is just how docker works in relation to persistent data.


    I think it also explains a different issue that I thought I had but now understand that this is also persistent data related :)


    In summary, I think the situation is that persistent data can only be at one location on the host (not multiple) at any one time.


    For example, I could not do the following and have the data reside at 2 locations on the host - see compose extract below.


    The first two volume mappings are fine and needed for my transmission container to work.


    The third I added as i wanted the completed files to be on the same drive as my media is located so I can move rather than copy files into my media library (faster as not copy involved). Again this is working perfectly but I couldn't understand why I could not see the files on the host in the completed folder location here - /omv-system/appdata/transovpn-pia/data/completed (the folder exists but is always empty)


    The reason is that the persistent data is here... /symlinks/media/import as it is mapped to /data/completed in the container


    So I think I get it and thanks as always for helping me to learn!


    Code
        volumes:
      - /omv-system/appdata/transovpn-pia/data:/data
      - /omv-system/appdata/transovpn-pia/config:/config
      - /symlinks/media/import:/data/completed # SKIP_BACKUP

  • chente

    Hat das Label gelöst hinzugefügt.

    chente I see you also pointed it out prior to Soma and I missed that :-/. I also understand the variables but they can be overridden. I think I've hurt more than helped so I'm putting myself in a timeout after this.


    Unless you've changed something, your certs (not symlinks) are in: "/omv-system/appdata/letsencrypt/live/${LETSENCRYPT_DOMAIN#\*\.}" on the host.


    Zitat von jata1

    So I think I get it

    Just point the containers mount to the upper most root directory on the host and share ALL data in every container you want to use it in.


    mkdir -p /home/$USER/blob/audio/

    mkdir -p /home/$USER/blob/video/

    mkdir -p /home/$USER/blob/pictures/

    mkdir -p /home/$USER/blob/files_to_extract/

    mkdir -p /home/$USER/blob/extract_to_here/

    mkdir -p /home/$USER/blob/temp/

    mkdir -p /home/$USER/blob/watch_directory/

    mkdir -p /home/$USER/blob/whatever/


    Then in every container's compose file use that one "blob".


    volumes:
    - /home/$USER/blob:/blob


    You also might want to simplify your naming schemes. If you're locked into the naming but the containers work fine with symlinks, you could create a "blob" directory and symlink everything into that 1 directory. Of course if they're on separate partitions you'll still suffer a copy operation. Dunno, but the naming seems confusing for this.


    Good luck!

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden