Description
Benjamin Rappleyea
1 hour ago
We are attempting to update from 4.8.0 to 4.10.3 and erroring out at runtime due to a permissions issue. We have tried doing several different things but are still running into an error. We do not have root access during runtime because of how OpenShift is configured (I2 container seems to assume it can be run as Root, but OpenShift does not allow that) so the chmod of /usr/lib/jvm/java-17-amazon-corretto/lib/security/cacerts is failing (librarySetupFilesTomcat.sh, function setupFilesTomcat_sslCertsClient)
Any guidance or help would be greatly appreciated.
Chris Hyzer
32 minutes ago
do you have a file added to /opt/grouper/certs/anchors/ ?
Benjamin Rappleyea
32 minutes ago
We do not, we handle all of our connections/etc... through a VIP so haven't needed any certs up to this point.
New
Benjamin Rappleyea
10 minutes ago
Did a little extra checking to confirm our suspicions, 4.10.3 is auto generating a pem cert to /opt/grouper/certs/client while 4.8.0 did not. This is causing the librarySetupFilesTomcat.sh to run that function which runs into the permission errors.
Ran it locally on my computer to see if anything showed up:
PS C:\Users\jerem> docker run i2incommon/grouper:4.10.3 ls /opt/grouper/certs/client/
grouperContainer; INFO: (library.sh) Start loading library.sh
grouperContainer; INFO: (library.sh) End loading library.sh
grouperContainer; INFO: (libraryPrep.sh-prep_conf) Start setting up initial pipes
grouperContainer; INFO: (libraryPrep.sh-prep_conf) GROUPER_USE_PIPES=true
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/logpipe
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/logsuperd
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/loggrouper
grouperContainer; INFO: (libraryPrep.sh-prep_conf) End setting up initial pipes
grouperContainer; INFO: (libraryPrep.sh-prep_conf) Loading env vars from /opt/grouper/grouperEnv.sh
grouperContainer; INFO: (entrypoint.sh) Executing ls /opt/grouper/certs/client/
localhost.pem
While 4.8.0:
PS C:\Users\jerem> docker run i2incommon/grouper:4.8.0 ls /opt/grouper/certs/client
grouperContainer; INFO: (library.sh) Start loading library.sh
grouperContainer; INFO: (library.sh) End loading library.sh
grouperContainer; INFO: (libraryPrep.sh-prep_conf) Start setting up initial pipes
grouperContainer; INFO: (libraryPrep.sh-prep_conf) GROUPER_USE_PIPES=true
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/logpipe
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/logsuperd
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/loggrouper
grouperContainer; INFO: (libraryPrep.sh-prep_conf) End setting up initial pipes
grouperContainer; INFO: (libraryPrep.sh-prep_conf) Loading env vars from /opt/grouper/grouperEnv.sh
grouperContainer; INFO: (entrypoint.sh) Executing ls /opt/grouper/certs/client
Chris Hyzer
< 1 minute ago
ok i guess we need to that in the container docker build and not in the startup... sorry about that. will be in next version. in the meantime if you want to overlay that ibrarySetupFilesTomcat.sh file and remove the offending method feel free. but we are trying to get an updated container out soon, hopefully by end of weekend