2023年6月12日 21:26:52go评论67阅读模式

英文:

After changing to non root & read only filesystem, tomcat giving 404

问题

我有.war文件，它之前运行正常。但是当以非root用户并启用只读文件系统时，它开始出现无法创建文件或目录等错误。所以我创建了临时卷并挂载它们到所有出现问题的路径上。

但现在日志中没有错误，Tomcat对所有端点返回404。由于返回404，Kubernetes正在重新启动该Pod。

临时卷挂载路径

volumeMounts:
    - name: tmp1
      mountPath: /usr/local/tomcat/logs
    - name: tmp2
      mountPath: /usr/local/tomcat/temp
    - name: tmp3
      mountPath: /usr/local/tomcat/webapps/ROOT
    - name: tmp4
      mountPath: /usr/local/tomcat/conf/Catalina
    - name: tmp5
      mountPath: /usr/local/tomcat/work/Catalina

无错误的日志

INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx750m
...
（以下为一系列日志信息，没有错误）
...

我不确定从哪里开始查找问题。日志中没有错误。

英文:

I have the .war file, it was working fine. but when run as a non-root & read-only filesystem is enabled, it starts to fail with errors like being unable to create a file or directory. So I create tmp volumes and mounted them on all paths which were giving issues.

But now there is no error in logs and Tomcat is giving 404 for all endpoints. As it is giving 404, k8s is restarting that pod.

tmp volume mounted paths

volumeMounts:
    - name: tmp1
      mountPath: /usr/local/tomcat/logs
    - name: tmp2
      mountPath: /usr/local/tomcat/temp
    - name: tmp3
      mountPath: /usr/local/tomcat/webapps/ROOT
    - name: tmp4
      mountPath: /usr/local/tomcat/conf/Catalina
    - name: tmp5
      mountPath: /usr/local/tomcat/work/Catalina

Logs without error

INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx750m
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms256m
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.30] using APR version [1.6.5].
INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1d  10 Sep 2019]
INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler [&quot;http-nio-8080&quot;]
INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 533 ms
INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.69]
INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/ROOT.war]
INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [413] ms
INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler [&quot;http-nio-8080&quot;]
INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 469 ms
INFO [Thread-4] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler [&quot;http-nio-8080&quot;]
INFO [Thread-4] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
INFO [Thread-4] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler [&quot;http-nio-8080&quot;]
INFO [Thread-4] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler [&quot;http-nio-8080&quot;]

I am not sure from where should I start looking. Logs has no error.

答案1

得分: 0

我找到了问题。问题出在 mountPath：/usr/local/tomcat/webapps/ROOT

Tomcat 想要创建一个 ROOT 目录，而我正在挂载它。所以 Tomcat 就像 ROOT 已经存在，我不打算执行任何操作。

现在我改变了挂载点，同时也对 Dockerfile 做了小改动，一切都正常了。

挂载点

不再挂载到 /usr/local/tomcat/webapps/ROOT，而是挂载到 /usr/local/tomcat/webapps

- name: tmp3
  mountPath: /usr/local/tomcat/webapps

Dockerfile 中的更改

以前我直接将 .war 文件移动到 /usr/local/tomcat/webapps/ROOT.war，但现在我们挂载了 webapps，因此在运行时不可用。

将 ROOT.war 复制到其他位置，然后在启动 Tomcat 之前将其移动到 webapps

ADD myservice/target/myservice.war /usr/local/tomcat/ROOT.war
COPY script.sh /script.sh

CMD ["bash", "/script.sh"]

script.sh

cp /usr/local/tomcat/ROOT.war /usr/local/tomcat/webapps/ROOT.war
catalina.sh run

英文:

So, I found the issue. The issue is with mountPath: /usr/local/tomcat/webapps/ROOT

tomcat wants to create a ROOT directory and I was mounting it. So Tomcat was like ROOT is already present, I am not going to do anything.

Now I changed the mount point and also small change in Dockerfile is working fine.

Mount point

Instead of mounting at /usr/local/tomcat/webapps/ROOT, mounting now at /usr/local/tomcat/webapps

- name: tmp3
  mountPath: /usr/local/tomcat/webapps

Change in Dockerfile

Before I was moving the .war file directly to /usr/local/tomcat/webapps/ROOT.war, but now we are mounting webapps so it will not be available at run time.

Copying ROOT.war to some other location and before starting tomcat, move it to webapps

ADD myservice/target/myservice.war /usr/local/tomcat/ROOT.war
COPY script.sh /script.sh

CMD [&quot;bash&quot;, &quot;/script.sh&quot;]

script.sh

cp /usr/local/tomcat/ROOT.war /usr/local/tomcat/webapps/ROOT.war
catalina.sh run

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

更改为非root和只读文件系统后，Tomcat出现404错误。

问题

临时卷挂载路径

无错误的日志

tmp volume mounted paths

Logs without error

答案1

挂载点

Dockerfile 中的更改

Mount point

Change in Dockerfile

Heap allocation source code in in jdk(G1GC)

Jackson XML反序列化 – 序列化为一个中间带有任意元素的列表

为什么在尝试将按钮添加到GridPane时我收到了一个错误？

java.lang.LinkageError: ClassCastException:attempting to castjar: javax.ws.rs-api-2.0.1.jar

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论