The following content was originally posted on my omg.lol Weblog on October 9th, 2024. I don't manage my services with podman compose anymore, instead opting for podman kube play, but hopefully the contents are still useful to someone.
My team wanted to take YouTrack for a test drive, so I figured I'd spin it up on our internal podman server. Unfortunately, I'm a bit a of a podman noob, so I ran into some trouble along the way. Here's what I did to get the server running:
Writing the config
We run a lot of services, so we typically write a Docker Compose configuration file that we execute using podman compose. Here's the resulting compose.yaml:
version: "3"
services:
youtrack:
image: docker.io/jetbrains/youtrack:2024.3.48383
ports:
- "8081:8080"
volumes:
- /media/dregheap/youtrack/data:/opt/youtrack/data:z
- /media/dregheap/youtrack/conf:/opt/youtrack/conf:z
- /media/dregheap/youtrack/logs:/opt/youtrack/logs:z
- /media/dregheap/youtrack/backups:/opt/youtrack/backups:z/media/dregheap is the root of our durable storage; I didn't create any of these directories by myself, instead opting to rely on podman to create them. That caused a couple of issues, but we'll address how I fixed that. You'll also note that I'm running the service on port 8081 on the host, and not the 8080 that JetBrains recommends.
To get this config running, I ran podman compose up in the directory where the file was. If you do the same, you'll note that the server doesn't start. Let's fix that now.
Fixing file permissions
The reason that the server doesn't start right off the bat is because JetBrains uses the Docker non-root user in their container. While this would normally be great, it causes us a little headache, since most containers execute their process as root.
Since the user executing the YouTrack process in the container is not root (and subsequently has a different user ID and group as whichever user you're executing podman commands as), we need to tweak the ownership of the now-created directories. And--bless their hearts--JetBrains even tells us what the user and group IDs are so we can right our ownership wrongs.
If you just try and chmod the directories to fix the problem, however, you will not get very far, since the UID specified is not the same as the UID within podman. So, you need to use podman unshare.
cd /media/dregheap/youtrack
podman unshare chown -R 13001:13001 data conf logs backupsNow, we're good to go. Navigate back to where compose.yaml is and let's finish up.
Networking and GUI Setup
There were two other things that tripped me up upon initial configuration:
It was helpful to have my reverse-proxy ready to go before rebooting the container
Don't mess with the default port in the GUI wizard!!!!
After you have your reverse proxy set up, you can run podman compose up to launch the YouTrack server again. In the wizard, you'll note that it has a field for default port on the host; if you change this, YouTrack won't be able to connect to itself. Although the service is configured for port 8081 on the host, as far as the container is concerned, the YouTrack server is listening on port 8080. Avoid tweaking this value and you'll save yourself a little headache.