Azure Container Instances
An Azure service that provides customers with a serverless container experience.
741 questions
Problem deploying Container Instance of PostgreSQL database server mounted on file share
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 27%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Pablo Schor
0
Reputation points
I'm creating a PostgreSQL container instance with this command line
az container create --resource-group sofresgroup --name sofpostgres --image sofacr.azurecr.io/postgres:17.4 --ports 5432 --environment-variables POSTGRES_PASSWORD=xxxxxx --azure-file-volume-account-name sofstorageacct --azure-file-volume-account-key xxxxxx--azure-file-volume-share-name soffileshare --azure-file-volume-mount-path /var/lib/postgresql/data --dns-name-label sofpostgres --registry-login-server sofacr.azurecr.io --registry-username sofacr --registry-password xxxxx --restart-policy Never
When I deploy the container, this is what I see in the logs, apparently there's a problem with the ownership of the data directory, how to fix this?
2025-03-01 22:34:17.008 UTC [135] FATAL: data directory "/var/lib/postgresql/data" has wrong ownership
2025-03-01 22:34:17.008 UTC [135] HINT: The server must be started by the user that owns the data directory. child process exited with exit code 1
initdb: removing contents of data directory "/var/lib/postgresql/data" running bootstrap script ...
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 82%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Venkat V 775 Reputation points Microsoft External Staff2025-03-03T16:29:47.1933333+00:00 Hi @Pablo Schor
Can you please check if the image is running locally using the command below and share the result screenshot?
docker run -it --rm -e POSTGRES_USER=admin -e POSTGRES_PASSWORD=Welcome@123$ -e POSTGRES_DB=mydatabase venaktacr.azurecr.io/postgres:17.4The error you encountered above is due to a permission issue. Since ACI does not allow changing ownership (
chown) of mounted Azure File Share directories, we must initialize PostgreSQL in a subdirectory (PGDATA) where PostgreSQL can write without permission issues.Your PostgreSQL container in ACI is failing due to incorrect ownership of/var/lib/postgresql/data, which is mounted as root because it is using Azure File Share.Modify your deployment to set
PGDATAto a subdirectory inside:/var/lib/postgresql/data -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 78%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Pablo Schor 0 Reputation points2025-03-03T17:16:26.62+00:00 Yes, the container works fine when I run your docker command locally, no issues. I understand that since the azure file share runs under root instead of the postgres user this fails. Question: how can I change the az container create statement to tell Azure to mount the volume with postgres instead of root?
-
Arko 335 Reputation points Microsoft External Staff2025-03-04T12:39:49.4133333+00:00 Hello Pablo Schor,
To deploy PostgreSQL on Azure Container Instance
Create Azure Storage and File Share
az storage account create ` --name "arkstorageacct2025" ` --resource-group "arkorg" ` --location "East US" ` --sku "Standard_LRS"
retrieve your storage account key
$STORAGE_KEY = az storage account keys list ` --resource-group "arkorg" ` --account-name "arkstorageacct2025" ` --query "[0].value" ` --output tsv Write-Host "Storage Key: $STORAGE_KEY"Create one File Share
az storage share create ` --name "arkfileshare2025" ` --account-name "arkstorageacct2025" ` --account-key $STORAGE_KEYPush your PostgreSQL image to ACR
az acr login --name "arkacr2025" --username "arkacr2025" --password "abcdefgh"docker pull postgres:17.4 docker tag postgres:17.4 arkacr2025.azurecr.io/postgres:17.4 docker push arkacr2025.azurecr.io/postgres:17.4Done. Now you can deploy PostgreSQL on ACI and mount your File Share
az container create ` --resource-group "arkorg" ` --name "arkpostgres2025" ` --image "arkacr2025.azurecr.io/postgres:17.4" ` --cpu 2 ` --memory 4 ` --ports 5432 ` --environment-variables POSTGRES_PASSWORD="abcdefghijk" ` --azure-file-volume-account-name "arkstorageacct2025" ` --azure-file-volume-account-key $STORAGE_KEY ` --azure-file-volume-share-name "arkfileshare2025" ` --azure-file-volume-mount-path "/var/lib/postgresql/data" ` --dns-name-label "arkpostgres2025" ` --registry-login-server "arkacr2025.azurecr.io" ` --registry-username "arkacr2025" ` --registry-password "abcdefghijk" ` --command-line "sh -c 'chown -R 999:999 /var/lib/postgresql/data && exec docker-entrypoint.sh postgres'"
-
Pablo Schor 0 Reputation points
2025-03-04T20:20:11.66+00:00 Thanks, Arko, I followed the steps, but the container ends with error, see below the container create command result and the log, what could be the problem?
{
"confidentialComputeProperties": null,
"containers": [
{ "command": [ "sh", "-c", "chown -R 999:999 /var/lib/postgresql/data && exec docker-entrypoint.sh postgres" ], "environmentVariables": [ { "name": "POSTGRES_PASSWORD", "secureValue": null, "value": "xxxxxx" } ], "image": "sofacr.azurecr.io/postgres:17.4", "instanceView": { "currentState": { "detailStatus": "Error", "exitCode": 1, "finishTime": "2025-03-04T20:03:42.112000+00:00", "startTime": "2025-03-04T20:03:36.981000+00:00", "state": "Terminated" }, "events": [ { "count": 1, "firstTimestamp": "2025-03-04T20:03:10+00:00", "lastTimestamp": "2025-03-04T20:03:10+00:00", "message": "pulling image \"sofacr.azurecr.io/postgres@sha256:0140e5f7ee4d04c008696a142a0019a13c7ef1a30d18414ccc0ed4cd1308f25c\"", "name": "Pulling", "type": "Normal" }, { "count": 1, "firstTimestamp": "2025-03-04T20:03:21+00:00", "lastTimestamp": "2025-03-04T20:03:21+00:00", "message": "Successfully pulled image \"sofacr.azurecr.io/postgres@sha256:0140e5f7ee4d04c008696a142a0019a13c7ef1a30d18414ccc0ed4cd1308f25c\"", "name": "Pulled", "type": "Normal" }, { "count": 1, "firstTimestamp": "2025-03-04T20:03:36+00:00", "lastTimestamp": "2025-03-04T20:03:36+00:00", "message": "Started container", "name": "Started", "type": "Normal" }, { "count": 1, "firstTimestamp": "2025-03-04T20:03:42+00:00", "lastTimestamp": "2025-03-04T20:03:42+00:00", "message": "Container sofpostgres terminated with ExitCode 1.", "name": "Killing", "type": "Normal" } ], "previousState": null, "restartCount": 0 }, "livenessProbe": null, "name": "sofpostgres", "ports": [ { "port": 5432, "protocol": "TCP" } ], "readinessProbe": null, "resources": { "limits": null, "requests": { "cpu": 2.0, "gpu": null, "memoryInGb": 4.0 } }, "securityContext": null, "volumeMounts": [ { "mountPath": "/var/lib/postgresql/data", "name": "azurefile", "readOnly": null } ] }],
"diagnostics": null,
"dnsConfig": null,
"encryptionProperties": null,
"extensions": null,
"id": "/subscriptions/222fc2d3-3697-4612-9721-73c28684cc38/resourceGroups/sofresgroup/providers/Microsoft.ContainerInstance/containerGroups/sofpostgres",
"identity": null,
"imageRegistryCredentials": [
{ "identity": null, "identityUrl": null, "isDelegatedIdentity": false, "password": null, "server": "sofacr.azurecr.io", "username": "sofacr" }],
"initContainers": [],
"instanceView": {
"events": [ { "count": 1, "firstTimestamp": "2025-03-04T20:03:36.102000+00:00", "lastTimestamp": "2025-03-04T20:03:36.102000+00:00", "message": "Successfully mounted Azure File Volume.", "name": "SuccessfulMountAzureFileVolume", "type": "Normal" } ], "state": "Failed"},
"ipAddress": {
"autoGeneratedDomainNameLabelScope": "Unsecure", "dnsNameLabel": "sofpostgres", "fqdn": "sofpostgres.eastus.azurecontainer.io", "ip": "20.120.56.210", "ports": [ { "port": 5432, "protocol": "TCP" } ], "type": "Public"},
"location": "eastus",
"name": "sofpostgres",
"osType": "Linux",
"priority": null,
"provisioningState": "Succeeded",
"resourceGroup": "sofresgroup",
"restartPolicy": "Never",
"sku": "Standard",
"subnetIds": null,
"tags": {},
"type": "Microsoft.ContainerInstance/containerGroups",
"volumes": [
{ "azureFile": { "readOnly": null, "shareName": "soffileshare", "storageAccountKey": null, "storageAccountName": "sofstorageacct" }, "emptyDir": null, "gitRepo": null, "name": "azurefile", "secret": null }],
"zones": null
}
The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale "en_US.utf8". The default database encoding has accordingly been set to "UTF8". The default text search configuration will be set to "english". Data page checksums are disabled. fixing permissions on existing directory /var/lib/postgresql/data ... ok creating subdirectories ... ok selecting dynamic shared memory implementation ... posix selecting default "max_connections" ... 25 selecting default "shared_buffers" ... 400kB selecting default time zone ... Etc/UTC creating configuration files ... ok 2025-03-04 20:03:38.987 UTC [144] FATAL: data directory "/var/lib/postgresql/data" has wrong ownership 2025-03-04 20:03:38.987 UTC [144] HINT: The server must be started by the user that owns the data directory. child process exited with exit code 1 initdb: removing contents of data directory "/var/lib/postgresql/data" running bootstrap script ... -
Pablo Schor 0 Reputation points
2025-03-04T20:27:37.4033333+00:00 And the container exported template:
{ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "containerGroups_sofpostgres_name": { "defaultValue": "sofpostgres", "type": "String" } }, "variables": {}, "resources": [ { "type": "Microsoft.ContainerInstance/containerGroups", "apiVersion": "2024-10-01-preview", "name": "[parameters('containerGroups_sofpostgres_name')]", "location": "eastus", "properties": { "sku": "Standard", "containers": [ { "name": "[parameters('containerGroups_sofpostgres_name')]", "properties": { "image": "sofacr.azurecr.io/postgres:17.4", "command": [ "sh", "-c", "chown -R 999:999 /var/lib/postgresql/data && exec docker-entrypoint.sh postgres" ], "ports": [ { "protocol": "TCP", "port": 5432 } ], "environmentVariables": [ { "name": "POSTGRES_PASSWORD", "value": "xxxxx" } ], "resources": { "requests": { "memoryInGB": 4, "cpu": 2 } }, "volumeMounts": [ { "name": "azurefile", "mountPath": "/var/lib/postgresql/data" } ] } } ], "initContainers": [], "imageRegistryCredentials": [ { "server": "sofacr.azurecr.io", "username": "sofacr" } ], "restartPolicy": "Never", "ipAddress": { "ports": [ { "protocol": "TCP", "port": 5432 } ], "type": "Public", "dnsNameLabel": "[parameters('containerGroups_sofpostgres_name')]", "autoGeneratedDomainNameLabelScope": "Unsecure" }, "osType": "Linux", "volumes": [ { "name": "azurefile", "azureFile": { "shareName": "soffileshare", "storageAccountName": "sofstorageacct" } } ] } } ] }
Sign in to comment
Sign in to answer