SOLVED App: docker-compose (portainer) - Help needed

[rr5050]

In short: I can't get this app working. See details below. Help appreciated :)

TrueNAS-SCALE-22.02.4

App: docker-compose 20.10.20_3.0.3 (By Truecharts, stable version) (also tried version 2.1.0)

Truecharts guide to install this app: https://truecharts.org/docs/manual/SCALE Apps/docker-compose

My storage: ZFS, name: "pool".
Dataset: name "appdata". Created subfolder "portainer" and put the file "dockercompose_portainer.yml" in there. Tried with 3 different users as owner: local user (UID 1000), root, apps (UID 568). Also tried to set permissions to user/group/other to R/W/E (i.e. full access). Also tried with setting it to generic and SMB. Also tried to reapply permissions after I've put the yaml file in the folder.

Install steps I do:
1) Application Name: portainer
3) container Configuration, Docker Compose File (see attached) : /mnt/pool/appdata/portainer/dockercompose_portainer.yml
next >>> save >
App show as deploying under installed applications. And doesn't change from that ever. i.e. it doesn't work.

I have tried with simple compose files also just to see if it's working. From the look of the log files (see attached) it seems like it doesn't start on the compose file at all. The network in the compose file doesn't conflict with TrueNAS's network or my local network.

Another thing: Truecharts also has an "portainer-ce" app. This I can install, but it doesn't have a docker environment. It's possible to use docker-compose files there, but it's translated and often doesn't work like intented by the compose file. So unless someone knows how to use this app properly (from docker, not kubernetes view) I'm back to the app described above.

See attached files: log + compose

 

[rr5050]

Here is the full install setup:

Application Name: portainer
Version: 3.0.3
:
Show Advanced Controller Settings: false
Show Expert Configuration Options: false
Extra Args: false
Image Environment:
Docker Compose File: /mnt/pool/appdata/portainer/dockercompose_portainer.yml
Timezone: 'Europe/Oslo' timezone
Show Expert Configuration: false
Show Expert Config: false
Container Security Settings:
Change PUID / UMASK values: false
Show Advanced Security Settings: false
Pod Security Context:
runAsUser: 0
runAsGroup: 0
fsGroup: 0
When should we take ownership?: OnRootMismatch
Set Custom Resource Limits/Requests (Advanced): false
GPU Configuration:
GPU Resource (amd.com/gpu): Allocate 0 amd.com/gpu GPU
:
Codeserver:
Enabled: false
:
LoadBalancer IP:
Promtail:
Enabled: false
Netshoot:
Enabled: false
VPN:
Type: disabled
Please read the documentation at https://truecharts.org:
I have checked the documentation: true

 

[NugentS]

I am not sure if this will help but...
1. This is the yaml file I use
version: '3' services: portainer: image: cr.portainer.io/portainer/portainer-ee:latest container_name: portainer restart: always networks: - portainer ports: - "8000:8000" - "9443:9443" volumes: - /var/run/docker.sock:/var/run/docker.sock - /mnt/AppPool/Docker/Portainer/data:/data - /var/lib/docker/volumes:/var/lib/docker/volumes networks: portainer: external: false
2. I cannot get the latest version of portainer to run - it won't deploy. If I run the update I have to revert to a previous version, which does work

 

[rr5050]

thx for input :)

I experimented a little more, and found if I mount "/mnt" to hostpath "/mnt" it deploys. I'm gone experiment more, but it seems like truecharts guide is not up to date (as /mnt /root /cluster should have been mounted already).

 

[jpcapone]

thx for input :)

I experimented a little more, and found if I mount "/mnt" to hostpath "/mnt" it deploys. I'm gone experiment more, but it seems like truecharts guide is not up to date (as /mnt /root /cluster should have been mounted already).

I am having this same exact error that you were experiencing. Can you explain what your resolution was? I am not understanding what you mean when you say "if I mount "/mnt" to hostpath "/mnt" it deploys", Thanks in advance!

 

[rr5050]

Do note that this is on TrueNAS-SCALE-22.02.4, and using Truecharts's app: Docker-Compose

When adding the app, you need to fill in various information. When you come to the section "Storage and Persistence", you follow these steps (in this order):

1. Configure Additional App Storage
2. Add
3. Custom Storage
4. Type of Storage = Host path
5. Host Path = /mnt
6. Mount Path = /mnt

Don't know if it matters, but I have following NOT checked: "Automatic Permissions", "Read Only".

Bonus: I've added the following to get plex (as a container within the above setup) to transcode in memory also: Same as above, but setup another custom storage: Type of Storage = emptyDir, Mount path = /transcode, EmptyDir Medium = Memory

 

[jpcapone]

Thanks for the response. Following the instructions you provided I am getting the error below

Installing​

Error: [EINVAL] chart_release_create.persistenceList.0.hostPath: Invalid path /mnt. Mounting root dataset or path outside a pool is not allowed

I then changed the Host Path to the actual path with the compose file in it and i get this error:

Error​

[EFAULT] Failed to install chart release: Error: INSTALLATION FAILED: execution error at (docker-compose/templates/common.yaml:1:3): hostPath not set

Any suggestions?

 

[morganL]

Thanks for the response. Following the instructions you provided I am getting the error below

Installing​

Error: [EINVAL] chart_release_create.persistenceList.0.hostPath: Invalid path /mnt. Mounting root dataset or path outside a pool is not allowed

I then changed the Host Path to the actual path with the compose file in it and i get this error:

Error​

[EFAULT] Failed to install chart release: Error: INSTALLATION FAILED: execution error at (docker-compose/templates/common.yaml:1:3): hostPath not set

Any suggestions?

You need to disable Host Path validation in kubernetes settings.

 

[jpcapone]

You need to disable Host Path validation in kubernetes settings.

HOT DAMN! that did it! Thanks for all of your help, now i can go to bed LOL!

 

[SecCon]

So can you actually use Portainer to run docker apps?

 

[sretalla]

So can you actually use Portainer to run docker apps?

Yes

 

[SecCon]

well, I was asking the guys above if they still do it and if it still works.

@jpcapone @rr5050

 

[sretalla]

I do it and it works, yes.

 

[SecCon]

Well, mine won't.

First of all I tried the easiest way, via Truecharts and PVE.

The conf in the Truecharts app indicates it should work using ports 10400 and 10401 respectively, but when I check the logs it is complaining about lacking TLS handshake on 10402 and 10403. And also a bind_address on port 9443.

2023-04-26 08:34:26.615876+00:002023/04/26 08:34AM INF github.com/portainer/portainer/api/http/server.go:342 > starting HTTPS server | bind_address=:9443 2023-04-26 08:39:26.608730+00:002023/04/26 08:39AM INF github.com/portainer/portainer/api/adminmonitor/admin_monitor.go:61 > the Portainer instance timed out for security purposes, to re-enable your Portainer instance, you will need to restart Portainer | 2023-04-26 08:57:07.566125+00:00{"time":1682499427,"message":"http: TLS handshake error from 192.168.1.201:10402: remote error: tls: unknown certificate"} 2023-04-26 08:57:07.566178+00:00{"time":1682499427,"message":"http: TLS handshake error from 192.168.1.201:10403: remote error: tls: unknown certificate"}

Restarted averything obviously and most recent log is repeating

2023/04/26 09:13AM INF github.com/portainer/portainer/api/adminmonitor/admin_monitor.go:61 > the Portainer instance timed out for security purposes, to re-enable your Portainer instance, you will need to restart Portainer |

 

[SecCon]

Trying the host path validation removal in advanced stuff for apps

And that worked:

https://192.168.1.42:10400/#!/init/admin

My first successful start of an app in TrueNas Scale

There is still hope.

Now I intend this to handle my other docker containers.

 

[sretalla]

You might end up happier doing it this way:

Use a custom "Jail" in SCALE? (Possible? Alternatives?)

Being less familiar with Docker/Kubernetes and containers, while having good results with Jails under TrueNAS Core, I'm curious if it's possible to do the following in SCALE: Have a standalone "from scratch" container with specific CLI tools, mount points, and the ability to SSH into such a...

www.truenas.com

See the second suggestion (jailmaker) in that post.

 

[SecCon]

See that post ticks all the wrong acronyms for me: cli, ssh, custom mount points... Not interesting, doing my best to avoid it. Portainer, or maybe Podman, is a decent tool for the few docker images I want to run, and those amount to the overwhelming number of below 5.

From what I seem to be accomplishing right now, Scale, as such, will only handle SMB shares and storage. Nothing more complex than that, once my docker mgmt is in place and working as intended, on the same machine of course...

 

[sretalla]

A couple of commands with the jailmaker script, install docker in the "jail" then run portainer... the storage aspect is much simpler and you're likely to avoid a lot of TrueCharts update annoyance.

The choice is yours.

 

[NugentS]

I have tried the jailmaker script - it works. Not done anything with it yet - but the debian jail runs.

 

[NugentS]

Now running docker and Portainer-ee on the Jail, on its own IP address. All going swimingly so far.