I have two mounts running in docker containers, set up as compose services.
All my services are running under their own user and a shared group. For example, Rclone is running as rclone:dukemedia
(13003:13000), Sonarr is running as sonarr:dukemedia
(13001:13000), etc.
The two mounts are a data mount that stores shared data like usenet downloads and Sonarr/Radarr media:
remote-data:
container_name: remote-data
image: rclone/rclone:latest
user: 13003:${SHARED_GID}
privileged: true
environment:
- PUID=13003
- PGID=${SHARED_GID}
- UMASK=002
volumes:
- ${DIR_LOCAL_CONF}/rclone:/config/rclone
- ${DIR_LOCAL_CONF}/rclone-cache:/cache
- ${DIR_RCLONE_DATA}:/data:shared
- /etc/passwd:/etc/passwd:ro
- /etc/group:/etc/group:ro
- /etc/fuse.conf:/etc/fuse.conf:ro
devices:
- /dev/fuse
security_opt:
- apparmor:unconfined
command:
[
'mount', 'crypt:data', '/data/mount',
'--vfs-cache-mode', 'full',
'--vfs-write-back', '1h',
'--umask', '002',
'--uid', '13003',
'--gid', '${SHARED_GID}',
'--dir-perms', '0775',
'--file-perms', '664',
'--cache-dir', '/cache',
'--allow-other',
'-vvv'
]
healthcheck:
test: grep -q ready "/data/mount/healthcheck.txt"
interval: 10s
timeout: 10s
retries: 1
start_period: 30s
... and a config mount that stores config files for most other apps:
remote-config:
container_name: remote-config
image: rclone/rclone:latest
user: 13003:${SHARED_GID}
privileged: true
environment:
- PUID=13003
- PGID=${SHARED_GID}
- UMASK=002
volumes:
- ${DIR_LOCAL_CONF}/rclone:/config/rclone
- ${DIR_LOCAL_CONF}/rclone-cache:/cache
- ${DIR_RCLONE_CONFIG}:/data:shared
- /etc/passwd:/etc/passwd:ro
- /etc/group:/etc/group:ro
- /etc/fuse.conf:/etc/fuse.conf:ro
devices:
- /dev/fuse
security_opt:
- apparmor:unconfined
command:
[
'mount', 'crypt:config', '/data/mount',
'--vfs-cache-mode', 'full',
'--vfs-write-back', '10m',
'--umask', '002',
'--uid', '13003',
'--gid', '${SHARED_GID}',
'--dir-perms', '0775',
'--file-perms', '664',
'--cache-dir', '/cache',
'--allow-other',
'-vvv'
]
healthcheck:
test: grep -q ready "/data/mount/healthcheck.txt"
interval: 10s
timeout: 10s
retries: 1
start_period: 30s
Both services are running the latest
tag and running rclone --version
inside of them at the time of writing gives me:
rclone v1.61.1
- os/version: alpine 3.17.0 (64 bit)
- os/kernel: 5.15.0-56-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.19.4
- go/linking: static
- go/tags: none
Both containers are mounting the same crypt remote, which covers a Google Drive backend (Workspace Enterprise)
They are binding to the same cache directory on the host, I don't know if this could be a problem, but I assume not since each mount seems to get its own directory under that.
Both containers are using this Rclone config:
[gdrive]
type = drive
client_id = <REDACTED>
client_secret = <REDACTED>
scope = drive
token = <REDACTED>
team_drive =
[crypt]
type = crypt
remote = gdrive:rclone
password = <REDACTED>
password2 = <REDACTED>
Now, for the actual issue: Sonarr/Radarr sends something to Sab. Sab downloads it. Sonarr/Radarr sees that it's done. No issues so far. But now Sonarr/Radarr will use Mediainfo to try to detect samples (and probably some other things) and this is where things go wrong. Sonarr/Radarr continually tries to do this and spam the events tab/debug log with the following: Hastebin: Send and Save Text or Code Snippets for Free | Toptal®
I originally assumed that this was an issue with the Sonarr/Radarr containers, but I noticed that literally within seconds of the cache writeback kicking in, Sonarr/Radarr is able able to do what it needs to do, and imports the files without any issues so it seems it's an issue with the VFS cache or at least with the way Sonarr/Radarr is able to interact with it.
At the same time as this happening, I get the following in the rclone log (container output with -vvv
on the mount command): Hastebin: Send and Save Text or Code Snippets for Free | Toptal®