[GH-ISSUE #760] Failed to validate run directory on host after stack write (canonicalize error) #3553

New Issue

Closed

opened 2026-04-13 15:04:26 -05:00 by GiteaMirror · 6 comments

GiteaMirror commented 2026-04-13 15:04:26 -05:00

Owner

Copy Link

Originally created by @ragchuck on GitHub (Aug 23, 2025).
Original GitHub issue: https://github.com/moghtech/komodo/issues/760

I've described my use case in this https://github.com/moghtech/komodo/issues/758#issuecomment-3217274733.

• I want to reuse my existing stacks directory (stack_dir = "/opt/stacks".
• I gave the komodo:komodo user ownership of the directory.
• The stacks directory lies outside of the currently configured root (root_directory = "/home/komodo")

Whenever I try to "Pull Images" I get the following error:

ERROR: 500 Internal Server Error

TRACE:
1: Failed to validate run directory on host after stack write (canonicalize error)
2: Permission denied (os error 13)

It's hard to track the error down.

From what I can see is that the canonicalize here is unable to access the file path.

Based on the canonicalize documentation, the Unix equivalent is realpath:
When I try to perform realpath /opt/stacks/repo_name with the komodo user it works.

Doesn't the service run with the users permissions? I mean the user is part of the docker group and it works.

/home/komodo/.config/systemd/user/periphery.service

[Unit]
Description=Agent to connect with Komodo Core

[Service]
Environment="HOME=/home/komodo"
ExecStart=/bin/sh -lc "/home/komodo/.local/bin/periphery --config-path /home/komodo/.config/komodo/periphery.config.toml"
Restart=on-failure
TimeoutStartSec=0

[Install]
WantedBy=default.target

Not sure what else I could try.

Sure, I could migrate everything to the /etc/komodo directory, but I my approach should also work, right? I also think, this is a situation to learn something new. Maybe somebody can me point me to the error in my thought process.

Originally created by @ragchuck on GitHub (Aug 23, 2025). Original GitHub issue: https://github.com/moghtech/komodo/issues/760 I've described my use case in this https://github.com/moghtech/komodo/issues/758#issuecomment-3217274733. * I want to reuse my existing stacks directory (`stack_dir = "/opt/stacks"`. * I gave the `komodo:komodo` user ownership of the directory. * The stacks directory lies outside of the currently configured root (`root_directory = "/home/komodo"`) Whenever I try to "Pull Images" I get the following error: > ERROR: 500 Internal Server Error > > TRACE: > 1: Failed to validate run directory on host after stack write (canonicalize error) > 2: Permission denied (os error 13) It's hard to track the error down. From what I can see is that the [canonicalize here](https://github.com/moghtech/komodo/blob/cae80b43e5c35ed2d3836ba07df5cf9c0dbfbb99/bin/periphery/src/api/compose.rs#L350) is unable to access the file path. Based on the [canonicalize documentation](https://doc.rust-lang.org/beta/std/fs/fn.canonicalize.html), the Unix equivalent is `realpath`: When I try to perform `realpath /opt/stacks/repo_name` with the komodo user it works. Doesn't the service run with the users permissions? I mean the user is part of the docker group and it works. <details><summary>/home/komodo/.config/systemd/user/periphery.service</summary> <p> ``` [Unit] Description=Agent to connect with Komodo Core [Service] Environment="HOME=/home/komodo" ExecStart=/bin/sh -lc "/home/komodo/.local/bin/periphery --config-path /home/komodo/.config/komodo/periphery.config.toml" Restart=on-failure TimeoutStartSec=0 [Install] WantedBy=default.target ``` </p> </details> Not sure what else I could try. Sure, I could migrate everything to the `/etc/komodo` directory, but I my approach should also work, right? I also think, this is a situation to learn something new. Maybe somebody can me point me to the error in my thought process.

GiteaMirror closed this issue 2026-04-13 15:04:26 -05:00

GiteaMirror commented 2026-04-13 15:04:27 -05:00

Author

Owner

Copy Link

@mbecker20 commented on GitHub (Aug 24, 2025):

It looks like an ownership issue, Komodo user will need rw permission under /opt/stack too. Did you apply ownership recursively (-R)?

<!-- gh-comment-id:3217907893 --> @mbecker20 commented on GitHub (Aug 24, 2025): It looks like an ownership issue, Komodo user will need rw permission under /opt/stack too. Did you apply ownership recursively (-R)?

GiteaMirror commented 2026-04-13 15:04:28 -05:00

Author

Owner

Copy Link

@ragchuck commented on GitHub (Aug 30, 2025):

Sorry for not responding earlier. Yes, all files under the directory in question have the owner and group set. Though, some files need to be for root, because some containers are not rootless (yet).

<!-- gh-comment-id:3239173073 --> @ragchuck commented on GitHub (Aug 30, 2025): Sorry for not responding earlier. Yes, all files under the directory in question have the owner and group set. Though, some files need to be for root, because some containers are not rootless (yet).

GiteaMirror commented 2026-04-13 15:04:28 -05:00

Author

Owner

Copy Link

@codeshell commented on GitHub (Sep 8, 2025):

The reason might be rather trivial.
@ragchuck it is slightly different because you hit error 13 instead of error 2, but it's worth a try, I guess.

I hit a similar roadblock when adding a new server via peripery running as (--user) service.

Task Error: Stage 1 of 1 | 0.0 seconds

ERROR: 500 Internal Server Error

TRACE:
	1: Failed to validate run directory on host after stack write (canonicalize error)
	2: No such file or directory (os error 2)

• ❌ Pull Stack: With Pull Images from the Stack in Komodo, the repos_dir folder was created but empty and the task failed.
• ❌ Deploy Stack: With Redeploy from the Stack in Komodo, the stacks_dir was successfully created but empty and the task failed.

Thus most likely not a permission problem.

Only then it occurred to me that the host system (UGOS in my example) might not have git installed.

komodo-agent@NAS:~$ git --version
bash: git: command not found

So for me this error was fixed by running the following on the server with the "seemingly misbehaving" periphery:

sudo apt-get install git

I double checked the Komodo documentation and the periphery install logging. There is no test for it as dependency or at least a warning that as long as git is missing on the remote server some features cannot be used. Maybe this could be included somewhere because it is so obvious that you might forget to check this on a non standard system :)

<!-- gh-comment-id:3267328558 --> @codeshell commented on GitHub (Sep 8, 2025): The reason might be rather trivial. @ragchuck _it is slightly different because you hit error 13 instead of error 2, but it's worth a try, I guess._ I hit a similar roadblock when adding a new server via peripery running as (--user) service. Task Error: Stage 1 of 1 | 0.0 seconds ```stderr ERROR: 500 Internal Server Error TRACE: 1: Failed to validate run directory on host after stack write (canonicalize error) 2: No such file or directory (os error 2) ``` - ❌ Pull Stack: With `Pull Images` from the Stack in Komodo, the `repos_dir` folder was created but empty and the task failed. - ❌ Deploy Stack: With `Redeploy` from the Stack in Komodo, the `stacks_dir` was successfully created but empty and the task failed. Thus most likely _not_ a permission problem. Only then it occurred to me that the host system (UGOS in my example) might not have `git` installed. ```sh komodo-agent@NAS:~$ git --version bash: git: command not found ``` So for me this error was fixed by running the following on the server with the "seemingly misbehaving" periphery: ```sh sudo apt-get install git ``` _I double checked the Komodo documentation and the periphery install logging. There is no test for it as dependency or at least a warning that as long as `git` is missing on the remote server some features cannot be used. Maybe this could be included somewhere because it is so obvious that you might forget to check this on a non standard system :)_

GiteaMirror commented 2026-04-13 15:04:29 -05:00

Author

Owner

Copy Link

@mbecker20 commented on GitHub (Sep 8, 2025):

@codeshell thanks for report, there is an issue open for this #797

<!-- gh-comment-id:3268115371 --> @mbecker20 commented on GitHub (Sep 8, 2025): @codeshell thanks for report, there is an issue open for this #797

GiteaMirror commented 2026-04-13 15:04:29 -05:00

Author

Owner

Copy Link

@ragchuck commented on GitHub (Sep 8, 2025):

It looks like an ownership issue, Komodo user will need rw permission under /opt/stack too. Did you apply ownership recursively (-R)?

So, it worked after I also changed the owner of the parent directory /opt/stacks.

It's not clear to me, why it also needs the parent's directory the same owner.

<!-- gh-comment-id:3268144784 --> @ragchuck commented on GitHub (Sep 8, 2025): > It looks like an ownership issue, Komodo user will need rw permission under /opt/stack too. Did you apply ownership recursively (-R)? So, it worked after I also changed the owner of the parent directory /opt/stacks. It's not clear to me, why it also needs the parent's directory the same owner.

GiteaMirror commented 2026-04-13 15:04:30 -05:00

Author

Owner

Copy Link

@mbecker20 commented on GitHub (Sep 8, 2025):

IIRC it needs write on parent folder in order to make a new folder inside it, this happens when you clone new stack.

<!-- gh-comment-id:3268325398 --> @mbecker20 commented on GitHub (Sep 8, 2025): IIRC it needs write on parent folder in order to make a new folder inside it, this happens when you clone new stack.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

2.2.0

gh-pages-docs

legacy-v1-frontend

copilot/secure-local-authentication

v0

legacy

v2.1.2

v2.1.1

v2.1.0

v2.0.0

v2.0.0-dev-124

v2.0.0-dev-123

v2.0.0-dev-120

v2.0.0-dev-118

v2.0.0-dev-114

v2.0.0-dev-112

v2.0.0-dev-111

v2.0.0-dev-102

v2.0.0-dev-98

v2.0.0-dev-90

v2.0.0-dev-86

v2.0.0-dev-72

v2.0.0-dev-59

v2.0.0-dev-53

v2.0.0-dev-50

v2.0.0-dev-36

v1.19.5

v2.0.0-dev-35

v1.19.4

v1.19.3

v1.19.2

v1.19.1

v1.19.1-dev-14

v1.19.0

v1.19.0-dev-9

v1.18.4

1.18.5-dev-5

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.5

v1.17.4

v1.17.3

v1.17.4-dev-1

v1.17.2

v1.17.2-dev-1

v1.17.1

v1.17.0

v1.17.0-dev-7

v1.17.0-dev-4

v1.17.0-dev-3

v1.17.0-dev-5

v1.17.0-dev-6

v1.17.0-dev-2

v1.17.0-dev-1

v1.16.12

v1.16.11

v1.16.10

v1.16.9

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.12

v1.15.11

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.14.0-rc1

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.3

v1.7.0

v1.6.0

v1.5.0

v1.4.0

v1.2.0

v1.1.0

v1.0.0

v0.3.4

v0.3.3

v0.3.2

v0.3.0

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.1

v0.2.0

v0.1.17

v0.1.16

v0.1.15

v0.1.11

v0.1.10

v0.1.9

Labels

Clear labels

1.19.0

1.19.1

1.19.2

1.19.3

1.19.4

2.0.0

bug

documentation

done

enhancement

help wanted

info

pull-request

Mirrored from GitHub Pull Request

question

security

seen 👀

setup

thinking 🤔

ui

v2

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/komodo#3553