Permission denied for "data" directory. #61
Description
When building and deploying EspCRM as a container using Apache (leveraging the espocrm-docker/apache/) with Cloud Build to run as a container in Cloud Run, I am getting the initial landing page with:
Permission denied for "data" directory.
Please set 775 for "data" or just execute this command in the terminal
cd /var/www/html && find data -type d -exec chmod 775 {} + && chown -R 33:33 .;
Operation is not permitted? Try this one: cd /var/www/html && sudo find data -type d -exec sudo chmod 775 {} + && sudo chown -R 33:33 .;
The cloudbuild.yaml file is:
# cloudbuild.yaml
steps:
# Step 0: Clone the espocrm-docker GitHub repository.
# This repository contains the Dockerfile and necessary Apache configuration.
- name: 'gcr.io/cloud-builders/git'
args: ['clone', 'https://github.com/espocrm/espocrm-docker.git']
id: 'Clone Repository'
# Step 1: Build the Docker image from the 'apache' subdirectory.
# This step uses the 'docker' builder to execute the Docker build command.
# -t: Tags the image with a name and a destination for Google Container Registry.
# $PROJECT_ID is a built-in Cloud Build variable.
# './espocrm-docker/apache': Specifies the build context (where Dockerfile and 000-default.conf are).
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '-t', 'gcr.io/$PROJECT_ID/espocrm', './espocrm-docker/apache']
id: 'Build Docker Image'
# Step 2: Push the built Docker image to Google Container Registry.
- name: 'gcr.io/cloud-builders/docker'
args: ['push', 'gcr.io/$PROJECT_ID/espocrm']
id: 'Push Docker Image'
# Step 3: Deploy the EspoCRM service to Cloud Run.
# We use the custom built 'gcr.io/$PROJECT_ID/espocrm' image.
# Environment variables for database connection are passed securely.
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
entrypoint: bash
args:
- '-c'
- |
gcloud run deploy espocrm \
--image gcr.io/$PROJECT_ID/espocrm \
--region $_REGION \
--platform managed \
--allow-unauthenticated \
--vpc-connector=espocrm-connector \
--ingress=internal-and-cloud-load-balancing \
--timeout=600s \
--port=80 \
--set-env-vars=ESPOCRM_DATABASE_HOST=127.0.0.1,ESPOCRM_DATABASE_PORT=3306,ESPOCRM_DATABASE_USER=espocrm_user,ESPOCRM_DATABASE_NAME=espocrm_db,ESPOCRM_DATABASE_PLATFORM=Mysql,ESPOCRM_CONFIG_LOGGER_LEVEL=DEBUG \
--add-cloudsql-instances=$(gcloud sql instances describe espocrm-mariadb --format="value(connectionName)" --project=$PROJECT_ID --quiet) \
--update-secrets=ESPOCRM_DATABASE_PASSWORD=espocrm-db-user-password:latest
id: Deploy to Cloud Run
# 'images' field lists the Docker image(s) that are expected to be pushed.
images:
- 'gcr.io/$PROJECT_ID/espocrm'
# Define substitution variables for flexible builds.
substitutions:
_REGION: 'us-central1' # Default region, can be overridden by build triggerThis is due to the Install entry not being able to write to the data directory. From what I can see the permissions should be taken care of by setPermissions in the docker-entrypoint.sh. In particular chown -R $owner:$group /var/www/html should be taking care of this.
The /var/www/html/data is created through the expansion of the ExpoCRM zip file that is downloaded in the Dockerfile and moved to /usr/src/espocrm. Subsequently the docker-entrypoint.sh then copies all the source files to the /var/www/html/ location.
cp -a "$SOURCE_FILES/." /var/www/html/
The -a includes recursion and even though the data directory is empty it should still get moved, so the assumption is that the /var/www/html/data directory exists and that this is maybe an ownership issue.
I suspect that the user who is running the entry point script is different than the user that is running the web server.