Graylog2-server: ERROR: Unable to access file /usr/share/graylog/data/journal/graylog2-committed-read-offset: Permission denied
Problem description
ERROR: Unable to access file /usr/share/graylog/data/journal/graylog2-committed-read-offset: Permission denied
Steps to reproduce the problem
While doing a docker-compose up
Graylog server is stopping with the above error
Here is the docker-compose file
mongo:
image: "mongo:3"
volumes:
- /graylog/data/mongo:/data/db
elasticsearch:
image: "elasticsearch:2"
command: "elasticsearch -Des.cluster.name='graylog'"
volumes:
- /graylog/data/elasticsearch:/usr/share/elasticsearch/data
graylog:
image: graylog2/server:2.0.0-rc.1-1
volumes:
- /graylog/data/journal:/usr/share/graylog/data/journal
- /graylog/config:/usr/share/graylog/data/config
environment:
GRAYLOG_PASSWORD_SECRET: somepasswordpepper
GRAYLOG_ROOT_PASSWORD_SHA2: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
GRAYLOG_REST_TRANSPORT_URI: http://127.0.0.1:12900
links:
- mongo:mongo
- elasticsearch:elasticsearch
ports:
- "9000:9000"
- "12900:12900"
Environment
- Graylog Version: 2
- Elasticsearch Version:2
- MongoDB Version: 3
- Operating System: CentOS 7
- Browser version:
woody3549
All 16 comments
Did you make sure that /graylog/data is not exclusively writeable by root?
mariussturm
on 28 Apr 2016
Ok, it seems better.
But now I have a :
graylog_1 | ERROR: Unable to access file /usr/share/graylog/data/journal/graylog2-committed-read-offset: Permission denied
graylog_1 |
graylog_1 | Need help?
graylog_1 |
graylog_1 | * Official documentation: http://docs.graylog.org/
graylog_1 | * Community support: https://www.graylog.org/community-support/
graylog_1 | * Commercial support: https://www.graylog.com/support/
graylog_1 |
graylog_1 | Terminating. :(
graylog_1 |
graylog_1 | ################################################################################
graylog_1 |
mongo_1 | 2016-04-28T15:11:34.454+0000 I NETWORK [conn1] end connection 172.17.0.4:58955 (1 connection now open)
mongo_1 | 2016-04-28T15:11:34.454+0000 I NETWORK [conn2] end connection 172.17.0.4:58956 (0 connections now open)
videxref_graylog_1 exited with code 254
Gracefully stopping... (press Ctrl+C again to force)
Stopping videxref_mongo_1...
Stopping videxref_elasticsearch_1...
Exception in thread Thread-1 (most likely raised during interpreter shutdown):
Traceback (most recent call last):
File "/code/build/docker-compose/out00-PYZ.pyz/threading", line 810, in __bootstrap_inner
File "/code/build/docker-compose/out00-PYZ.pyz/threading", line 763, in run
File "/code/build/docker-compose/out00-PYZ.pyz/compose.cli.multiplexer", line 41, in _enqueue_output
File "/code/build/docker-compose/out00-PYZ.pyz/compose.cli.log_printer", line 62, in _make_log_generator
File "/code/build/docker-compose/out00-PYZ.pyz/compose.container", line 155, in wait
File "/code/build/docker-compose/out00-PYZ.pyz/docker.utils.decorators", line 15, in wrapped
File "/code/build/docker-compose/out00-PYZ.pyz/docker.client", line 1136, in wait
File "/code/build/docker-compose/out00-PYZ.pyz/docker.client", line 103, in _post
File "/code/build/docker-compose/out00-PYZ.pyz/requests.sessions", line 508, in post
File "/code/build/docker-compose/out00-PYZ.pyz/requests.sessions", line 465, in request
File "/code/build/docker-compose/out00-PYZ.pyz/requests.sessions", line 573, in send
File "/code/build/docker-compose/out00-PYZ.pyz/requests.adapters", line 414, in send
<type 'exceptions.AttributeError'>: 'NoneType' object has no attribute 'error'
@woody3549 It's still the same problem as far as I see…
joschi
on 28 Apr 2016
@woody3549 did you change the permissions recursively? The graylog user needs write access to all sub folders in /graylog/data
mariussturm
on 28 Apr 2016
Yes, I did
woody3549
on 28 Apr 2016
Let's move this discussion to the Graylog mailing list because this is not a server bug and more informations are needed. Thanks!
mariussturm
on 28 Apr 2016
Any solution for this?
mohanrao
on 3 May 2016
@mohanrao We are using GitHub issues for tracking bugs in Graylog itself, but this doesn't look like one. Please post this issue to our public mailing list or join the #graylog channel on freenode IRC.
Thank you!
joschi
on 4 May 2016
@joschi @mariussturm isn't it a problem in the docker-compose that is available in the documentation? I'm with the same problem, I've already tried to run
sudo chown deploy:deploy data -R without success
Any idea?
kaiomagalhaes
on 17 May 2016
The Graylog container creates files with user and group 1100. I have no idea why...
elisiariocouto
on 6 Jun 2016
(ubuntu 14.04, docker 1.10, overlay driver) solved setting graylog/data/journal to user and group 1100 outside the container
dvdred
on 14 Jun 2016
I also get this error:
chown: changing ownership of '/usr/share/graylog/data/journal': Operation not permitted
After running this command on docker's mount point it started to work:
chown -R 1100:1100 ./graylog_journal
Thanks to @dvdred to pointing this out!
xak2000
on 2 Mar 2019
@xak2000 could you please explain it? Why 1100?
Opalo
on 21 Mar 2019
@Opalo It's explained two messages above. :-)
@elisiariocouto wrote:
The Graylog container creates files with user and group 1100. I have no idea why...
So, I think graylog tries to change the user and group of /usr/share/graylog/data/journal at startup, but have no rights for this because it is runned under user UID 1100, GROUP 1100. Setting this user and group explicitly before starting docker conatiner "fixes" this situation.
xak2000
on 21 Mar 2019
Any ideas how it should be done _correctly_?
Opalo
on 22 Mar 2019
The description of creating graylog users and groups can be seen in the dochub's official mirror Dockerfile at https://hub.docker.com/r/graylog/graylog/dockerfile
linc007
on 18 Apr 2019
Related issues
mikkolehtisalo
·
4Comments
lennartkoopmann
·
4Comments
jalogisch
·
3Comments
bpbp-boop
·
4Comments
albix
·
3Comments
Most helpful comment
The Graylog container creates files with user and group 1100. I have no idea why...