I finally found a way to get Step-CA to run and keep running.
- Create a TrueNAS user for “step” with UID 1000.
- Create a TrueNAS group for “step” with GID 1000.
- Set the Dataset(s) for the container to be owned by 1000:1000.
- Start the container.
It looks like there is a dependency on UID 1000.
There was nothing in the Docker container for Step-CA that I could find that led me to this requirement, but I found it when I ran docker exec commands to find out the user information in the container.
After find it, I think the dependency may be on the smallstep/cli container. There is a portion of that container definition that hardcodes the UID and GID of 1000. The smallstep/step-ca container includes/embeds this with a FROM statement. From what I’ve read, this means that the smallstep/cli container is layered into the smallstep/step-ca container.
I don’t know if there is a better way to handle this UID/GID requirement within the Custom App in TrueNAS. I tried a few things with Dataset ACLs and container settings in the Custom App setup unsuccessfully before creating the user and group, and changing the ownership of the Datasets.