mirror of
https://github.com/immich-app/immich.git
synced 2025-12-05 23:00:33 -08:00
146bf65d02
Description
-----------
When I follow the [developer setup](https://docs.immich.app/developer/setup) I run into a permission error using rootless docker. A while ago I asked on Discord in [#contributing](https://discord.com/channels/979116623879368755/1071165397228855327/1442974448776122592) about these ulimits.
I suggest to remove the `ulimits` altogether. It seems that @ItalyPaleAle has left the setting just hoping that it could help somebody in the future. See the [PR description](https://github.com/immich-app/immich/pull/4556).
How Has This Been Tested?
-------------------------
Using rootless docker:
```
$ docker context ls
NAME DESCRIPTION DOCKER ENDPOINT ERROR
default unix:///var/run/docker.sock
rootless * unix:///run/user/1000/docker.sock
```
Running `make` will fail because of permission errors:
```
$ docker compose -f ./docker/docker-compose.dev.yml up --remove-orphans
...
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting rlimits for ready process: error setting rlimit type 7: operation not permitted
```
On my machine I have the following hard limit for "Maximum number of open file descriptors":
```
$ ulimit -nH
524288
```
I can confirm that the permission error is caused by the security restrictions of the operating system mentioned above:
Changing `docker/docker-compose.dev.yml` like ..
```
ulimits:
nofile:
soft: 524289
hard: 524289
```
.. will lead to a permission error whereas this ..
```
ulimits:
nofile:
soft: 524288
hard: 524288
```
.. starts fine.
Apparently the defaults for these limits are coming from [systemd](26b2085d54/man/systemd.exec.xml (L1122)) which is used on nearly every linux distribution. So my assumption is that almost any linux user who uses rootless docker will run into a permission error when starting the development setup.
Checklist:
----------
- [x] I have performed a self-review of my own code
- [x] I have made corresponding changes to the documentation if applicable
- [x] I have no unrelated changes in the PR.
- [ ] I have confirmed that any new dependencies are strictly necessary.
- [ ] I have written tests for new code (if applicable)
- [ ] I have followed naming conventions/patterns in the surrounding code
- [ ] All code in `src/services/` uses repositories implementations for database calls, filesystem operations, etc.
- [ ] All code in `src/repositories/` is pretty basic/simple and does not have any immich specific logic (that belongs in `src/services/`)
185 lines
6.0 KiB
YAML
185 lines
6.0 KiB
YAML
#
|
|
# WARNING: To install Immich, follow our guide: https://docs.immich.app/install/docker-compose
|
|
#
|
|
# Make sure to use the docker-compose.yml of the current release:
|
|
#
|
|
# https://github.com/immich-app/immich/releases/latest/download/docker-compose.yml
|
|
#
|
|
# The compose file on main may not be compatible with the latest release.
|
|
|
|
# For development see:
|
|
# - https://docs.immich.app/developer/setup
|
|
# - https://docs.immich.app/developer/troubleshooting
|
|
|
|
name: immich-dev
|
|
|
|
services:
|
|
immich-server:
|
|
container_name: immich_server
|
|
command: ['immich-dev']
|
|
image: immich-server-dev:latest
|
|
# extends:
|
|
# file: hwaccel.transcoding.yml
|
|
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
|
|
build:
|
|
context: ../
|
|
dockerfile: server/Dockerfile.dev
|
|
target: dev
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ..:/usr/src/app
|
|
- ${UPLOAD_LOCATION}/photos:/data
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- pnpm-store:/usr/src/app/.pnpm-store
|
|
- server-node_modules:/usr/src/app/server/node_modules
|
|
- web-node_modules:/usr/src/app/web/node_modules
|
|
- github-node_modules:/usr/src/app/.github/node_modules
|
|
- cli-node_modules:/usr/src/app/cli/node_modules
|
|
- docs-node_modules:/usr/src/app/docs/node_modules
|
|
- e2e-node_modules:/usr/src/app/e2e/node_modules
|
|
- sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
|
|
- app-node_modules:/usr/src/app/node_modules
|
|
- sveltekit:/usr/src/app/web/.svelte-kit
|
|
- coverage:/usr/src/app/web/coverage
|
|
- ../plugins:/build/corePlugin
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
IMMICH_REPOSITORY: immich-app/immich
|
|
IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich
|
|
IMMICH_SOURCE_REF: local
|
|
IMMICH_SOURCE_COMMIT: af2efbdbbddc27cd06142f22253ccbbbbeec1f55
|
|
IMMICH_SOURCE_URL: https://github.com/immich-app/immich/commit/af2efbdbbddc27cd06142f22253ccbbbbeec1f55
|
|
IMMICH_BUILD: '9654404849'
|
|
IMMICH_BUILD_URL: https://github.com/immich-app/immich/actions/runs/9654404849
|
|
IMMICH_BUILD_IMAGE: development
|
|
IMMICH_BUILD_IMAGE_URL: https://github.com/immich-app/immich/pkgs/container/immich-server
|
|
IMMICH_THIRD_PARTY_SOURCE_URL: https://github.com/immich-app/immich/
|
|
IMMICH_THIRD_PARTY_BUG_FEATURE_URL: https://github.com/immich-app/immich/issues
|
|
IMMICH_THIRD_PARTY_DOCUMENTATION_URL: https://docs.immich.app
|
|
IMMICH_THIRD_PARTY_SUPPORT_URL: https://docs.immich.app/community-guides
|
|
ports:
|
|
- 9230:9230
|
|
- 9231:9231
|
|
- 2283:2283
|
|
depends_on:
|
|
redis:
|
|
condition: service_started
|
|
database:
|
|
condition: service_started
|
|
healthcheck:
|
|
disable: false
|
|
|
|
immich-web:
|
|
container_name: immich_web
|
|
image: immich-web-dev:latest
|
|
build:
|
|
context: ../
|
|
dockerfile: server/Dockerfile.dev
|
|
target: dev
|
|
command: ['immich-web']
|
|
env_file:
|
|
- .env
|
|
ports:
|
|
- 3000:3000
|
|
- 24678:24678
|
|
volumes:
|
|
- ..:/usr/src/app
|
|
- pnpm-store:/usr/src/app/.pnpm-store
|
|
- server-node_modules:/usr/src/app/server/node_modules
|
|
- web-node_modules:/usr/src/app/web/node_modules
|
|
- github-node_modules:/usr/src/app/.github/node_modules
|
|
- cli-node_modules:/usr/src/app/cli/node_modules
|
|
- docs-node_modules:/usr/src/app/docs/node_modules
|
|
- e2e-node_modules:/usr/src/app/e2e/node_modules
|
|
- sdk-node_modules:/usr/src/app/open-api/typescript-sdk/node_modules
|
|
- app-node_modules:/usr/src/app/node_modules
|
|
- sveltekit:/usr/src/app/web/.svelte-kit
|
|
- coverage:/usr/src/app/web/coverage
|
|
restart: unless-stopped
|
|
depends_on:
|
|
immich-server:
|
|
condition: service_started
|
|
|
|
immich-machine-learning:
|
|
container_name: immich_machine_learning
|
|
image: immich-machine-learning-dev:latest
|
|
# extends:
|
|
# file: hwaccel.ml.yml
|
|
# service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
|
|
build:
|
|
context: ../machine-learning
|
|
dockerfile: Dockerfile
|
|
args:
|
|
- DEVICE=cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference
|
|
ports:
|
|
- 3003:3003
|
|
volumes:
|
|
- ../machine-learning/immich_ml:/usr/src/immich_ml
|
|
- model-cache:/cache
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- database
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
disable: false
|
|
|
|
redis:
|
|
container_name: immich_redis
|
|
image: docker.io/valkey/valkey:9@sha256:4503e204c900a00ad393bec83c8c7c4c76b0529cd629e23b34b52011aefd1d27
|
|
healthcheck:
|
|
test: redis-cli ping || exit 1
|
|
|
|
database:
|
|
container_name: immich_postgres
|
|
image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
POSTGRES_PASSWORD: ${DB_PASSWORD}
|
|
POSTGRES_USER: ${DB_USERNAME}
|
|
POSTGRES_DB: ${DB_DATABASE_NAME}
|
|
POSTGRES_INITDB_ARGS: '--data-checksums'
|
|
volumes:
|
|
- ${UPLOAD_LOCATION}/postgres:/var/lib/postgresql/data
|
|
ports:
|
|
- 5432:5432
|
|
shm_size: 128mb
|
|
# set IMMICH_TELEMETRY_INCLUDE=all in .env to enable metrics
|
|
# immich-prometheus:
|
|
# container_name: immich_prometheus
|
|
# ports:
|
|
# - 9090:9090
|
|
# image: prom/prometheus
|
|
# volumes:
|
|
# - ./prometheus.yml:/etc/prometheus/prometheus.yml
|
|
# - prometheus-data:/prometheus
|
|
|
|
# first login uses admin/admin
|
|
# add data source for http://immich-prometheus:9090 to get started
|
|
# immich-grafana:
|
|
# container_name: immich_grafana
|
|
# command: ['./run.sh', '-disable-reporting']
|
|
# ports:
|
|
# - 3000:3000
|
|
# image: grafana/grafana:10.3.3-ubuntu
|
|
# volumes:
|
|
# - grafana-data:/var/lib/grafana
|
|
|
|
volumes:
|
|
model-cache:
|
|
prometheus-data:
|
|
grafana-data:
|
|
pnpm-store:
|
|
server-node_modules:
|
|
web-node_modules:
|
|
github-node_modules:
|
|
cli-node_modules:
|
|
docs-node_modules:
|
|
e2e-node_modules:
|
|
sdk-node_modules:
|
|
app-node_modules:
|
|
sveltekit:
|
|
coverage:
|