2

I am trying to deploy sonarqube on OpenShift using docker file , Build is working , after deployment , I am seeing error.

2016.08.30 10:06:42 INFO  app[o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube/temp
Exception in thread "main" java.lang.RuntimeException: Failed to reset file system
    at org.sonar.process.monitor.Monitor.resetFileSystem(Monitor.java:127)
    at org.sonar.process.monitor.Monitor.startProcesses(Monitor.java:107)
    at org.sonar.process.monitor.Monitor.start(Monitor.java:101)
    at org.sonar.application.App.start(App.java:54)
    at org.sonar.application.App.main(App.java:141)
Caused by: java.nio.file.AccessDeniedException: /opt/sonarqube/temp/README.txt
    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
    at sun.nio.fs.UnixFileSystemProvider.implDelete(UnixFileSystemProvider.java:244)
    at sun.nio.fs.AbstractFileSystemProvider.delete(AbstractFileSystemProvider.java:103)
    at java.nio.file.Files.delete(Files.java:1126)
    at org.sonar.application.AppFileSystem$CleanTempDirFileVisitor.visitFile(AppFileSystem.java:149)
    at org.sonar.application.AppFileSystem$CleanTempDirFileVisitor.visitFile(AppFileSystem.java:130)
    at java.nio.file.Files.walkFileTree(Files.java:2670)
    at org.sonar.application.AppFileSystem.createOrCleanTempDirectory(AppFileSystem.java:126)
    at org.sonar.application.AppFileSystem.reset(AppFileSystem.java:83)
    at org.sonar.process.monitor.Monitor.resetFileSystem(Monitor.java:124)
    ... 4 more

my docker file looks like - 

 FROM rhel7:latest

MAINTAINER Naveen Kumar02 <na>

RUN set -x \
    && yum -y install tar unzip \
    && yum -y update \
    && yum -y clean all 

ENV SONAR_VERSION=6.0 \
    SONARQUBE_HOME=/opt/sonarqube \
    # Database configuration
    # Defaults to using H2
    SONARQUBE_JDBC_USERNAME=sonar \
    SONARQUBE_JDBC_PASSWORD=sonar \
    SONARQUBE_JDBC_URL=
#java
ENV JAVA_HOME /opt/java
ENV JAVA_VERSION_MAJOR 8
ENV JAVA_VERSION_MINOR 102
ENV JAVA_VERSION_BUILD 14

RUN mkdir -p /opt \
  && curl --fail --silent --location --retry 3 \
  --header "Cookie: oraclelicense=accept-securebackup-cookie; " \
  http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/server-jre-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz \
  | gunzip \
  | tar -x -C /opt \
  && ln -s /opt/jdk1.${JAVA_VERSION_MAJOR}.0_${JAVA_VERSION_MINOR} ${JAVA_HOME}


# Http port
EXPOSE 9000

RUN set -x \

    # see https://bugs.debian.org/812708
    # and https://github.com/SonarSource/docker-sonarqube/pull/18#issuecomment-194045499
    && cd /tmp \
    && cd /opt \
    && curl -o sonarqube.zip -fSL https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip \
#    && curl -o sonarqube.zip.asc -fSL https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-$SONAR_VERSION.zip.asc \
#    && gpg --batch --verify sonarqube.zip.asc sonarqube.zip \
    && unzip sonarqube.zip \
    && mv sonarqube-$SONAR_VERSION sonarqube \
    && rm sonarqube.zip* \
    && rm -rf $SONARQUBE_HOME/bin/*

RUN echo "-Djava.awt.headless=true" >> /opt/sonarqube/conf/wrapper.conf
RUN echo "-Djava.io.tmpdir=/tmp" >> /opt/sonarqube/conf/wrapper.conf  


WORKDIR /

COPY containerfiles/run.sh /

RUN chmod 777 /run.sh 

#RUN useradd -r -u 200 -m -c "sonar role account" -d ${SONARQUBE_HOME} -s /bin/false sonar   

#USER sonar

VOLUME ["$SONARQUBE_HOME/data", "$SONARQUBE_HOME/extensions"]

#RUN chmod  -R 755 $SONARQUBE_HOME
#RUN chmod 755 $SONARQUBE_HOME/extensions
#RUN chmod 755 /opt/sonarqube/temp/
#RUN chmod 755 /opt/sonarqube/temp/README.txt

WORKDIR $SONARQUBE_HOME

#RUN chown -R sonar:sonar /opt/sonarqube/temp/

ENV JAVA_MAX_MEM 1200m
ENV JAVA_MIN_MEM 1200m
#ENV EXTRA_JAVA_OPTS "-Djava.util.prefs.systemRoot=/nexus-data/.java -Djava.util.prefs.userRoot=/nexus-data/.java/.userPrefs"
#ENV JAVA_OPTS "-Djava.awt.headless=true -Djava.io.tmpdir=/opt/temp"

#COPY containerfiles/run.sh /
#RUN chmod 755 $SONARQUBE_HOME/bin/run.sh

#RUN chmod +x ${SONARQUBE_HOME}/bin/run.sh
RUN useradd sonar
RUN chown -R sonar /opt/sonarqube
ENTRYPOINT ["/run.sh"]

run.sh 

#!/bin/bash

#chmod 777 /opt/java/bin/java
/opt/java/bin/java -jar lib/sonar-application-$SONAR_VERSION.jar \
  -Dsonar.log.console=true \
  -Dsonar.jdbc.username="$SONARQUBE_JDBC_USERNAME" \
  -Dsonar.jdbc.password="$SONARQUBE_JDBC_PASSWORD" \
  -Dsonar.jdbc.url="$SONARQUBE_JDBC_URL" \
  -Dsonar.web.javaAdditionalOpts="$SONARQUBE_WEB_JVM_OPTS -Djava.security.egd=file:/dev/./urandom" \
  "$@"

Could anyone please guide me to resolve this error ?

Naveen
  • 322
  • 1
  • 8
  • 19
  • does your app/user have permission to read/write/modify to `/opt/sonarqube/temp`? – Tschallacka Aug 30 '16 at 14:21
  • yes , RUN useradd sonar RUN chown -R sonar /opt/sonarqube , but it did not help – Naveen Aug 30 '16 at 15:45
  • 1
    selinux enabled ? If so, chown won't be enough – Henri Gomez Aug 30 '16 at 16:00
  • is the usergroup set properly? and did you use `setfacl` for default permissions on newly created files? – Tschallacka Aug 30 '16 at 16:00
  • Hi Michael , actually I dont have access to Openshift server , I can only deploy via git-eclipse, with docker file , I successfully deployed nexus using same way and its working fine. However sonarqube is not working. I did this also RUN chmod -R 755 $SONARQUBE_HOME – Naveen Aug 30 '16 at 16:05
  • what happens if you do a run mkdir /opt/sonaqube/temp && echo "foobar" > /opt/sonarqube/temp/baz – Tschallacka Aug 30 '16 at 16:10
  • no luck, it got created but error is same , Step 20 : RUN mkdir -p /opt/sonaqube/temp && echo "foobar" > /opt/sonarqube/temp/baz ---> Running in e82a77b2ff57 ---> c41509d5bd62 Removing intermediate container e82a77b2ff57 sh-4.2$ ls /opt/sonarqube/temp/ README.txt baz sh-4.2$ – Naveen Aug 30 '16 at 16:26
  • By default an OpenShft installation is not going to run your image as the USER you have specified, but as a unique uid for the project. You should run ``oc debug dc yourappname`` and at the shell run ``id`` to see what user it runs as. If not the USER you specify, then you need to set up permissions on directories needing write access to be gid of 0 and be group writable. BTW, the USER statement is not being set in the ``Dockerfile`` anyway. – Graham Dumpleton Aug 31 '16 at 06:41
  • sh-4.2$ id uid=1000290000 gid=0(root) groups=0(root),1000290000 sh-4.2$ , I see this id. – Naveen Aug 31 '16 at 07:21

1 Answers1

-1

I have now working sonarqube after changing following permissions.

RUN mkdir -p /opt/sonarqube/bin/pid
RUN chmod 777 /opt/sonarqube/bin/pid
RUN cd /opt/sonarqube/bin/pid
RUN chmod 777 /opt/sonarqube/logs
#RUN chmod 777 /opt/sonarqube/bin/linux-x86-64
RUN ln -s /opt/java/bin/java /usr/bin/java
RUN chmod 777 /opt/sonarqube/temp
RUN chmod 777 /opt/sonarqube/data
RUN chmod 777 /opt/sonarqube/extensions
RUN chmod 777 /opt/sonarqube/extensions/plugins/
RUN chmod 777 /opt/sonarqube/lib/bundled-plugins
Naveen
  • 322
  • 1
  • 8
  • 19