Rootless container fails to start after 24.0.1 upgrade
bennettmsherman opened this issue · comments
Describe the bug
I use CB in a rootless container per the instructions here, and have done so for quite some time.
When I upgraded to 24.0.1 today, CB failed to start due to the lack of a writable home directory.
Logs:
tclmetrics-cloudbeaver | Starting Cloudbeaver Server
tclmetrics-cloudbeaver | WARNING: Using incubator modules: jdk.incubator.foreign, jdk.incubator.vector
tclmetrics-cloudbeaver | <title>Invalid Configuration Location</title>The configuration area at '/home/tclmetrics/.local/share/DBeaverData/install-data' could not be created. Please choose a writable location using the '-configuration' command line option
In my case, the user is tclmetrics.
To Reproduce
Start CB 24.0.1 using rootless configuration described below.
Screenshots
N/A
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
N/A
Additional context
Add any other context about the problem here, e.g. error log.
Here's my full docker-compose section for CB:
tclmetrics-cloudbeaver:
image: "cloudbeaver-with-nuc-gid-and-uid:latest"
container_name: tclmetrics-cloudbeaver
restart: "unless-stopped"
build:
# Don't run as root
# Ref: https://github.com/dbeaver/cloudbeaver/wiki/Run-Docker-Container#run-cloudbeaver-server-with-non-root-user
dockerfile_inline: |
FROM dbeaver/cloudbeaver:latest
RUN groupadd --system --gid 972 tclmetrics
RUN useradd --system --shell /sbin/nologin --uid 973 --gid 972 tclmetrics
RUN chown --recursive tclmetrics ./
USER tclmetrics:tclmetrics
volumes:
- /var/lib/tclmetrics/cloudbeaver:/opt/cloudbeaver/workspace
# Inject a custom logging config to disable debug logs
- /var/lib/tclmetrics/cloudbeaver/logbackOverride.xml:/opt/cloudbeaver/conf/logback.xml:ro
ports:
- "127.0.0.1:3003:8978/tcp"
depends_on:
- tclmetrics-db
labels:
- "com.centurylinklabs.watchtower.enable=false"
After creating a home directory and making it writable, CB starts up successfully.
diff --git a/tclmetrics/docker-compose.yml b/tclmetrics/docker-compose.yml
index 3cd87bf..258a9a7 100644
--- a/tclmetrics/docker-compose.yml
+++ b/tclmetrics/docker-compose.yml
@@ -23,8 +23,9 @@ services:
dockerfile_inline: |
FROM dbeaver/cloudbeaver:latest
RUN groupadd --system --gid 972 tclmetrics
- RUN useradd --system --shell /sbin/nologin --uid 973 --gid 972 tclmetrics
- RUN chown --recursive tclmetrics ./
+ RUN useradd --system --create-home --shell /sbin/nologin --uid 973 --gid 972 tclmetrics
+ RUN chown --recursive tclmetrics:tclmetrics ./
+ RUN chown --recursive tclmetrics:tclmetrics /home/tclmetrics
USER tclmetrics:tclmetrics
volumes:
- /var/lib/tclmetrics/cloudbeaver:/opt/cloudbeaver/workspace
Version info post-start:
Product name
CloudBeaver CE Server
Product description
CloudBeaver CE Web UI Application
Build time
March 25, 2024
Backend version
24.0.1.202403251329
Frontend version
24.0.1.202403251332
Hello, @bennettmsherman !
We will fix this in the next release. Thank you for your report!
Hello, @bennettmsherman !
We fixed it in version 24.0.2. You can try to install the latest early access (EA) version for CE (dockerhub)
Please let us know if the issue is reproducible
Hello, @bennettmsherman !
Please take a look at the new version of CloudBeaver 24.0.2
Thank you for your interest in CloudBeaver!
Checked it, looks good. Thanks!
Actually, I don't think this is fixed. I updated to 24.02 this morning after removing system user home dir creation from my dockerfile, and I was faced with:
tclmetrics-cloudbeaver | Starting Cloudbeaver Server
tclmetrics-cloudbeaver | WARNING: Using incubator modules: jdk.incubator.vector, jdk.incubator.foreign
tclmetrics-cloudbeaver | !SESSION 2024-04-12 00:05:52.351 -----------------------------------------------
tclmetrics-cloudbeaver | eclipse.buildId=unknown
tclmetrics-cloudbeaver | java.version=17.0.10
tclmetrics-cloudbeaver | java.vendor=Eclipse Adoptium
tclmetrics-cloudbeaver | BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en
tclmetrics-cloudbeaver |
tclmetrics-cloudbeaver | !ENTRY org.eclipse.osgi 4 0 2024-04-12 00:05:55.324
tclmetrics-cloudbeaver | !MESSAGE Error reading configuration: Unable to create lock manager.
tclmetrics-cloudbeaver | !STACK 0
tclmetrics-cloudbeaver | java.io.IOException: Unable to create lock manager.
tclmetrics-cloudbeaver | at org.eclipse.osgi.storagemanager.StorageManager.open(StorageManager.java:713)
tclmetrics-cloudbeaver | at org.eclipse.osgi.storage.Storage.getChildStorageManager(Storage.java:2194)
tclmetrics-cloudbeaver | at org.eclipse.osgi.storage.Storage.getInfoInputStream(Storage.java:2211)
tclmetrics-cloudbeaver | at org.eclipse.osgi.storage.Storage.<init>(Storage.java:258)
tclmetrics-cloudbeaver | at org.eclipse.osgi.storage.Storage.createStorage(Storage.java:185)
tclmetrics-cloudbeaver | at org.eclipse.osgi.internal.framework.EquinoxContainer.<init>(EquinoxContainer.java:108)
tclmetrics-cloudbeaver | at org.eclipse.osgi.launch.Equinox.<init>(Equinox.java:53)
tclmetrics-cloudbeaver | at org.eclipse.osgi.launch.Equinox.<init>(Equinox.java:46)
tclmetrics-cloudbeaver | at org.eclipse.core.runtime.adaptor.EclipseStarter.startup(EclipseStarter.java:315)
tclmetrics-cloudbeaver | at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:251)
tclmetrics-cloudbeaver | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
tclmetrics-cloudbeaver | at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
ava:77)
tclmetrics-cloudbeaver | at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
orImpl.java:43)
When I recreated a home dir, I found these files in it on a fresh container:
tclmetrics@aed82a19e447:~$ find . -type f
./.bash_logout
./.profile
./.bashrc
./.local/share/DBeaverData/install-data/org.eclipse.update/platform.xml
./.local/share/DBeaverData/install-data/org.eclipse.core.runtime/.manager/.fileTableLock
./.local/share/DBeaverData/install-data/org.eclipse.core.runtime/.manager/.tmp3.instance
./.local/share/DBeaverData/install-data/config.ini
./.local/share/DBeaverData/install-data/org.eclipse.osgi/framework.info.1
./.local/share/DBeaverData/install-data/org.eclipse.osgi/.manager/.fileTableLock
./.local/share/DBeaverData/install-data/org.eclipse.osgi/.manager/.fileTable.2
./.local/share/DBeaverData/install-data/org.eclipse.osgi/.manager/.fileTable.1
./.local/share/DBeaverData/install-data/org.eclipse.equinox.app/.manager/.fileTableLock
./.local/share/DBeaverData/install-data/org.eclipse.equinox.app/.manager/.tmp4.instance
./.bash_history
My apologies - not sure what I missed yesterday when I said "Checked it, looks good. Thanks!". I suspect I had forgotten to do a docker-compose down --volumes such that the home directory was still lingering, avoiding the perms issue.
I suspect this commit is why I'm seeing a new exception
All this said, your wiki says:
RUN useradd -ms /bin/bash -g cloudbeaver cloudbeaver
where -m is equal to --create-home. I guess I must've missed that, or it worked at the time without a home directory so I opted not to create one.
Either way, I'm good as-is.