[Solved] Docker unable to mount nfs

Hello,

I am going mad with nfs (on truenas) and docker. I think it is a permission thing but I don’t know how to solve it.

This is the error message I get when composer starts with the right dataset (media_nas)

docker compose up -d
[+] Running 2/3
 ✔ Network docker_default     Created                                                                                                                                                0.0s 
 ✔ Volume "docker_media_nas"  Created                                                                                                                                                0.0s 
 ⠙ Container jellyfin         Creating                                                                                                                                               0.1s 
Error response from daemon: failed to copy file info for /var/lib/docker/volumes/docker_media_nas/_data: failed to chown /var/lib/docker/volumes/docker_media_nas/_data: lchown /var/lib/docker/volumes/docker_media_nas/_data: operation not permitted

this is my test docker-composer.yml

services:

  jellyfin:
    container_name: jellyfin
    image: jellyfin/jellyfin
    user: 1000:1000
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./jellyfin/config:/config
      - ./jellyfin/cache:/cache
      - media_nas:/media                #  <== this not work
#      - registrazioni:/media           #  <== this work       
    ports:
      - 8096:8086
      - 8920:8920
      - 1900:1900
      - 7359:7359
    restart: unless-stopped
    runtime: nvidia
    deploy:
      resources:
        reservations:
          devices:
            - capabilities: [gpu]
    environment:
      - NVIDIA_VISIBLE_DEVICES=all
      - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
      - TZ=Europe/Rome


volumes:
  media_nas:
    driver: local
    driver_opts:
      type: nfs
      o: addr=192.168.207.10,nolock,soft,rw,vers=4
      device:  :/mnt/domotica_6/media

  registrazioni:
    driver: local
    driver_opts:
      type: nfs
      o: addr=192.168.207.10,nolock,soft,rw,vers=4
      device:  :/mnt/telecamere/frigate_registrazioni

If I swap the device path, from “media_nas” to “registrazioni” everything works

here the log

casa@domotica:~/docker$ docker volume rm docker_media_nas
docker_media_nas


root@domotica:/var/lib/docker/volumes# ls -l
total 32
brw------- 1 root root 254, 1 Apr 24 13:53 backingFsBlockDev
drwx-----x 3 root root   4096 Apr 24 15:32 docker_media_nas
drwx-----x 3 root root   4096 Apr 24 15:35 docker_registrazioni
-rw------- 1 root root  32768 Apr 24 15:35 metadata.db


root@domotica:/var/lib/docker/volumes# ls -l docker_media_nas
total 8
drwxr-xr-x 2 root root 4096 Apr 24 15:32 _data
-rw------- 1 root root  133 Apr 24 15:32 opts.json

root@domotica:/var/lib/docker/volumes# ls -l docker_registrazioni
total 13
drwxrwxr-x 10 3001 3001  12 Apr 24 14:56 _data
-rw-------  1 root root 149 Apr 24 15:35 opts.json

“docker_registrazioni” get the right user and group 3001:3001 set on Truenas for this share but “media_nas” not and remain with the root…

How can I solve?

My solution is to use fstab to mount the NFS shares to the system and then specify the paths in docker-compose file

volumes:    
      - "/mnt/TrueNAS_NFS/Share:/usr/share/data" 

Thank you @LTS_Tom , later I will do some test with your solution

In meantime now I fixed the issue I had creating and user and a group (on the host machine) with the same number of the user I used to create the nfs share on truenas.

I am not a big expert on that, is your solution better?

Because using my fix I have to carbon copy the users (or at least groups) I have on truenas…

# create a group with same number of the nfs share
sudo groupadd -g 3001 gaia_media

#create a new user with same id and group of the nfs share
sudo useradd -u 3001 -g 3001 gaia_media

# se a password for the new user (i don t know if it is necessary)
sudo passwd gaia_media 

# add my local user (casa) to the gaia_media group, so I can mount the nfs on the host and rw because group on nfs share has write permissions
sudo usermod -aG gaia_media casa

then I modified the docker-compose.yml to run jellyfin as user with ID 1000 (casa): 3001 (gaia_media)

services:

  jellyfin:
    container_name: jellyfin
    image: jellyfin/jellyfin
    user: 1000:3001
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./jellyfin/config:/config
      - ./jellyfin/cache:/cache
      - media:/media
    network_mode: host # <= I want to fix this to use the port instead
#    ports:
#      - 8096:8086
#      - 8920:8920
#      - 1900:1900
#      - 7359:7359
    restart: unless-stopped
    runtime: nvidia
    deploy:
      resources:
        reservations:
          devices:
            - capabilities: [gpu]
    environment:
      - NVIDIA_VISIBLE_DEVICES=all
      - NVIDIA_DRIVER_CAPABILITIES=compute,video,utility
      - TZ=Europe/Rome


volumes: 
  media:
    driver: local
    driver_opts:
      type: nfs
      o: nfsvers=4,addr=192.168.207.10,rw,nolock,soft
      device: :/mnt/domotica_6/media

  registrazioni:
    driver: local
    driver_opts:
      type: nfs
      o: nfsvers=4,addr=192.168.207.10,rw,nolock,soft
      device:  :/mnt/telecamere/frigate_registrazioni

and it works! And works also the nvidia encoding/decoding (another thing I had to try), I am happy an entire afternoon trashed but now works

Welcome to the world of Information Technology (IT).

2 Likes

This unfortunately is not the most optimal solution because docker will create a new directory locally when the nfs volume is not mounted (such as failing to mount on boot, network outage, etc). The problem is that the app will start on a blank slate and you would have to go in, shutdown the container, re-mount the nfs volume, and then start the container back up. If you define NFS via the docker-compose file, the container will just fail to start until the nfs target is available (which is what it should do).