Not able to run the containers in readonly mode

[jedielson]

Describe the bug

Before starting, a quick disclaimer: I don't think this is a bug, it's just that we've not found any documentation on how to proceed in a scenario like ours.

We are trying to set up a gravitee service using docker containers.

We started with the docker-compose sample, and everything was fine until production.

Because of some internal policies, we must run containers in prod only using read-only mode.

And we discovered several parts of the system were not working after that.

To Reproduce

Steps to reproduce the behaviour:

1. Override the API management image to have a custom config.

   FROM graviteeio/apim-management-api:3 as base

   COPY config/gravitee.yml /opt/graviteeio-management-api/config/gravitee.yml

And our simple config

analytics: elasticsearch: endpoints:

• https://elasticsearch:9200/ index: gravitee index_mode: daily type: elasticsearch jwt: secret: myJWT4Gr4v1t33_S3cr3t management: mongodb: uri: mongodb://mongodb:27017/gravitee type: mongodb services: core: http: authentication: type: none enabled: true host: 0.0.0.0 port: 18083

  search: data: /tmp/gravitee/data

1. plugins:
2. path:
3. • /tmp/gravitee/plugins

Using pretty much the same docker-compose of the sample, only changing the image of the API to build one using our dockerfile.

api: image: api-management:$

{TAG}

container_name: api-management read_only: true build: context: . dockerfile: deploy/Docker/Dockerfile ports:

• "8083:8083"
• "18083:18083" environment:
• gravitee_management_mongodb_uri=mongodb://mongodb:27017/gravitee?serverSelectionTimeoutMS=5000&connectTimeoutMS=5000&socketTimeoutMS=5000
• gravitee_analytics_elasticsearch_endpoints_0=http://elasticsearch:9200 depends_on:
• mongodb
• elasticsearch networks:
• api-management

(please consider that MongoDB and elasticsearch are running on same network in docker-compose)

Expected behaviour

The API should run as expected

Current behaviour

The API completely breaks.

Useful information

Here is some docker errors.

... businesscompose-apimanagement-api | 15:32:18,004 |-ERROR in ch.qos.logback.core.rolling.RollingFileAppender[FILE] - openFile(/opt/graviteeio-management-api/logs/gravitee.log,true) call failed. java.io.FileNotFoundException: /opt/graviteeio-management-api/logs/gravitee.log (Read-only file system) businesscompose-apimanagement-api | at java.io.FileNotFoundException: /opt/graviteeio-management-api/logs/gravitee.log (Read-only file system) businesscompose-apimanagement-api | at at java.base/java.io.FileOutputStream.open0(Native Method) businesscompose-apimanagement-api | at at java.base/java.io.FileOutputStream.open(Unknown Source) businesscompose-apimanagement-api | at at java.base/java.io.FileOutputStream.(Unknown Source)

businesscompose-apimanagement-api | 15:32:24.324 [graviteeio-node] WARN o.s.c.a.AnnotationConfigApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'subscriptionServiceImpl': Unsatisfied dependency expressed through field 'apiKeyService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'apiKeyServiceImpl': Unsatisfied dependency expressed through field 'applicationService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'applicationServiceImpl': Unsatisfied dependency expressed through field 'userService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'userServiceImpl': Unsatisfied dependency expressed through field 'roleService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'roleServiceImpl': Unsatisfied dependency expressed through field 'membershipService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'membershipServiceImpl': Unsatisfied dependency expressed through field 'applicationAlertService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'applicationAlertServiceImpl' defined in URL [jar:file:/opt/graviteeio-management-api/lib/gravitee-apim-rest-api-service-3.20.13.jar!/io/gravitee/rest/api/service/impl/ApplicationAlertServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'alertServiceImpl' defined in URL [jar:file:/opt/graviteeio-management-api/lib/gravitee-apim-rest-api-service-3.20.13.jar!/io/gravitee/rest/api/service/impl/AlertServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 14; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'planServiceImpl': Unsatisfied dependency expressed through field 'pageService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'pageServiceImpl': Unsatisfied dependency expressed through field 'searchEngineService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'searchEngineServiceImpl': Unsatisfied dependency expressed through field 'indexer'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'searchEngineIndexer': Unsatisfied dependency expressed through field 'writer'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'indexWriter' defined in class path resource [io/gravitee/rest/api/service/impl/search/configuration/SearchEngineConfiguration.class]: Unsatisfied dependency expressed through method 'indexWriter' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'indexDirectory' defined in class path resource [io/gravitee/rest/api/service/impl/search/configuration/SearchEngineConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apache.lucene.store.Directory]: Factory method 'indexDirectory' threw exception; nested exception is java.nio.file.FileSystemException: /tmp/gravitee: Read-only file system businesscompose-apimanagement-api | org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'subscriptionServiceImpl': Unsatisfied dependency expressed through field 'apiKeyService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'apiKeyServiceImpl': Unsatisfied dependency expressed through field 'applicationService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'applicationServiceImpl': Unsatisfied dependency expressed through field 'userService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'userServiceImpl': Unsatisfied dependency expressed through field 'roleService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'roleServiceImpl': Unsatisfied dependency expressed through field 'membershipService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'membershipServiceImpl': Unsatisfied dependency expressed through field 'applicationAlertService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'applicationAlertServiceImpl' defined in URL [jar:file:/opt/graviteeio-management-api/lib/gravitee-apim-rest-api-service-3.20.13.jar!/io/gravitee/rest/api/service/impl/ApplicationAlertServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'alertServiceImpl' defined in URL [jar:file:/opt/graviteeio-management-api/lib/gravitee-apim-rest-api-service-3.20.13.jar!/io/gravitee/rest/api/service/impl/AlertServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 14; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'planServiceImpl': Unsatisfied dependency expressed through field 'pageService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'pageServiceImpl': Unsatisfied dependency expressed through field 'searchEngineService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'searchEngineServiceImpl': Unsatisfied dependency expressed through field 'indexer'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'searchEngineIndexer': Unsatisfied dependency expressed through field 'writer'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'indexWriter' defined in class path resource [io/gravitee/rest/api/service/impl/search/configuration/SearchEngineConfiguration.class]: Unsatisfied dependency expressed through method 'indexWriter' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'indexDirectory' defined in class path resource [io/gravitee/rest/api/service/impl/search/configuration/SearchEngineConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apache.lucene.store.Directory]: Factory method 'indexDirectory' threw exception; nested exception is java.nio.file.FileSystemException: /tmp/gravitee: Read-only file system

... businesscompose-apimanagement-api | ... 210 more businesscompose-apimanagement-api exited with code 1

Environment

What is the impacted version?

Potential impacts

Which other features may be impacted by this fix. This could be populated after fix

What are the impacted versions?

Dependencies

I'm linking a txt with a full log.

log.txt

Thanks for helping us.

[ytvnr]

Hello @jedielson

I would say it's because of the log file that cannot be written as it is now readonly.

In your new docker image, did you try to modify the logback.xml (located next to gravitee.yml) so that it does not write in files ? See https://github.com/gravitee-io/gravitee-api-management/blob/master/gravitee-apim-rest-api/gravitee-apim-rest-api-standalone/gravitee-apim-rest-api-standalone-distribution/src/main/resources/config/logback.xml#L28

Hope it helps, Yann

[jedielson]

Hello @ytvnr !

Thanks for your help. Yes it it was because of logs, but also because of some things it need to write to /tmp.

In the end, we had to map writable volumes for:

• config
• plugins
• logs

But it worked 😄