search

redhat-helloworld-msa / helloworld-msa

Main repository with documentation and support files
Apache License 2.0
229 stars 158 forks source link

MSA fails due to scc rights required not applied to restricted scc #11

Closed ivanthelad closed 8 years ago

ivanthelad commented 8 years ago

MSA aloha deployment fails with a repeated crashback loop due to following error

[osadmin@open-master01 PV_dir]$ oc logs aloha-5-lqslc -f I> No access restrictor found, access to any MBean is allowed Jolokia: Agent started with URL https://10.1.5.9:8778/jolokia/ Exception in thread "main" java.lang.IllegalStateException: Failed to create cache dir at io.vertx.core.impl.FileResolver.setupCacheDir(FileResolver.java:256) at io.vertx.core.impl.FileResolver.(FileResolver.java:79) at io.vertx.core.impl.VertxImpl.(VertxImpl.java:138) at io.vertx.core.impl.VertxImpl.(VertxImpl.java:114) at io.vertx.core.impl.VertxImpl.(VertxImpl.java:110) at io.vertx.core.impl.VertxFactoryImpl.vertx(VertxFactoryImpl.java:34) at io.vertx.core.Vertx.vertx(Vertx.java:79) at com.redhat.developers.msa.aloha.AlohaApplication.main(AlohaApplication.java:24) [osadmin@open-master01 PV_dir]$ history

Bit of googling shows its a common issue with vert.x
http://stackoverflow.com/questions/35748582/vert-x-based-application-crashes-on-docker-container

It must be that this fails as reviewing the scc restricted showed this changes were not applied

https://github.com/redhat-helloworld-msa/helloworld-msa/blob/master/ansible/helloworld-msa.yml#L24

After apply these changes to the restricted scc the aloha container started up.

Recommendations. Perhaps rewrite the app so it doesn't attempt to start a cache on a path that is off limits to a container that is started by the default restricted scc

rafabene commented 8 years ago

Thanks for this report @ivanthelad. Yes. we have been discussing this option. @cescoffier, do you have any suggestions do make here?

cescoffier commented 8 years ago

it needs one of the following update in the docker file:

RUN chmod -R /app 777

or

append to the command line -Dvertx.cacheDirBase=/tmp/vertx-cache

noelo commented 8 years ago

I had the same issue and tried setting the system property. Unfortunately this gave further warnings (see below). Using chmod however does the trick.

SEVERE: Unexpected exception in route io.vertx.core.file.FileSystemException: java.nio.file.AccessDeniedException: /app/file-uploads at io.vertx.core.file.impl.FileSystemImpl$10.perform(FileSystemImpl.java:648) at io.vertx.core.file.impl.FileSystemImpl$10.perform(FileSystemImpl.java:630) at io.vertx.core.file.impl.FileSystemImpl.mkdirsBlocking(FileSystemImpl.java:237) at io.vertx.ext.web.handler.impl.BodyHandlerImpl$BHandler.makeUploadDir(BodyHandlerImpl.java:115) at io.vertx.ext.web.handler.impl.BodyHandlerImpl$BHandler.(BodyHandlerImpl.java:97) at io.vertx.ext.web.handler.impl.BodyHandlerImpl.handle(BodyHandlerImpl.java:59) at io.vertx.ext.web.handler.impl.BodyHandlerImpl.handle(BodyHandlerImpl.java:37) at io.vertx.ext.web.impl.RouteImpl.handleContext(RouteImpl.java:221) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:78) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:94) at com.redhat.developers.msa.aloha.AlohaVerticle.lambda$start$2(AlohaVerticle.java:66) at io.vertx.ext.web.impl.RouteImpl.handleContext(RouteImpl.java:221) at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:78) at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:94) at io.vertx.ext.web.impl.RouterImpl.accept(RouterImpl.java:79) at io.vertx.core.http.impl.ServerConnection.handleRequest(ServerConnection.java:274) at io.vertx.core.http.impl.ServerConnection.processMessage(ServerConnection.java:392) at io.vertx.core.http.impl.ServerConnection.handleMessage(ServerConnection.java:134) at io.vertx.core.http.impl.HttpServerImpl$ServerHandler.lambda$createConnAndHandle$27(HttpServerImpl.java:538) at io.vertx.core.impl.ContextImpl.lambda$wrapTask$18(ContextImpl.java:333) at io.vertx.core.impl.ContextImpl.executeFromIO(ContextImpl.java:225) at io.vertx.core.http.impl.HttpServerImpl$ServerHandler.createConnAndHandle(HttpServerImpl.java:536) at io.vertx.core.http.impl.HttpServerImpl$ServerHandler.doMessageReceived(HttpServerImpl.java:470) at io.vertx.core.http.impl.HttpServerImpl$ServerHandler.doMessageReceived(HttpServerImpl.java:421) at io.vertx.core.http.impl.VertxHttpHandler.channelRead(VertxHttpHandler.java:85) at io.vertx.core.net.impl.VertxHandler.channelRead(VertxHandler.java:124) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:318) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:304) at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:276) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:263) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:318) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:304) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:846) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354) at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112) at java.lang.Thread.run(Thread.java:745) Caused by: java.nio.file.AccessDeniedException: /app/file-uploads at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384) at java.nio.file.Files.createDirectory(Files.java:674) at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781) at java.nio.file.Files.createDirectories(Files.java:767) at io.vertx.core.file.impl.FileSystemImpl$10.perform(FileSystemImpl.java:638) ... 39 more

cescoffier commented 8 years ago

Oh, yes. If you upload files is creates the file on the file system. You could change this directory when creating the body handler (it has one version where you pass the directory):

BodyHandler.create("/tmp/uploads");
rafabene commented 8 years ago

Is this issue still valid?

cescoffier commented 8 years ago

I don't think so.