docker-compose error "read-only file system"

Question

I designed a docker-compose.yml file that also supposed to work with individual volumes.

I created a raid-drive which is mounted as /dataraid to my system. I can read/write to the system, but when using it in my compose file, I get read-only file system error messages.

Adjusting the volumes to a other path like /home/myname/test the compose file works.

I have no idea what the /dataraid makes it "read-only".

What are the permissions settings a compose file needs?

error message:

ERROR: for db  Cannot start service db: error while creating mount source path '/dataraid/nextcloud/mariadb': mkdir /dataraid: read-only file system

compose:

version: '3'
services:
  db:
    image: mariadb
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - /dataraid/nextcloud/mariadb:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=PASSWORD
    env_file:
      - db.env
  redis:
    image: redis
    restart: always
  app:
    image: nextcloud:fpm
    restart: always
    volumes:
      - /dataraid/nextcloud/html:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  web:
    build: ./web
    restart: always
    volumes:
      - /dataraid/nextcloud/html:/var/www/html:ro
    environment:
      - VIRTUAL_HOST=name.de
      - LETSENCRYPT_HOST=name.de
      - [email protected]
    depends_on:
      - app
    ports:
      - 4080:80
    networks:
      - proxy-tier
      - default
  collabora:
    image: collabora/code
    expose:
       - 9980
    cap_add:
      - MKNOD
    environment:
      - domain=name.de
      - VIRTUAL_HOST=name.de
      - VIRTUAL_PORT=9980
      - VIRTUAL_PROTO=https
      - LETSENCRYPT_HOST=name.de
      - [email protected]
      - username=            #optional
      - password=       #optional
    networks:
      - proxy-tier
    restart: always
  cron:
    build: ./app
    restart: always
    volumes:
      - /dataraid/nextcloud/html:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 443:443
      - 80:80
    environment:
      - VIRTUAL_PROTO=https
      - VIRTUAL_PORT=443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - /dataraid/nextcloud/nginx-certs:/etc/nginx/certs:ro
      - /dataraid/nextcloud/nginx-vhost.d:/etc/nginx/vhost.d
      - /dataraid/nextcloud/nginx-html:/usr/share/nginx/html
      - /dataraid/nextcloud/nginx-conf.d:/etc/nginx/conf.d
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - /dataraid/nextcloud/nginx-certs:/etc/nginx/certs
      - /dataraid/nextcloud/nginx-vhost.d:/etc/nginx/vhost.d
      - /dataraid/nextcloud/nginx-html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
networks:
  proxy-tier:

see error messages:

bernd@sys-dock:/dataraid/Docker-Configs/nextcloud$ docker-compose up -d
Creating network "nextcloud_default" with the default driver
Creating network "nextcloud_proxy-tier" with the default driver
Creating nextcloud_db_1 ...
Creating nextcloud_proxy_1     ... error
Creating nextcloud_db_1        ... error
Creating nextcloud_collabora_1 ...
ERROR: for nextcloud_proxy_1  Cannot start service proxy: error while creating mount source path '/dataraid/nextcloud/nginx-certs': mkdir /dataraid: read-only file system
Creating nextcloud_redis_1     ... done
Creating nextcloud_collabora_1 ... done
ERROR: for proxy  Cannot start service proxy: error while creating mount source path '/dataraid/nextcloud/nginx-certs': mkdir /dataraid: read-only file system
ERROR: for db  Cannot start service db: error while creating mount source path '/dataraid/nextcloud/mariadb': mkdir /dataraid: read-only file system
ERROR: Encountered errors while bringing up the project.

Answer 1

If docker starts before the filesystem gets mounted, you could be seeing issues with the docker engine trying to write to the parent filesystem. You can restart the docker daemon to rule this out (systemctl restart docker in systemd base environments).

If restarting the daemon helps, then you can add a dependency between the docker engine and the external filesystem mounts. In systemd, that involves an After= clause in the unit file. E.g. you could create a /etc/systemd/system/docker.service.d/override.conf file containing:

[Unit]
After=nfs-client.target

(Note that I'm not sure that nfs-client.target is the correct unit file for your filesystem, you'll want to check where it gets mounted.)

---

Another issue I've seen people encounter recently is Snap based docker installs, which run docker inside of another container technology, which would prevent access to paths not explicitly configured in the Snap.