Docker NR & ttyUSB0 Permission denied

Hello, since a few days I test NR Docker.
I use Portainer.io to manage my containers. It's quite simple.
Now I want to be able to use the serialport node to read what is on the USB port (RFlink card) of my OrangePi.
So I found the place where to bring up the ttyUSB0 port in the container, but there is still a problem of access rights. I don't know how and where to add the node-red user to the diaolout group or maybe launch the container as root?

Would you have any suggestions, solutions to help me.

Thanks to all !

Inside the NR container:

Inside Portainer.io

On the editor

The whole stack

You can add node-red to the dialout group by adding the following commands in your node-red dockerfile

USER root
RUN addgroup node-red dialout
USER node-red

maybe you also need to check if your dialout group exists in your docker container an is having the same group ID as your host machine.

I read in the documentation that you have to launch the container with the addition of the user to the dialout group,
but I can't find the way to make it work under portainer.io
Syntax error ?

this is what i see under the Pi for USB0

With portainer GUI, we don't use dockerfile :upside_down_face:
i tried to translate this specific command with no luck actually

What is your actual command to run the container ?

Sorry, I don't know, because everything is hidden by the portainer.io GUI.
Here is the container log, it seems that the additional command is taken into account, at least I have the impression.
I tried to change the User by root, so I lost my flow but still the access problem.

The --group-add option is a docker run option and not a node.js option.

You should be able to specify it somehow when creating a new container.

you can always start (run) the container from outside portainer - and then manage it from there (and then maybe see where is sets/saves that extra option)

yes indeed, I will try to understand the dockerfile commands and run it by hand.
I may ask the question in the portainer forum.
I looked in the directory used by portainer, it seems that it uses its DB to store its configuration, no traces of a readable file :pensive:

Did you use this tool or do you pass the commands by hand?

How do you add node red in portainer? Do you specify a docker image?

The image is: nodered/node-red (it takes the latest)

The process is:

  1. create the volume:

Add Network if needed:

  1. Add container:

and fill the yellow fields

Under Volume:

Under Network :
image

Under Runtime

And press Deploy and that's it
image

So one solution would be to build your own image with the appropriate modifications.

I'll do some digging, I have a feeling it's just a syntax problem in the Command field.

I can see in the container log that the order is placed but it is malformed compared to what I circled in red

build my container, probably the next step :thinking:
For now I want to stay with the standard

I don't think that is your problem.

The command field allows you to specify the docker CMD for your container.

What you need is a way to specify docker run options (more particularly the --group-add option).
I understand that you have created your container by adding the container via portainer.
I did have a quick look and I don't think it is possible to specify docker run options via portainer.

You can of course create an image from a simple container that is adding the dialout group for node-red user (see my earlier post) and select this image in portainer when adding a new container.

Yes, i did.

I just asked the question in the portainer.io forum.
If I get a positive answer, I'll come back to put it on my post

1 Like

I just found this possibility into Portainer.io.
This could be the place to write the orders used when creating a container

What you mention there is the possibility to use a docker-compose file, but I don't think you can add a group to node-red via a docker-compose file.

You need to create a simple image that sets the permission.
So you need to create a Dockerfile with following contents on the host machine where portainer is running.

FROM nodered/node-red

USER root
RUN addgroup node-red dialout
USER node-red

You can a build an docker image based on the above Dockerfile using below command (should be run in the same folder where you have created the above Dockerfile)

[root@nuc-jan test]# docker build -t node-red-with-dialout-permissions .
Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM nodered/node-red:1.2.9-12
 ---> 9772fc53c59f
Step 2/4 : USER root
 ---> Using cache
 ---> f51e7cd902b0
Step 3/4 : RUN addgroup node-red dialout
 ---> Running in 15b6a066db67
Removing intermediate container 15b6a066db67
 ---> dfcc57c65d21
Step 4/4 : USER node-red
 ---> Running in 407d4e0100a9
Removing intermediate container 407d4e0100a9
 ---> 0e44d20e1653
Successfully built 0e44d20e1653
Successfully tagged node-red-with-dialout-permissions:latest
[root@nuc-jan test]# 

Now you can deploy a container using image node-red-with-dialout-permissions:latest in portainer as you used to do.

I have tested this and it works for me as you can see in screenshot below:

2 Likes

It does indeed work. Great :smiley:
You have to do things on the command line. as often
I'm going to get an arduino to connect to the USB and see if there is a real dialog that goes back to NR.
I'll give you a feedback as soon as I've done the manipulation.

1 Like

Yes, it works.
Except that the name USB0 has become ACM0.
Changed this in the container and the flow, Et voilà !

I really appreciate your help in moving forward on the docker path.

1 Like

So, if I understand correctly, I can create an image with the nodes I need in my flows in the same way.
One question, what about the configuration-flows-credentials files.
Will they be included in the image or will they be left separately ?
The ones in my case /data that physically point to /var/lib/docker/volumes/node_red_user_data/_data ?