Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

N8N don´t work in ECS with readonlyRootFilesystem enabled #11743

Open
periclesjunior opened this issue Nov 14, 2024 · 8 comments
Open

N8N don´t work in ECS with readonlyRootFilesystem enabled #11743

periclesjunior opened this issue Nov 14, 2024 · 8 comments
Labels
in linear Issue or PR has been created in Linear for internal review

Comments

@periclesjunior
Copy link

Bug Description

Hi,

I managed to provision the N8N on AWS ECS (fargate) with AWS EFS for data persistence with the path in the /home/node/.n8n container and the readonlyRootFilesystem parameter set to false, but when I set it to true it doesn't work

To Reproduce

  1. Create ECS services
  2. Create EFS volume for mount point for /home/node/.n8n container path
  3. Configure mount point for AWS EFS volume in task definition
  4. Set readonlyRootFilesystem = true
  5. Change readonlyRootFilesystem = false

Expected behavior

I would like it to work with readonlyRootFilesystem enabled, since it works with readonlyRootFilesystem disabled, or get help in configuring the other container paths necessary for the application to function correctly

Operating System

Alpine Linux v3.20.3 (docker.n8n.io/n8nio/n8n image)

n8n Version

1.67.1

Node.js Version

20.18.0

Database

SQLite (default)

Execution mode

main (default)
@Joffcom
Copy link
Member

Joffcom commented Nov 14, 2024

Hey @periclesjunior,

We have created an internal ticket to look into this which we will be tracking as "GHC-443"

@Joffcom Joffcom added the in linear Issue or PR has been created in Linear for internal review label Nov 14, 2024
@periclesjunior periclesjunior changed the title N8N don´t work in ECS with readonlyRootFilesystem disabled N8N don´t work in ECS with readonlyRootFilesystem enabled Nov 14, 2024
@netroy
Copy link
Member

netroy commented Nov 14, 2024

n8n needs write permissions on /home/node/.cache and /home/node/.n8n to work.
there is unfortunately currently no workaround for that.

maybe you could setup separate writable volumes to mount to these paths. These can be ephemeral volumes.

@periclesjunior
Copy link
Author

periclesjunior commented Nov 14, 2024
edited
Loading

n8n needs write permissions on /home/node/.cache and /home/node/.n8n to work. there is unfortunately currently no workaround for that.

maybe you could setup separate writable volumes to mount to these paths. These can be ephemeral volumes.

Hi,

My container definitions after your suggestion, but don´t work

            "mountPoints": [
                {
                    "sourceVolume": "managed-agents",
                    "containerPath": "/managed-agents/execute-command",
                    "readOnly": false
                },
                {
                    "sourceVolume": "n8n-cache",
                    "containerPath": "/home/node/.cache/",
                    "readOnly": false
                },
                {
                    "sourceVolume": "modules",
                    "containerPath": "/usr/local/lib/node_modules/n8n/node_modules/",
                    "readOnly": false
                },
                {
                    "sourceVolume": "n8n-bin",
                    "containerPath": "/usr/local/lib/node_modules/n8n/bin/",
                    "readOnly": false
                },
                {
                    "sourceVolume": "local-bin",
                    "containerPath": "/usr/local/bin/",
                    "readOnly": false
                },
                {
                    "sourceVolume": "n8n_data_efs",
                    "containerPath": "/home/node/.n8n",
                    "readOnly": false
                }
            "volumesFrom": [],
            "linuxParameters": {
                "initProcessEnabled": true
            },
            "readonlyRootFilesystem": true,

Log error message

2024-11-14T18:45:09.026Z /docker-entrypoint.sh: exec: line 14: n8n: not found

@netroy
Copy link
Member

netroy commented Nov 14, 2024
edited
Loading

if you are using a n8n docker image, why are you mounting /usr/local/bin/* ? that's messing up the files that n8n needs to to run.

@netroy
Copy link
Member

netroy commented Nov 14, 2024

maybe try just this

"mountPoints": [
                {
                    "sourceVolume": "managed-agents",
                    "containerPath": "/managed-agents/execute-command",
                    "readOnly": false
                },
                {
                    "sourceVolume": "n8n-cache",
                    "containerPath": "/home/node/.cache/",
                    "readOnly": false
                },
                {
                    "sourceVolume": "n8n_data_efs",
                    "containerPath": "/home/node/.n8n",
                    "readOnly": false
                }
            "volumesFrom": [],
            "linuxParameters": {
                "initProcessEnabled": true
            },
            "readonlyRootFilesystem": true,

@periclesjunior
Copy link
Author

maybe try just this

"mountPoints": [
                {
                    "sourceVolume": "managed-agents",
                    "containerPath": "/managed-agents/execute-command",
                    "readOnly": false
                },
                {
                    "sourceVolume": "n8n-cache",
                    "containerPath": "/home/node/.cache/",
                    "readOnly": false
                },
                {
                    "sourceVolume": "n8n_data_efs",
                    "containerPath": "/home/node/.n8n",
                    "readOnly": false
                }
            "volumesFrom": [],
            "linuxParameters": {
                "initProcessEnabled": true
            },
            "readonlyRootFilesystem": true,

I tried this settings, but don´t work

2024-11-14T19:08:42.752Z User settings loaded from: /home/node/.n8n/config
2024-11-14T19:08:47.000Z Last session crashed
2024-11-14T19:08:57.016Z Initializing n8n process
2024-11-14T19:08:58.342Z n8n ready on 0.0.0.0, port 5678
2024-11-14T19:08:58.678Z Error: EACCES: permission denied, mkdir '/home/node/.cache/n8n'
2024-11-14T19:08:58.678Z at mkdir (node:internal/fs/promises:858:10)
2024-11-14T19:08:58.678Z at compileFile (/usr/local/lib/node_modules/n8n/dist/commands/start.js:109:17)
2024-11-14T19:08:58.678Z at Start.generateStaticAssets (/usr/local/lib/node_modules/n8n/dist/commands/start.js:128:9)
2024-11-14T19:08:58.678Z at Start.init (/usr/local/lib/node_modules/n8n/dist/commands/start.js:172:13)
2024-11-14T19:08:58.678Z at Start._run (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/command.js:301:13)
2024-11-14T19:08:58.678Z at Config.runCommand (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/config/config.js:424:25)
2024-11-14T19:08:58.678Z at run (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/main.js:94:16)
2024-11-14T19:08:58.678Z at /usr/local/lib/node_modules/n8n/bin/n8n:72:2
2024-11-14T19:08:58.679Z Exiting due to an error.
2024-11-14T19:08:58.679Z Error: Exiting due to an error.
2024-11-14T19:08:58.679Z at Start.exitWithCrash (/usr/local/lib/node_modules/n8n/dist/commands/base-command.js:115:49)
2024-11-14T19:08:58.679Z at Start.catch (/usr/local/lib/node_modules/n8n/dist/commands/start.js:281:20)
2024-11-14T19:08:58.679Z at Start._run (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/command.js:306:29)
2024-11-14T19:08:58.679Z at Config.runCommand (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/config/config.js:424:25)
2024-11-14T19:08:58.679Z at run (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/main.js:94:16)
2024-11-14T19:08:58.679Z at /usr/local/lib/node_modules/n8n/bin/n8n:72:2
2024-11-14T19:08:58.680Z EACCES: permission denied, mkdir '/home/node/.cache/n8n'
2024-11-14T19:08:58.680Z Error: EACCES: permission denied, mkdir '/home/node/.cache/n8n'
2024-11-14T19:08:58.680Z at mkdir (node:internal/fs/promises:858:10)
2024-11-14T19:08:58.680Z at compileFile (/usr/local/lib/node_modules/n8n/dist/commands/start.js:109:17)
2024-11-14T19:08:58.680Z at Start.generateStaticAssets (/usr/local/lib/node_modules/n8n/dist/commands/start.js:128:9)
2024-11-14T19:08:58.680Z at Start.init (/usr/local/lib/node_modules/n8n/dist/commands/start.js:172:13)
2024-11-14T19:08:58.680Z at Start._run (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/command.js:301:13)
2024-11-14T19:08:58.680Z at Config.runCommand (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/config/config.js:424:25)
2024-11-14T19:08:58.680Z at run (/usr/local/lib/node_modules/n8n/node_modules/@oclif/core/lib/main.js:94:16)
2024-11-14T19:08:58.680Z at /usr/local/lib/node_modules/n8n/bin/n8n:72:2

@netroy
Copy link
Member

netroy commented Nov 14, 2024
edited
Loading

it looks like those volumes are being created with permissions that node user does not have permissions to write to.
You'd need to add an init container to your task definition, mount the same volumes there, and run a chown -R 1000:1000 /home/node/.cache /home/node/.n8n as theroot user.
Hopefully you'll only need to do this once.

@netroy
Copy link
Member

netroy commented Nov 14, 2024

perhaps this is relevant https://aws.amazon.com/blogs/containers/developers-guide-to-using-amazon-efs-with-amazon-ecs-and-aws-fargate-part-2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in linear Issue or PR has been created in Linear for internal review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@netroy @Joffcom @periclesjunior