更改为非root和只读文件系统后,Tomcat出现404错误。

huangapple
go评论100阅读模式
英文:

After changing to non root & read only filesystem, tomcat giving 404

问题

我有.war文件,它之前运行正常。但是当以非root用户并启用只读文件系统时,它开始出现无法创建文件或目录等错误。所以我创建了临时卷并挂载它们到所有出现问题的路径上。

但现在日志中没有错误,Tomcat对所有端点返回404。由于返回404,Kubernetes正在重新启动该Pod。

临时卷挂载路径

  1. volumeMounts:
  2.     - name: tmp1
  3.       mountPath: /usr/local/tomcat/logs
  4.     - name: tmp2
  5.       mountPath: /usr/local/tomcat/temp
  6.     - name: tmp3
  7.       mountPath: /usr/local/tomcat/webapps/ROOT
  8.     - name: tmp4
  9.       mountPath: /usr/local/tomcat/conf/Catalina
  10.     - name: tmp5
  11.       mountPath: /usr/local/tomcat/work/Catalina

无错误的日志

  1. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx750m
  2. ...
  3. (以下为一系列日志信息,没有错误)
  4. ...

我不确定从哪里开始查找问题。日志中没有错误。

英文:

I have the .war file, it was working fine. but when run as a non-root & read-only filesystem is enabled, it starts to fail with errors like being unable to create a file or directory. So I create tmp volumes and mounted them on all paths which were giving issues.

But now there is no error in logs and Tomcat is giving 404 for all endpoints. As it is giving 404, k8s is restarting that pod.

tmp volume mounted paths

  1. volumeMounts:
  2.     - name: tmp1
  3.       mountPath: /usr/local/tomcat/logs
  4.     - name: tmp2
  5.       mountPath: /usr/local/tomcat/temp
  6.     - name: tmp3
  7.       mountPath: /usr/local/tomcat/webapps/ROOT
  8.     - name: tmp4
  9.       mountPath: /usr/local/tomcat/conf/Catalina
  10.     - name: tmp5
  11.       mountPath: /usr/local/tomcat/work/Catalina

Logs without error

  1. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx750m
  2. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms256m
  3. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
  4. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
  5. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
  6. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
  7. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
  8. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
  9. INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
  10. INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.30] using APR version [1.6.5].
  11. INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
  12. INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
  13. INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1d  10 Sep 2019]
  14. INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
  15. INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
  16. INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 533 ms
  17. INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
  18. INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.69]
  19. INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/ROOT.war]
  20. INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
  21. INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [413] ms
  22. INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
  23. INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 469 ms
  24. INFO [Thread-4] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8080"]
  25. INFO [Thread-4] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
  26. INFO [Thread-4] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["http-nio-8080"]
  27. INFO [Thread-4] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["http-nio-8080"]

I am not sure from where should I start looking. Logs has no error.

答案1

得分: 0

我找到了问题。问题出在 mountPath/usr/local/tomcat/webapps/ROOT

Tomcat 想要创建一个 ROOT 目录,而我正在挂载它。所以 Tomcat 就像 ROOT 已经存在,我不打算执行任何操作

现在我改变了挂载点,同时也对 Dockerfile 做了小改动,一切都正常了。

挂载点

不再挂载到 /usr/local/tomcat/webapps/ROOT,而是挂载到 /usr/local/tomcat/webapps

  1. - name: tmp3
  2.   mountPath: /usr/local/tomcat/webapps

Dockerfile 中的更改

以前我直接将 .war 文件移动到 /usr/local/tomcat/webapps/ROOT.war,但现在我们挂载了 webapps,因此在运行时不可用。

ROOT.war 复制到其他位置,然后在启动 Tomcat 之前将其移动到 webapps

  1. ADD myservice/target/myservice.war /usr/local/tomcat/ROOT.war
  2. COPY script.sh /script.sh
  4. CMD ["bash", "/script.sh"]

script.sh

  1. cp /usr/local/tomcat/ROOT.war /usr/local/tomcat/webapps/ROOT.war
  2. catalina.sh run
英文:

So, I found the issue. The issue is with mountPath: /usr/local/tomcat/webapps/ROOT

tomcat wants to create a ROOT directory and I was mounting it. So Tomcat was like ROOT is already present, I am not going to do anything.

Now I changed the mount point and also small change in Dockerfile is working fine.

Mount point

Instead of mounting at /usr/local/tomcat/webapps/ROOT, mounting now at /usr/local/tomcat/webapps

  1. - name: tmp3
  2.   mountPath: /usr/local/tomcat/webapps

Change in Dockerfile

Before I was moving the .war file directly to /usr/local/tomcat/webapps/ROOT.war, but now we are mounting webapps so it will not be available at run time.

Copying ROOT.war to some other location and before starting tomcat, move it to webapps

  1. ADD myservice/target/myservice.war /usr/local/tomcat/ROOT.war
  2. COPY script.sh /script.sh
  4. CMD ["bash", "/script.sh"]

script.sh

  1. cp /usr/local/tomcat/ROOT.war /usr/local/tomcat/webapps/ROOT.war
  2. catalina.sh run

huangapple
  • 本文由 发表于 2023年6月12日 21:26:52
  • 转载请务必保留本文链接:https://go.coder-hub.com/76457142.html
  • java
  • kubernetes
  • tomcat8
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定