[ https://issues.apache.org/jira/browse/IGNITE-17032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17563331#comment-17563331 ]
Petar Tonkovic commented on IGNITE-17032: ----------------------------------------- Hi [~slukyanov], Thanks for your comment. Indeed, we have already discovered the workaround with mounting the tmp folder in the yaml definition: {code:java} volumeMounts: - name: temp-vol mountPath: /tmp readOnly: false{code} However, it might be a nice improvement to have everything working out of the box as we lost quite some time finding the workaround ourselves and it was not quite obvious. Regarding the writable disk, sure Ignite needs to write on disk, but again usually you provide it the mount which is able to be written to do so, which is hopefully not in the installation folder. :) In many cases Kubernetes clusters provided by company infrastructure teams enforce that the images are run with this read only file system flag as part of their security requirements and it makes total sense: # You prepare your installation file system pre-deployment with your Docker file by building it in the required image; # After said image is ran, there is no room for any kind of malicious software doing any kind of injections in your pods. My company has exactly this security policy enforced and I have struggled a lot with various software that tries to write some temp files in the installation folder or something similar when trying to deploy it in a container. They either forget to let you set the log path somehow (usually via environment variable) and then connect it to a volume mount that is read/write. I can imagine that these security measures might be a common occurrence in the industry, so could be a nice improvement. Thank you for looking into it. P.S. We have noticed the same script being used in the web console agent (we used the one from GridGain, not sure if it is the case with the vanilla one as well), just FYI. > Apache Ignite Docker container does not run correctly if image is run in read > only file system mode > --------------------------------------------------------------------------------------------------- > > Key: IGNITE-17032 > URL: https://issues.apache.org/jira/browse/IGNITE-17032 > Project: Ignite > Issue Type: Bug > Components: build > Affects Versions: 2.13 > Reporter: Petar Tonkovic > Priority: Major > > When following the Kubernetes deployment tutorials (online: > https://ignite.apache.org/docs/latest/installation/kubernetes/azure-deployment, > youtube: [https://youtu.be/38YgdAOs038]), trying to run the official docker > image () with the --read-only flag is causing errors: > /opt/ignite/apache-ignite/bin/include/functions.sh: line 52: cannot create > temp file for here-document: Read-only file system > /opt/ignite/apache-ignite/bin/include/functions.sh: line 85: [: -lt: unary > operator expected2022-05-25T14:27:34.504369604+02:00 > > Since most managed company Kubernetes clusters enforce this read-only flag as > a security requirement, it would be good to look into these errors. > > Later on, we get the following error on starting up: > class org.apache.ignite.IgniteException: Failed to instantiate Spring XML > application context (make sure all classes used in Spring configuration are > present at CLASSPATH) [springUrl=file:/ignite/config/node-configuration.xml] > at > org.apache.ignite.internal.util.IgniteUtils.convertException(IgniteUtils.java:1135) > at org.apache.ignite.Ignition.start(Ignition.java:356) > at > org.apache.ignite.startup.cmdline.CommandLineStartup.main(CommandLineStartup.java:365) > Caused by: class org.apache.ignite.IgniteCheckedException: Failed to > instantiate Spring XML application context (make sure all classes used in > Spring configuration are present at CLASSPATH) > [springUrl=file:/ignite/config/node-configuration.xml] > at > org.apache.ignite.internal.util.spring.IgniteSpringHelperImpl.applicationContext(IgniteSpringHelperImpl.java:364) > at > org.apache.ignite.internal.util.spring.IgniteSpringHelperImpl.loadConfigurations(IgniteSpringHelperImpl.java:102) > at > org.apache.ignite.internal.util.spring.IgniteSpringHelperImpl.loadConfigurations(IgniteSpringHelperImpl.java:96) > at > org.apache.ignite.internal.IgnitionEx.loadConfigurations(IgnitionEx.java:729)2022-05-25T14:27:34.916588365+02:00 > at org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:930) > at > org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:839)2022-05-25T14:27:34.916609431+02:00 > at > org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:709)2022-05-25T14:27:34.916622089+02:00 > at > org.apache.ignite.internal.IgnitionEx.start(IgnitionEx.java:678)2022-05-25T14:27:34.916636146+02:00 > at > org.apache.ignite.Ignition.start(Ignition.java:353)2022-05-25T14:27:34.916650122+02:00 > ... 1 more2022-05-25T14:27:34.916671644+02:00 > Caused by: org.springframework.beans.factory.BeanCreationException: Error > creating bean with name > 'org.apache.ignite.configuration.IgniteConfiguration#0' defined in URL > [file:/ignite/config/node-configuration.xml|file://ignite/config/node-configuration.xml]: > Cannot create inner bean > 'org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi#56ef9176' of type > [org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi] while setting bean > property 'discoverySpi'; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating bean > with name 'org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi#56ef9176' > defined in URL > [file:/ignite/config/node-configuration.xml|file://ignite/config/node-configuration.xml]: > Cannot create inner bean > 'org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder#13805618' > of type > [org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder] > while setting bean property 'ipFinder'; nested exception is > org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find > class > [org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder] > for bean with name > 'org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder#13805618' > defined in URL > [file:/ignite/config/node-configuration.xml|file://ignite/config/node-configuration.xml]; > nested exception is java.lang.ClassNotFoundException: > org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder > at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:389) > at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:127) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1702) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1447) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:593) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516)2022-05-25T14:27:34.916861927+02:00 > at > org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:324)2022-05-25T14:27:34.916874946+02:00 > at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)2022-05-25T14:27:34.916887763+02:00 > at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:322)2022-05-25T14:27:34.916901908+02:00 > at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)2022-05-25T14:27:34.916915941+02:00 > at > org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:897) > at > org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:879)2022-05-25T14:27:34.916955867+02:00 > at > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:551)2022-05-25T14:27:34.916968468+02:00 > at > org.apache.ignite.internal.util.spring.IgniteSpringHelperImpl.applicationContext(IgniteSpringHelperImpl.java:358)2022-05-25T14:27:34.916982593+02:00 > ... 9 more2022-05-25T14:27:34.916995138+02:00 > Caused by: org.springframework.beans.factory.BeanCreationException: Error > creating bean with name > 'org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi#56ef9176' defined in URL > [file:/ignite/config/node-configuration.xml|file://ignite/config/node-configuration.xml]: > Cannot create inner bean > 'org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder#13805618' > of type > [org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder] > while setting bean property 'ipFinder'; nested exception is > org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find > class > [org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder] > for bean with name > 'org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder#13805618' > defined in URL > [file:/ignite/config/node-configuration.xml|file://ignite/config/node-configuration.xml]; > nested exception is java.lang.ClassNotFoundException: > org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder > at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:389) > at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:127) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1702) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1447) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:593)2022-05-25T14:27:34.917162095+02:00 > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516) > at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:374) > ... 22 more2022-05-25T14:27:34.917205915+02:00 > Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: > Cannot find class > [org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder] > for bean with name > 'org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder#13805618' > defined in URL > [file:/ignite/config/node-configuration.xml|file://ignite/config/node-configuration.xml]; > nested exception is java.lang.ClassNotFoundException: > org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder > at > org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1486) > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:488) > at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:374) > ... 28 more2022-05-25T14:27:34.917347412+02:00 > Caused by: java.lang.ClassNotFoundException: > org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder > at java.net.URLClassLoader.findClass(URLClassLoader.java:382) > at java.lang.ClassLoader.loadClass(ClassLoader.java:424) > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:349) > at java.lang.ClassLoader.loadClass(ClassLoader.java:357) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:348) > at org.springframework.util.ClassUtils.forName(ClassUtils.java:284) > at > org.springframework.beans.factory.support.AbstractBeanDefinition.resolveBeanClass(AbstractBeanDefinition.java:469) > at > org.springframework.beans.factory.support.AbstractBeanFactory.doResolveBeanClass(AbstractBeanFactory.java:1551)2022-05-25T14:27:34.917546706+02:00 > at > org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1478)2022-05-25T14:27:34.917560811+02:00 > ... 30 more2022-05-25T14:27:34.917573534+02:00 > Failed to start grid: Failed to instantiate Spring XML application context > (make sure all classes used in Spring configuration are present at CLASSPATH) > [springUrl=file:/ignite/config/node-configuration.xml] > > It seems to be connected, as running the image without the --read-only flag > works just fine. > -- This message was sent by Atlassian Jira (v8.20.10#820010)