🐛 IMMICH - Failed to write /share/immich/encoded-video/.immich:

[niekbruggeman]

Description

Hi Alex and developers,
I bought you two coffee so that you have something to drink while looking into my issue.

I am having trouble with a fresh install of the Immich-addon (v1.119.1) within my HA instance (latest stable).
After setting up the required configuration options, I get the following error I'm not able solve.

\share\immich is a CIFS share mounted on my synology NAS.
When i start the addon the share is empty, containing no folders and no files.
After starting the addon, i see one folder \library is automatically created by the addon.

I double and triple checked the access-rights of the addon and on the file share.
The addon is running with the highest privileges, and the user used for mounting the share is owner of the mounted share having full read and write access on files folders an sub files and folders.
I can only assume where are sufficient write privileges as the \library folder is created by the addon.

While searching for the error i found that there was a similar issue with v1.115.0 last month.
immich-app/immich#12798
The solution there was to create the necessary folder structure and .immich files by hand.
This was not a solution in my situation with the addon. (used folder stucture below)

Then I tried placing the data_location: not on a mounted drive, but on local storage of my HA instance.
I set data_location: \media\immichlocal. This resulted in the same behavior.

As you can see, only the folder \library is created. And the error remains.
I'm unable to start the addon.

As last resort I tried installing the official docker image (in a totally different docker-contrainer manager, not as an addon) and mounting the same location. I ran into the same issue, but with the official docker image I was able to workaround the error by creating the folder structure by hand als below (as mentioned in /discussions/12798) .

\upload.immich
\thumbs.immich
\profile.immich
\machine-learning.immich
\library.immich
\encoded-video.immich

After creation the structure the docker image in de containermanager started and functioned like supposed.
Like i mentioned above, this was not a workaround with the immich addon from your repository.

With the most basic installation and new installation from scratch, I'm not able to successfully start the addon.
So there for i reported a bug, but it is always possible that i'm doing something wrong.

Please advise. Thanks in advance.
I will reply on questions and reportback test results ASAP.

Reproduction steps

1. Install Immich addon from alexbelgium repository
2. configure options

DB_DATABASE_NAME: immich
DB_HOSTNAME: homeassistant.local
DB_PASSWORD: homeassistant
DB_PORT: "5432"
DB_USERNAME: postgres
DISABLE_MACHINE_LEARNING: false
JWT_SECRET: ????????????????REMOVED??????????????????
PGID: 1000
PUID: 1000
TZ: Europe/Paris
data_location: /media/immichlocal

3. Start Addon.
4. View addon logs.

Addon Logs

-----------------------------------------------------------
 Add-on: Immich
 Self-hosted photo and video backup solution directly from your mobile phone
-----------------------------------------------------------
 Add-on version: 1.119.1
 You are running the latest version of this add-on.
 System: Home Assistant OS 13.2  (amd64 / generic-x86-64)
 Home Assistant Core: 2024.10.4
 Home Assistant Supervisor: 2024.10.3
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums
-----------------------------------------------------------
 Provided by: https://github.com/alexbelgium/hassio-addons 
-----------------------------------------------------------
 Defining permissions for main user : 
User UID: 1000
User GID : 1000
-----------------------------------------------------------
/etc/cont-init.d/00-global_var.sh: executing
DB_DATABASE_NAME='immich'
DB_HOSTNAME='homeassistant.local'
DB_PASSWORD=******
DB_PORT='5432'
DB_USERNAME='postgres'
DISABLE_MACHINE_LEARNING='false'
JWT_SECRET='jt+OVWY6WqKJXw3xF5qOxN5L5/f4u2jlIlCQgWS3E4w='
PGID='1000'
PUID='1000'
TZ='Europe/Paris'
data_location='/share/immich'
/etc/cont-init.d/00-local_mounts.sh: executing
/etc/cont-init.d/00-smb_mounts.sh: executing
/etc/cont-init.d/01-config_yaml.sh: executing
Setting permissions for the config.yaml directory

Load environment variables from /config/addons_config/immich/config.yaml if existing
If accessing the file with filebrowser it should be mapped to /homeassistant/addons_config/immich/config.yaml
---------------------------------------------------------
Wiki here on how to use : github.com/alexbelgium/hassio-addons/wiki/Add‐ons-feature-:-add-env-variables

... no env variables found, exiting
/etc/cont-init.d/01-custom_script.sh: executing
Execute /homeassistant/addons_autoscripts/immich.sh if existing
Wiki here : github.com/alexbelgium/hassio-addons/wiki/Add-ons-feature-:-customisation
/etc/cont-init.d/20-folders.sh: executing
[11:46:18] INFO: Setting data location
... check /share/immich folder exists
... setting permissions





[mod-init] Downloading imagegenius/mods:universal-redis from registry-1.docker.io
[mod-init] Installing imagegenius/mods:universal-redis
[mod-init] imagegenius/mods:universal-redis applied to container
[migrations] started
[migrations] no migrations found

╔═══════════════════════════════╗
       __  _____ _____       __
      / / |_   _/ ____|     / /
     / /    | || |  __     / /
    / /     | || | |_ |   / /
   / /     _| || |__| |  / /
  /_/     |_____\_____| /_/

  Baseimage from linuxserver.io
╠═══════════════════════════════╣
  User/Group ID:
  User UID: 1000
  User GID: 1000
╚═══════════════════════════════╝
**** creating video group video7vse with id 103 ****
**** adding /dev/dri/renderD128 to video group video7vse with id 103 ****
**** creating video group video73ef with id 28 ****
**** adding /dev/dri/card0 to video group video73ef with id 28 ****
**** Adding redis to package install list ****
[pkg-install-init] **** Installing all mod packages ****
Hit:1 http://archive.ubuntu.com/ubuntu noble InRelease
Get:2 http://archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Hit:4 http://archive.ubuntu.com/ubuntu oracular InRelease
Get:5 http://archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [921 kB]
Fetched 1,174 kB in 5s (224 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  libatomic1 libjemalloc2 liblzf1 redis-tools
Suggested packages:
  ruby-redis
The following NEW packages will be installed:
  libatomic1 libjemalloc2 liblzf1 redis-server redis-tools
0 upgraded, 5 newly installed, 0 to remove and 5 not upgraded.
Need to get 1,491 kB of archives.
After this operation, 7,608 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 libatomic1 amd64 14.2.0-4ubuntu2~24.04 [10.5 kB]
Get:2 http://archive.ubuntu.com/ubuntu noble/universe amd64 libjemalloc2 amd64 5.3.0-2build1 [256 kB]
Get:3 http://archive.ubuntu.com/ubuntu noble/universe amd64 liblzf1 amd64 3.6-4 [7,624 B]
Get:4 http://archive.ubuntu.com/ubuntu noble/universe amd64 redis-tools amd64 5:7.0.15-1build2 [1,165 kB]
Get:5 http://archive.ubuntu.com/ubuntu noble/universe amd64 redis-server amd64 5:7.0.15-1build2 [51.7 kB]
Fetched 1,491 kB in 1s (1,923 kB/s)
Selecting previously unselected package libatomic1:amd64.
(Reading database ... 
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 22677 files and directories currently installed.)
Preparing to unpack .../libatomic1_14.2.0-4ubuntu2~24.04_amd64.deb ...
Unpacking libatomic1:amd64 (14.2.0-4ubuntu2~24.04) ...
Selecting previously unselected package libjemalloc2:amd64.
Preparing to unpack .../libjemalloc2_5.3.0-2build1_amd64.deb ...
Unpacking libjemalloc2:amd64 (5.3.0-2build1) ...
Selecting previously unselected package liblzf1:amd64.
Preparing to unpack .../liblzf1_3.6-4_amd64.deb ...
Unpacking liblzf1:amd64 (3.6-4) ...
Selecting previously unselected package redis-tools.
Preparing to unpack .../redis-tools_5%3a7.0.15-1build2_amd64.deb ...
Unpacking redis-tools (5:7.0.15-1build2) ...
Selecting previously unselected package redis-server.
Preparing to unpack .../redis-server_5%3a7.0.15-1build2_amd64.deb ...
Unpacking redis-server (5:7.0.15-1build2) ...
Setting up libjemalloc2:amd64 (5.3.0-2build1) ...
Setting up liblzf1:amd64 (3.6-4) ...
Setting up libatomic1:amd64 (14.2.0-4ubuntu2~24.04) ...
Setting up redis-tools (5:7.0.15-1build2) ...
Setting up redis-server (5:7.0.15-1build2) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.
Processing triggers for libc-bin (2.39-0ubuntu8.3) ...
[custom-init] No custom files found, skipping...
Starting api worker
[Nest] 1230  - 11/04/2024, 11:47:06 AM     LOG [Api:EventRepository] Initialized websocket server
[Nest] 1230  - 11/04/2024, 11:47:07 AM     LOG [Api:MapRepository] Initializing metadata repository
[Nest] 1230  - 11/04/2024, 11:47:07 AM     LOG [Api:MetadataService] Initialized local reverse geocoder
[Nest] 1230  - 11/04/2024, 11:47:07 AM     LOG [Api:SystemConfigService] LogLevel=log (set via system config)
[Nest] 1230  - 11/04/2024, 11:47:07 AM     LOG [Api:ServerService] Feature Flags: {
  "smartSearch": true,
  "facialRecognition": true,
  "duplicateDetection": true,
  "map": true,
  "reverseGeocoding": true,
  "importFaces": false,
  "sidecar": true,
  "search": true,
  "trash": true,
  "oauth": false,
  "oauthAutoLaunch": false,
  "passwordLogin": true,
  "configFile": false,
  "email": false
}
[Nest] 1230  - 11/04/2024, 11:47:07 AM     LOG [Api:StorageService] Verifying system mount folder checks (enabled=true)
[Nest] 1230  - 11/04/2024, 11:47:07 AM   ERROR [Api:StorageService] Failed to write /share/immich/encoded-video/.immich: Error: EACCES: permission denied, open '/share/immich/encoded-video/.immich'
api worker exited with code 1

Architecture

No response

OS

No response

[niekbruggeman]

I found out that after creating the file manually the error message changed fom "Failed to read" of "Failed to write"

created the file with the following command: touch encoded-video/.immich

[Nest] 3654 - 11/04/2024, 1:42:47 PM ERROR [Api:StorageService] Failed to read /share/immich/encoded-video/.immich: Error: ENOENT: no such file or directory, open '/share/immich/encoded-video/.immich'

[Nest] 3621 - 11/04/2024, 1:42:40 PM ERROR [Api:StorageService] Failed to write /share/immich/encoded-video/.immich: Error: EACCES: permission denied, open '/share/immich/encoded-video/.immich'

[niekbruggeman]

i'm a liitle further.

i ran "chown -R 1000:1000 media/immich/ " that did not solve the issue.

But when i set PUID 0, PGID 0 in the configuration options the addon started and the folder sturcture is made automatically.

[alexbelgium]

Hi thanks for the coffees! I have a big week at work and will look in a couple days! Nice investigational process so far

[TSch92]

I've had the same issues that last few days and might have to add something.
What I noticed is that on a fresh DB if you run the add-on it will create the proper file structure on the local ha drive. Anyways this is not working for the share drive.
If you change the location afterwards to another folder on the local ha drive, you receive the exact same error again.

[alexbelgium]

You could try :

• make sure all hidden files have the right permissions
• go within the container from immich, going to the path, and checking that it actually sees the right ownerships (perhaps the way HA mounts the cifs prevents the ownerships to be rightly used)
• make sure that the parents folders also are owned by 1000:1000
• login within the container using 1000:1000 user and recreating the folders

[niekbruggeman]

You could try :

• make sure all hidden files have the right permissions
• go within the container from immich, going to the path, and checking that it actually sees the right ownerships (perhaps the way HA mounts the cifs prevents the ownerships to be rightly used)
• make sure that the parents folders also are owned by 1000:1000
• login within the container using 1000:1000 user and recreating the folders

1st bullet - I did, all files and folders are owned by 1000.
2nd - dont know how to do that.
3rd - done, see bullet 1.
4rd - done, same issue.

Reacting to "TScj92", I'm using the same database time after time. I do not throw away the database and start over.
I cant test it verry easy now everything is up and running now.

[niekbruggeman]

To be totally clear. Im now running the addon with PUID 0 and PGID 0. This works supposably well.
I'm not sure what the impact is of running the addon this way..

[alexbelgium]

Honestly not much in my opinion, I'm running all my addons as root on my system. The most important element that I see is to prevent the app from accidentally accessing & modifying stuff it shouldn't. But you can control that by selecting what data you mount in HA. The other element about data safety (avoiding the app to "check" your files) is a bit moot as anyway all containers runs as root ; only the app itself (so immich) is run with a different user.

Well the most important is that it's working for you!!

[TSch92]

@niekbruggeman are you connecting to a share with or without password?
Are you using cifs?
Even with the settings you recommended I can't get it to create folders on the share

[niekbruggeman]

@niekbruggeman are you connecting to a share with or without password? Are you using cifs? Even with the settings you recommended I can't get it to create folders on the share

I'm using CIFS protected with username and password.
Did you try running the container with PUID 0 and PGID 0 ?
Did you try with a new/empty database ?