Apps failing to install/Portainer cannot update

GreymatterPrison · November 15, 2024, 4:17pm

I tried to install Linkding the other day and had a “failed Up action”, it was late in the day so I just left it and moved on. Today I am having the same issue with Passbolt and when I went to update Portainer I am getting a similar issue. Any help would be greatly appreciated.

The logs show the following for portainer - [2024/11/15 10:50:43] (ERROR) app_lifecycle.compose_action():56 - Failed ‘up’ action for ‘portainer’ app: portainer Pulling
portainer Error manifest for portainer/portainer-ce:2.24.0 not found: manifest unknown: manifest unknown
Error response from daemon: manifest for portainer/portainer-ce:2.24.0 not found: manifest unknown: manifest unknown

Logs show the following for Passbolt - [2024/11/15 10:34:15] (ERROR) app_lifecycle.compose_action():56 - Failed ‘up’ action for ‘passbolt’ app: Network ix-passbolt_default Creating
Network ix-passbolt_default Created
Container ix-passbolt-permissions-1 Creating
Container ix-passbolt-permissions-1 Created
Container ix-passbolt-mariadb-1 Creating
Container ix-passbolt-mariadb-1 Created
Container ix-passbolt-passbolt-1 Creating
Container ix-passbolt-passbolt-1 Created
Container ix-passbolt-permissions-1 Starting
Container ix-passbolt-permissions-1 Started
Container ix-passbolt-permissions-1 Waiting
Container ix-passbolt-permissions-1 Exited
Container ix-passbolt-mariadb-1 Starting
Container ix-passbolt-mariadb-1 Started
Container ix-passbolt-permissions-1 Waiting
Container ix-passbolt-mariadb-1 Waiting
Container ix-passbolt-permissions-1 Exited
Container ix-passbolt-mariadb-1 Error
dependency failed to start: container ix-passbolt-mariadb-1 is unhealthy

Logs show the following for Linkding - [2024/11/12 12:54:04] (ERROR) app_lifecycle.compose_action():56 - Failed ‘up’ action for ‘linkding’ app: linkding Pulling
302e3ee49805 Already exists
699edf835b1b Already exists
417a872b7725 Already exists
9795987f6d21 Already exists
d367c4088239 Already exists
8872511bddbc Already exists
0480ed0187bd Already exists
b0017df7bcb3 Already exists
380f388bda51 Already exists
7a5f9083cd95 Already exists
162eff0068ec Already exists
1179e52fa77f Already exists
linkding Pulled
Network ix-linkding_default Creating
Network ix-linkding_default Created
Container ix-linkding-permissions-1 Creating
Container ix-linkding-permissions-1 Created
Container ix-linkding-postgres-1 Creating
Container ix-linkding-postgres-1 Created
Container ix-linkding-linkding-1 Creating
Container ix-linkding-linkding-1 Created
Container ix-linkding-permissions-1 Starting
Container ix-linkding-permissions-1 Started
Container ix-linkding-permissions-1 Waiting
Container ix-linkding-permissions-1 Exited
Container ix-linkding-postgres-1 Starting
Container ix-linkding-postgres-1 Started
Container ix-linkding-permissions-1 Waiting
Container ix-linkding-postgres-1 Waiting
Container ix-linkding-permissions-1 Exited
Container ix-linkding-postgres-1 Error
dependency failed to start: container ix-linkding-postgres-1 is unhealthy

DjP-iX · November 15, 2024, 4:29pm

Portainer seems to have pulled the 2.24 image: Error when pulling from private registry in Version 2.24 · Issue #12379 · portainer/portainer · GitHub

The other two look like permissions issues. Take a look at the Run-As Context on the app details page for IDs to add to the ACLs for those datasets.

Edit: the fix is already waiting to merge for Portainer: stop copying migrations helpers and remove helpers from apps that won… by stavros-k · Pull Request #933 · truenas/apps · GitHub

GreymatterPrison · November 15, 2024, 4:37pm

For instance I would just need to add the following in the ACL?
Description:

MariaDB runs as non-root user.

Gid:

999

Group Name:

mariadb

Uid:

999

User Name:

mariadb

Thank you for the info on Portainer as well. I will roll it back.

DjP-iX · November 15, 2024, 4:42pm

Yes, typically you can use the Enable ACL option while mounting the host path to add an ACL entry for that ID

We did find a slightly more complicated process was needed for postgres on Nextcloud (Nextcloud | TrueNAS Documentation Hub) due to the container not passing NFSv4 ACL entries correctly, but I don’t know if the same applies to Linkding.

GreymatterPrison · November 15, 2024, 4:57pm

[EFAULT] Failed to apply ACLs to the following paths: 1) /mnt/Fast Storage/APP_Configs/Passbolt/maria_database: [EPERM] Filesystem permissions on path /mnt/Fast Storage/APP_Configs prevent access for user “netdata” to the path /mnt/Fast Storage/APP_Configs/Passbolt/maria_database. This may be fixed by granting the aforementioned user execute permissions on the path: /mnt/Fast Storage/APP_Configs.

Not sure what this means. Is netdata tied to ID 999?

EDIT: Netdata is tied to UID 999

DjP-iX · November 15, 2024, 5:00pm

Yup, but as long as the UID matches it can be a different user name in the container and in TrueNAS.

I think you either need to use the force flag on the ACL entry if you didn’t already try that, or try adding the permissions directly on the dataset ACL as that error message suggests

GreymatterPrison · November 15, 2024, 5:46pm

Ok, everything seems to be working. I had to add both UIDs to the corresponding datasets.

Does this create vulnerabilities in datasets giving out these permissions? like netdata being tied to UID 999 and also being used by the app for database permissions?

DjP-iX · November 15, 2024, 5:48pm

Not that I’m aware of. UID 999 just maps to a different user name on the host and in the container.

darkcloud784 · November 15, 2024, 7:45pm

This doesn’t seem to be reflected on the catalog the newest release of truenas is using. Guessing it will take some time for it, even when I attempt to force refresh the catalog it still says

[2024/11/15 11:38:50] (ERROR) app_lifecycle.compose_action():56 - Failed ‘up’ action for ‘portainer’ app: portainer Pulling
portainer Error manifest for portainer/portainer-ce:2.24.0 not found: manifest unknown: manifest unknown
Error response from daemon: manifest for portainer/portainer-ce:2.24.0 not found: manifest unknown: manifest unknown

DjP-iX · November 15, 2024, 7:51pm

The linked pull request is still open

darkcloud784 · November 15, 2024, 7:58pm

Ah, yea I should have noticed that. Thanks. Do you know when the PR will be merged?

darkcloud784 · November 15, 2024, 10:11pm

FYI to whoever is dropping by this, the PR has been merged. You can now refresh the catalog and it will correctly update/install portainer.

dirtyfreebooter · November 15, 2024, 11:02pm

i already had 2.24.0 installed, when truenas downgrades, portainer won’t start with database mismatch version…

Stux · November 16, 2024, 8:10pm

If you have snapshots setup, you could rollback your portainer config dataset to before the update.

If you don’t have snapshots setup… this video shows how I do it, and ways of recovering.

dirtyfreebooter · November 18, 2024, 7:50pm

yea i made a bunch of changes since my last snapshot and realized portainer is overly complex for my home setup. i just took the time to convert to dockge by just copy-pasting the compose.yml files from the /data dataset. dockge meets all my needs and is significantly simpler.