crash at start (Permission denied)
flykoh opened this issue · 9 comments
What is the bug or the crash?
i tring to spin container with this docker composer file
`
version: '3.9'
name: uals_gs
services:
masterGs:
image: kartoza/geoserver:2.24.0
restart: on-failure
ports:
- "8091:8080"
volumes:
- "d:\\docker\\geoserver\\data_dir:/opt/geoserver/data_dir"
- "d:\\docker\\geoserver\\extrafonts:/opt/fonts"
environment:
- GEOSERVER_ADMIN_USER=flykoh
- GEOSERVER_ADMIN_PASSWORD=RTk%2iN2sfE3
- STABLE_EXTENSIONS=css-plugin,sqlserver-plugin
- BROKER_URL=tcp://0.0.0.0:61661
- READONLY=disabled
- CLUSTER_DURABILITY=false
- CLUSTERING=True
- TOGGLE_MASTER=true
- TOGGLE_SLAVE=true
- RANDOMSTRING=23bd87cfa327d47e-master
- INSTANCE_STRING=ac3bcba2fa7d989678a01ef4facc4173010cd8b40d2e5f5a8d18d5f863ca976f-master
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null -u flykoh:'RTk%2iN2sfE3' http://localhost:8080/geoserver/rest/about/version.xml"
interval: 5m30s
timeout: 10s
retries: 3
nodeN1:
image: kartoza/geoserver:2.24.0
restart: on-failure
ports:
- "8092:8080"
volumes:
- "d:\\docker\\geoserver\\data_dir:/opt/geoserver/data_dir"
- "d:\\docker\\geoserver\\extrafonts:/opt/fonts"
environment:
- GEOSERVER_ADMIN_USER=flykoh
- GEOSERVER_ADMIN_PASSWORD=RTk%2iN2sfE3
- STABLE_EXTENSIONS=css-plugin,sqlserver-plugin
- BROKER_URL=tcp://masterGs:61661
- READONLY=disabled
- CLUSTER_DURABILITY=false
- CLUSTERING=True
- TOGGLE_MASTER=true
- TOGGLE_SLAVE=true
- EMBEDDED_BROKER=disabled
- RANDOMSTRING=23bd87cfa327d47e-node1
- INSTANCE_STRING=ac3bcba2fa7d989678a01ef4facc4173010cd8b40d2e5f5a8d18d5f863ca976f-node1
depends_on:
masterGs:
condition: service_started
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null -u flykoh:'RTk%2iN2sfE3' http://localhost:8080/geoserver/rest/about/version.xml"
interval: 5m30s
timeout: 10s
retries: 3
nodeN2:
image: kartoza/geoserver:2.24.0
restart: on-failure
ports:
- "8093:8080"
volumes:
- "d:\\docker\\geoserver\\data_dir:/opt/geoserver/data_dir"
- "d:\\docker\\geoserver\\extrafonts:/opt/fonts"
environment:
- GEOSERVER_ADMIN_USER=flykoh
- STABLE_EXTENSIONS=css-plugin,sqlserver-plugin
- BROKER_URL=tcp://masterGs:61661
- READONLY=disabled
- CLUSTER_DURABILITY=false
- CLUSTERING=True
- TOGGLE_MASTER=true
- TOGGLE_SLAVE=true
- EMBEDDED_BROKER=disabled
- RANDOMSTRING=23bd87cfa327d47e-node2
- INSTANCE_STRING=ac3bcba2fa7d989678a01ef4facc4173010cd8b40d2e5f5a8d18d5f863ca976f-node2
depends_on:
masterGs:
condition: service_started
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null -u flykoh:'RTk%2iN2sfE3' http://localhost:8080/geoserver/rest/about/version.xml"
interval: 5m30s
timeout: 10s
retries: 3
nodeN3:
image: kartoza/geoserver:2.24.0
restart: on-failure
ports:
- "8094:8080"
volumes:
- "d:\\docker\\geoserver\\data_dir:/opt/geoserver/data_dir"
- "d:\\docker\\geoserver\\extrafonts:/opt/fonts"
environment:
- GEOSERVER_ADMIN_USER=flykoh
- GEOSERVER_ADMIN_PASSWORD=RTk%2iN2sfE3
- STABLE_EXTENSIONS=css-plugin,sqlserver-plugin
- BROKER_URL=tcp://masterGs:61661
- READONLY=disabled
- CLUSTER_DURABILITY=false
- CLUSTERING=True
- TOGGLE_MASTER=true
- TOGGLE_SLAVE=true
- EMBEDDED_BROKER=disabled
- RANDOMSTRING=23bd87cfa327d47e-node3
- INSTANCE_STRING=ac3bcba2fa7d989678a01ef4facc4173010cd8b40d2e5f5a8d18d5f863ca976f-node3
depends_on:
masterGs:
condition: service_started
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null -u flykoh:'RTk%2iN2sfE3' http://localhost:8080/geoserver/rest/about/version.xml"
interval: 5m30s
timeout: 10s
retries: 3
`
i got error that Permission denied
Steps to reproduce the issue
2023-11-06 01:44:51 Enabling jms-cluster-plugin for GeoServer
2023-11-06 01:44:53 [Entrypoint] GENERATED tomcat PASSWORD: NYnVatBOUFzOTHHp9N
2023-11-06 01:44:54 /scripts/entrypoint.sh:57 0: CLUSTER_CONFIG_DIR=/opt/geoserver/data_dir/cluster/instance_23bd87cfa327d47e-master
2023-11-06 01:44:54 /scripts/entrypoint.sh:58 0: MONITOR_AUDIT_PATH=/opt/geoserver/data_dir/monitoring/monitor_23bd87cfa327d47e-master
2023-11-06 01:48:58 /opt/geoserver/data_dir/gwc is nested in /opt/geoserver/data_dir
2023-11-06 01:48:58 [0.003s][warning][gc,ergo] -XX:NewSize and -XX:MaxNewSize override -XX:NewRatio
2023-11-06 01:44:51 --2023-11-05 22:44:51-- https://download.jar-download.com/cache_jars/org.jdom/jdom2/2.0.6.1/jar_files.zip
2023-11-06 01:44:51 Resolving download.jar-download.com (download.jar-download.com)... 104.21.30.50, 172.67.150.151, 2606:4700:3032::ac43:9697, ...
2023-11-06 01:44:51 Connecting to download.jar-download.com (download.jar-download.com)|104.21.30.50|:443... connected.
2023-11-06 01:44:52 HTTP request sent, awaiting response... 404 Not Found
2023-11-06 01:44:52 2023-11-05 22:44:52 ERROR 404: Not Found.
2023-11-06 01:44:52
2023-11-06 01:48:58 NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
2023-11-06 01:49:02 05-Nov-2023 22:49:02.264 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/geoserver]
2023-11-06 01:49:24 05-Nov-2023 22:49:24.244 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
2023-11-06 01:49:27 2023-11-05 22:49:27,762 main ERROR RollingFileManager (/opt/geoserver/data_dir/cluster/instance_23bd87cfa327d47e-master/geoserver.log) java.io.FileNotFoundException: /opt/geoserver/data_dir/cluster/instance_23bd87cfa327d47e-master/geoserver.log (Permission denied) java.io.FileNotFoundException: /opt/geoserver/data_dir/cluster/instance_23bd87cfa327d47e-master/geoserver.log (Permission denied)
2023-11-06 01:49:43 org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'geoServerLoader' defined in URL [jar:file:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/gs-main-2.24.0.jar!/applicationContext.xml]: Initialization of bean failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'JMSReadOnlyGeoServerLoader': Unsatisfied dependency expressed through field 'config'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'JMSConfiguration': Invocation of init method failed; nested exception is java.lang.IllegalStateException: java.io.FileNotFoundException: /opt/geoserver/data_dir/cluster/instance_23bd87cfa327d47e-master/cluster.properties (Permission denied)
Versions
2.24.0
Additional context
No response
Can you try to use docker volumes or alternatively check the permission for the mounted folders and change them per the documentation
We have run into the same issue.
Using this basic compose file:
version: '3.8'
services:
geoserver:
image: kartoza/geoserver:2.24.0
ports:
- 8080:8080
volumes:
- ./data_dir:/opt/geoserver/data_dir
environment:
- GEOSERVER_DATA_DIR=/opt/geoserver/data_dir
This compose file works as long as the local data_dir does not exist before starting the container
It will break if the data_dir is pre created, and we normally provision data directories.
NO DATA DIR
root@saskdp8dev:/tmp/geoserver# ls -aln
total 12
drwxr-xr-x 2 0 0 4096 Nov 14 08:54 .
drwxrwxrwt 14 0 0 4096 Nov 14 08:55 ..
-rw-r--r-- 1 0 0 227 Nov 14 08:54 docker-compose.yml
root@saskdp8dev:/tmp/geoserver# docker compose up -d
[+] Running 2/2
⠿ Network geoserver_default Created 0.2s
⠿ Container geoserver-geoserver-1 Started 0.6s
Files are owned by uid 1000
root@saskdp8dev:/tmp/geoserver# ls -aln data_dir/
total 48
drwxr-xr-x 7 1000 1000 4096 Nov 14 08:55 .
drwxr-xr-x 3 0 0 4096 Nov 14 08:55 ..
-rw-r--r-- 1 1000 1000 134 Nov 14 08:55 controlflow.properties
drwxr-xr-x 2 1000 1000 4096 Nov 14 08:55 gwc
-rw-r--r-- 1 1000 1000 1597 Nov 14 08:55 gwc-gs.xml
-rw-r--r-- 1 1000 1000 160 Nov 14 08:55 logging.xml
drwxr-xr-x 2 1000 1000 4096 Nov 14 08:55 logs
drwxr-xr-x 3 1000 1000 4096 Nov 14 08:55 monitoring
-rw-r--r-- 1 1000 1000 53 Nov 14 08:55 s3.properties
drwxr-xr-x 8 1000 1000 4096 Nov 14 08:55 security
-rw-r--r-- 1 1000 1000 19 Nov 14 08:55 tomcat_pass.txt
drwxr-xr-x 2 1000 1000 4096 Nov 14 08:55 user_projections
WITH DATA DIR
root@saskdp8dev:/tmp/geoserver# ls -aln
total 16
drwxr-xr-x 3 0 0 4096 Nov 14 08:58 .
drwxrwxrwt 14 0 0 4096 Nov 14 08:58 ..
drwxr-xr-x 2 1000 1000 4096 Nov 14 08:58 data_dir
-rw-r--r-- 1 0 0 227 Nov 14 08:54 docker-compose.yml
root@saskdp8dev:/tmp/geoserver# docker compose up -d
[+] Running 2/2
⠿ Network geoserver_default Created 0.3s
⠿ Container geoserver-geoserver-1 Started
Files are still owned by root
root@saskdp8dev:/tmp/geoserver# ls -aln data_dir/
total 48
drwxr-xr-x 7 1000 1000 4096 Nov 14 08:59 .
drwxr-xr-x 3 0 0 4096 Nov 14 08:58 ..
-rw-r--r-- 1 0 0 134 Nov 14 08:59 controlflow.properties
drwxr-xr-x 2 0 0 4096 Nov 14 08:59 gwc
-rw-r--r-- 1 0 0 1597 Nov 14 08:59 gwc-gs.xml
-rw-r--r-- 1 0 0 160 Nov 14 08:59 logging.xml
drwxr-xr-x 2 0 0 4096 Nov 14 08:59 logs
drwxr-xr-x 3 0 0 4096 Nov 14 08:59 monitoring
-rw-r--r-- 1 0 0 53 Nov 14 08:59 s3.properties
drwxr-xr-x 8 0 0 4096 Nov 14 08:59 security
-rw-r--r-- 1 0 0 19 Nov 14 08:59 tomcat_pass.txt
drwxr-xr-x 2 0 0 4096 Nov 14 08:59 user_projections
And will cause the permission denied errors while starting geoserver
Two possible solutions
- Try to set GEOSERVER_UID,GEOSERVER_GID,USER,GROUP_NAME env variables and make sure your data directory is owned by this user.
- try running the container as root by setting
RUN_AS_ROOT=TRUE, not recommended though because of security implications
- RUN_AS_ROOT
how can i set run as root
Tried the env variables you suggested
version: '3.8'
services:
geoserver:
image: kartoza/geoserver:2.24.0
ports:
- 8080:8080
volumes:
- ./data_dir:/opt/geoserver/data_dir
environment:
- GEOSERVER_DATA_DIR=/opt/geoserver/data_dir
- GEOSERVER_UID=1000
- GEOSERVER_GID=1000
- USER=vagrant
- GROUP_NAME=vagrant
Created the data dir with the same user and group
# ls -aln
total 16
drwxr-xr-x 3 0 0 4096 Nov 14 15:04 .
drwxrwxrwt 14 0 0 4096 Nov 14 15:14 ..
drwxr-xr-x 7 1000 1000 4096 Nov 14 15:06 data_dir
-rw-r--r-- 1 0 0 330 Nov 14 14:53 docker-compose.yml
# ls -al
total 16
drwxr-xr-x 3 root root 4096 Nov 14 15:04 .
drwxrwxrwt 14 root root 4096 Nov 14 15:14 ..
drwxr-xr-x 7 vagrant vagrant 4096 Nov 14 15:06 data_dir
-rw-r--r-- 1 root root 330 Nov 14 14:53 docker-compose.yml
But that gives the same error
... nested exception is java.lang.IllegalStateException: java.io.IOException: Permission denied
As all files are owned by root
# ls -al data_dir/
total 48
drwxr-xr-x 7 vagrant vagrant 4096 Nov 14 15:06 .
drwxr-xr-x 3 root root 4096 Nov 14 15:04 ..
-rw-r--r-- 1 root root 134 Nov 14 15:05 controlflow.properties
drwxr-xr-x 2 root root 4096 Nov 14 15:05 gwc
-rw-r--r-- 1 root root 1597 Nov 14 15:05 gwc-gs.xml
-rw-r--r-- 1 root root 160 Nov 14 15:05 logging.xml
drwxr-xr-x 2 root root 4096 Nov 14 15:05 logs
drwxr-xr-x 3 root root 4096 Nov 14 15:05 monitoring
-rw-r--r-- 1 root root 53 Nov 14 15:05 s3.properties
drwxr-x--- 2 vagrant vagrant 4096 Nov 14 15:06 styles
-rw-r--r-- 1 root root 19 Nov 14 15:05 tomcat_pass.txt
drwxr-xr-x 2 root root 4096 Nov 14 15:05 user_projections
I have the feeling the entrypoint scripts fail somewhere, but there is no logging, so hard to determine where it is failing
- RUN_AS_ROOT
how can i set run as root
Just add the env
RUN_AS_ROOT=TRUE
- RUN_AS_ROOT
how can i set run as root
Just add the env
RUN_AS_ROOT=TRUE
in docker image build file and rebuild new custom image
or in docker composer
I'm seeing this using the helm chart and a provisioned existing data dir. Not sure what's going on--when I shell into the pod, I show up as root and can create files in the data dir.
I'm seeing this using the helm chart and a provisioned existing data dir. Not sure what's going on--when I shell into the pod, I show up as root and can create files in the data dir.
I can confirm this problem. Right now, I'm using the application as root.