DHIS2 core docker container restarting due to missing privileges for chown

Question

I'm following this guide to launch a docker container of DHIS2 and the core container keeps restating on me because Tomcat's server.xml can't be chowned. Here's the tail of the log:

  inflating: /usr/local/tomcat/webapps/ROOT/dhis-web-sms-configuration/safari-pinned-tab.svg  
  inflating: /usr/local/tomcat/webapps/ROOT/dhis-web-sms-configuration/package.json  
  inflating: /usr/local/tomcat/webapps/ROOT/dhis-web-sms-configuration/favicon.ico  
  inflating: /usr/local/tomcat/webapps/ROOT/dhis-web-sms-configuration/service-worker.js  
  inflating: /usr/local/tomcat/webapps/ROOT/dhis-web-sms-configuration/favicon-48x48.png  
  inflating: /usr/local/tomcat/webapps/ROOT/dhis-web-sms-configuration/manifest.webapp  
  inflating: /usr/local/tomcat/webapps/ROOT/META-INF/maven/org.hisp.dhis/dhis-web-portal/pom.xml
  inflating: /usr/local/tomcat/webapps/ROOT/META-INF/maven/org.hisp.dhis/dhis-web-portal/pom.properties  
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted
chown: changing ownership of '/usr/local/tomcat/conf/server.xml': Operation not permitted

This is the docker-compose.yml file:

version: '3'
services:
  core:
    image: "${DHIS2_CORE_IMAGE}"
    user: root
    restart: always
    volumes:
      - ${DHIS2_CORE_CONFIG:-./config/DHIS2_home/dhis.conf}:/DHIS2_home/dhis.conf
      - ./config/server.xml:/usr/local/tomcat/conf/server.xml
      - ./config/DHIS2_home:/DHIS2_home
    environment:
      CATALINA_OPTS: "-Dcontext.path='${DHIS2_CORE_CONTEXT_PATH:-}'"
    depends_on:
      - "db"
  db:
    image: "mdillon/postgis:10-alpine"
    command: "postgres -c max_locks_per_transaction=100"
    restart: always
    volumes:
      - datadb:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: dhis2
      POSTGRES_USER: dhis
      POSTGRES_PASSWORD: dhis
  gateway:
    image: "jwilder/nginx-proxy:alpine"
    restart: always
    ports:
      - "${DHIS2_CORE_PORT}:80"
    volumes:
      - ./config/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./.apps:/data/apps:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
volumes:
  datadb:
  home:

I added the user: root there but it made no difference. With the container restarting I get a 502 Bad Gateway when I try to access the instance via http://localhost:8080 . It would seem as if the user that inflates the files does not have enough privileges to do a chown on the server.xml file.

Is there a way to permanently fix this? Is there an elevated way to bring the cluster up or a way to change the effective permission of the user in the container?

Answer 1

what you did looks ok. But i dont know the image you are using and they have a very spécific view of which user should be running the container : could you try to follow it ?

https://developers.dhis2.org/docs/tutorials/dhis2-docker

One reason why user:root is not working : (only a supposition) the Dockerfile they are using to create the image may be referencing an entrypoint script, which changes the running user to the one in their guide, before running chown.