1

I have the following docker file:

FROM debian:jessie
RUN apt-get update && apt-get install -y wget

RUN wget --quiet http://www.us.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz -O /tmp/tomcat.tar.gz
RUN cd /tmp && tar xf tomcat.tar.gz
RUN mv /tmp/apache-tomcat-8.5.20 /usr/share/
RUN adduser --system --shell /bin/bash --gecos 'Tomcat Java Servlet and JSP engine' --group --disabled-password --home /home/tomcat tomcat
RUN chown -R tomcat:tomcat /usr/share/apache-tomcat-8.5.20/*
RUN chmod +x /usr/share/apache-tomcat-8.5.20/bin/*.sh

RUN apt-get update && apt-get install -y openjdk-7-jre-headless

CMD ["/bin/bash"]

If I compile this on my laptop with Ubuntu 17.04 and docker 1.12.6, build 78d1802, I can execute

su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh

without any problems:

$ sudo docker run -it ff1323fadc66
root@728de06f43be:/# su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh
Using CATALINA_BASE:   /usr/share/apache-tomcat-8.5.20
Using CATALINA_HOME:   /usr/share/apache-tomcat-8.5.20
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.5.20/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/share/apache-tomcat-8.5.20/bin/bootstrap.jar:/usr/share/apache-tomcat-8.5.20/bin/tomcat-juli.jar
Tomcat started.

However if I try the same on Ubuntu 16.04 LTS with docker 1.12.6, build 78d1802, which is hosted on AWS, I get the following output:

$ sudo docker run -it 96e0e82a9dda
root@f8f7d3fd6917:/# su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh
Using CATALINA_BASE:   /usr/share/apache-tomcat-8.5.20
Using CATALINA_HOME:   /usr/share/apache-tomcat-8.5.20
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.5.20/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/share/apache-tomcat-8.5.20/bin/bootstrap.jar:/usr/share/apache-tomcat-8.5.20/bin/tomcat-juli.jar
touch: cannot touch '/usr/share/apache-tomcat-8.5.20/logs/catalina.out': Permission denied
/usr/share/apache-tomcat-8.5.20/bin/catalina.sh: 434: /usr/share/apache-tomcat-8.5.20/bin/catalina.sh: cannot create /usr/share/apache-tomcat-8.5.20/logs/catalina.out: Permission denied

How is this possible? Shouldn't the docker file produce the same environment? I also tried it on MacOS and it worked like charm to start tomcat there as well.

I already tried to circumvent this with chmod 777 /usr/share/apache-tomcat-8.5.20/logs/ but it didn't work either.

Edit:

As requested the output of ls -alh /usr/share/apache-tomcat-8.5.20/logs/

root@ce87bb8feb9b:/# su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh
Using CATALINA_BASE:   /usr/share/apache-tomcat-8.5.20
Using CATALINA_HOME:   /usr/share/apache-tomcat-8.5.20
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.5.20/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /usr/share/apache-tomcat-8.5.20/bin/bootstrap.jar:/usr/share/apache-tomcat-8.5.20/bin/tomcat-juli.jar
touch: cannot touch '/usr/share/apache-tomcat-8.5.20/logs/catalina.out': Permission denied
/usr/share/apache-tomcat-8.5.20/bin/catalina.sh: 434: /usr/share/apache-tomcat-8.5.20/bin/catalina.sh: cannot create /usr/share/apache-tomcat-8.5.20/logs/catalina.out: Permission denied
root@ce87bb8feb9b:/# ls -alh /usr/share/apache-tomcat-8.5.20/logs/
total 8.0K
drwxr-x---  2 tomcat tomcat 4.0K Aug  2 21:35 .
drwxr-xr-x 17 root   root   4.0K Sep  6 06:58 ..
root@ce87bb8feb9b:/#

Furthermore: Of course it is possible to start tomcat without switching the user and then use root, but I'd rather want to avoid that.

Edit2:

The host is a Ubuntu 16.04.3 LTS:

$ cat /etc/os-release 
NAME="Ubuntu"
VERSION="16.04.3 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.3 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

It also has a dev-log:

$ ls -l /run/systemd/journal/dev-log 
srw-rw-rw- 1 root root 0 Sep  5 13:13 /run/systemd/journal/dev-log
mistapink
  • 1,926
  • 1
  • 26
  • 37
  • try `chmod -R 777 /usr/share/apache-tomcat-8.5.20/logs/` – Alex Efimov Sep 05 '17 at 19:18
  • I did that as well, but I didn't work. Anyway the directory is empty after compiling the image. – mistapink Sep 05 '17 at 19:20
  • Try starting it with the upstart command: `service tomcat start` or the `/etc/init.d/tomcat` script – Alex Efimov Sep 05 '17 at 19:28
  • Or try `chown -R tomcat:tomcat /usr/share/apache-tomcat-8.5.20/logs/` – Alex Efimov Sep 05 '17 at 19:43
  • Possible to upgrade docker to latest version and try? – Tarun Lalwani Sep 05 '17 at 20:45
  • @AlexEfimov I've tried it all, but it doesn't work. Since I downloaded tomcat directly it doesn't provide a init script. Copying ```startup.sh``` to that place would not help I guess. @TarunLalwani I will check to update docker, but as stated above I have the same version locally and it works perfectly which is kind of strange, isn't it? I am going to try the another version. – mistapink Sep 06 '17 at 06:46
  • @TarunLalwani I have installed docker 17.06.2-ce, build cec0b72 from https://download.docker.com/linux/ubuntu/dists/zesty/pool/stable/amd64/ but the result stays the same, even with suggestions made AlexEfimov – mistapink Sep 06 '17 at 06:56
  • Can you add the output of `ls -alh /usr/share/apache-tomcat-8.5.20/logs/` to your question after the error occurs – Tarun Lalwani Sep 06 '17 at 08:23
  • @TarunLalwani I've added the requested output. – mistapink Sep 06 '17 at 11:18
  • How about adding `USER tomcat` before `CMD ["/bin/bash"]` and rebuilding the image. Use directly `/usr/share/apache-tomcat-8.5.20/bin/startup.sh` inside the container – Tarun Lalwani Sep 06 '17 at 12:29
  • @TarunLalwani still the same result. – mistapink Sep 06 '17 at 16:34
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/153803/discussion-between-mistapink-and-tarun-lalwani). – mistapink Sep 06 '17 at 16:47

3 Answers3

4

So this one seemed to be weirdest one, I am not sure the root case of this not working but below options would work for you

Change user to tomcat and then extract folders

FROM debian:jessie
RUN apt-get update && apt-get install -y wget openjdk-7-jre-headless

RUN adduser --system --shell /bin/bash --gecos 'Tomcat Java Servlet and JSP engine' --group --disabled-password --home /home/tomcat tomcat
USER tomcat
RUN wget --quiet http://www.us.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz -O /tmp/tomcat.tar.gz && cd /tmp && tar xf tomcat.tar.gz && mv /tmp/apache-tomcat-8.5.20/ /tomcat
USER root
CMD ["/bin/bash"]

Delete the logs folder and re-create it

FROM debian:jessie
RUN apt-get update && apt-get install -y wget openjdk-7-jre-headless

RUN adduser --system --shell /bin/bash --gecos 'Tomcat Java Servlet and JSP engine' --group --disabled-password --home /home/tomcat tomcat
RUN wget --quiet http://www.us.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz -O /tmp/tomcat.tar.gz && cd /tmp && tar xf tomcat.tar.gz && mv /tmp/apache-tomcat-8.5.20/ /tomcat
RUN rm -rf /tomcat/logs && chown -R tomcat:tomcat /tomcat && su tomcat -c "mkdir /tomcat/logs"
CMD ["/bin/bash"]

Above solutions work in your case. The root cause of behaviors being different in two OS is yet unknown

Paste bins for any one interested to debug

strace su tomcat -c /tomcat/logs/text.txt

https://pastebin.com/vVBEXJQ1

actual final dockerfile used

https://pastebin.com/H5AVt9P5

Tarun Lalwani
  • 142,312
  • 9
  • 204
  • 265
0

I cannot stop wondering why re-invent the wheel, what is wrong with the official tomcat image?. https://docs.docker.com/samples/library/tomcat/ or https://hub.docker.com/_/tomcat/

https://stackoverflow.com/a/29297790/6785908

so-random-dude
  • 15,277
  • 10
  • 68
  • 113
  • Because this is just part of a bigger image, which features Apache 2.4, PHP 7.0, Postgresql 9.6, PostGIS 2.3, Tomcat 8.5, Geoserver 2.2, Laravel. I did not find an image having all of those. – mistapink Sep 07 '17 at 04:55
0

1.Exec container: docker exec -it <CONTAINER ID> bash

2. Install and use nano, vim or other editor;

3. Edit

3.1. according to: https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html

/conf/tomcat-users.xml

/webapps/host-manager/manager.xml

3.2 /webapps/manager/META-INF/context.xml comment lines <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

Then restart your docker image or: 

./shutdown.sh
./startup.sh

You can probably try to specify other IPs to allow them in /webapps/manager/META-INF/context.xml

WARNIG: It was my test setup, not for buisness solution !

awoj
  • 1
  • 1