Running DHIS2 using docker compose

Seigi_Takada · 18 October 2023 05:20

I’m running DHIS2 v2.40.1 using docker compose with a custom data path to the mounted drive. when uploading image i encountered an error.

ERROR org.hisp.dhis.fileresource.JCloudsFileResourceContentStore [http-nio-8080-exec-20] File upload failed: 
java.lang.RuntimeException: java.nio.file.FileSystemException: /opt/dhis2/files/document/logo_front-23169c05-3715-4f67-8c45-7138a4f93fba: Operation not permitted

my mounted drive has 0755 permission

Gassim · 18 October 2023 14:46

Hi @Seigi_Takada

Thank you for your post, and welcome to the DHIS2 Community of Practice!

Please check who is the owner of the files/document directory? If it’s not the dhis user then this is the reason. You can use cd /opt/dhis2/files/ in your terminal and then ls -l to see the permission.

Thanks!

alanivey · 18 October 2023 20:28

If you share your compose.yaml file, we can see if there are any obvious issues. It could be that, as @Gassim might be guiding you to, the owner of the mounted directory doesn’t match the Linux user running Tomcat inside of the container.

Seigi_Takada · 19 October 2023 00:27

Thank you for your reply. Below is the screenshot of the users and permission inside the container and the docker compose yaml file that i use.

version: "3.8"

services:
  web:
    image: "${DHIS2_IMAGE:-dhis2/core-dev:local}"
    restart: "always"
    ports:
      - 8080:8080 # DHIS2
      - 8081:8081 # Debugger: connect using commandline flag -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8081
      - 9010:9010 # JMX port (for example for VisualVM)
    volumes:
      - ./docker/dhis.conf:${DHIS2_HOME:-/DHIS2_home}/dhis.conf:ro
      - ./docker/log4j2.xml:${DHIS2_HOME:-/DHIS2_home}/log4j2.xml:ro
      - /mnt/disks/disk1/dhis2:${DHIS2_HOME:-/DHIS2_home}:rw
    environment:
      DHIS2_HOME: ${DHIS2_HOME:-/DHIS2_home}
      JAVA_OPTS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8081 \
              -Dlog4j2.configurationFile=${DHIS2_HOME:-/DHIS2_home}/log4j2.xml
              -Dcom.sun.management.jmxremote \
              -Dcom.sun.management.jmxremote.port=9010 \
              -Dcom.sun.management.jmxremote.local.only=false \
              -Dcom.sun.management.jmxremote.authenticate=false \
              -Dcom.sun.management.jmxremote.ssl=false \
              -Ddhis2.home=${DHIS2_HOME:-/DHIS2_home}"

.env

DHIS2_IMAGE=dhis2/core:2.40.1
DHIS2_HOME=/opt/dhis2

Below is my reference for the yaml.

github.com

dhis2/dhis2-core/blob/master/docker-compose.yml

version: "3.8"

services:
  web:
    image: "${DHIS2_IMAGE:-dhis2/core-dev:local}"
    ports:
      - 127.0.0.1:8080:8080 # DHIS2
      - 127.0.0.1:8081:8081 # Debugger: connect using commandline flag -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8081
      - 127.0.0.1:9010:9010 # JMX port (for example for VisualVM)
    volumes:
      - ./docker/dhis.conf:/opt/dhis2/dhis.conf:ro
      - ./docker/log4j2.xml:/opt/dhis2/log4j2.xml:ro
    environment:
      JAVA_OPTS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8081 \
              -Dlog4j2.configurationFile=/opt/dhis2/log4j2.xml
              -Dcom.sun.management.jmxremote \
              -Dcom.sun.management.jmxremote.port=9010 \
              -Dcom.sun.management.jmxremote.local.only=false \
              -Dcom.sun.management.jmxremote.authenticate=false \
              -Dcom.sun.management.jmxremote.ssl=false"

This file has been truncated. show original

Gassim · 19 October 2023 17:09

My first look as at these permissions. I see that the directory owner is root (user and user group) but it’s supposed to be the dhis user that is the owner.

Seigi_Takada · 20 October 2023 00:21

Should I add a dhis user on the host? because there is no dhis user on the container. Changing permission inside the container is not allowed. Thank you

Gassim · 23 October 2023 17:43

Hi @Seigi_Takada

I have not tried to use Docker Compose yet; however, what I know from the main dhis2 installation guidelines is that we’re not supposed to use root user:

“You should not run the DHIS2 server as a privileged user such as root.” source

So what we do is we create a dhis user, and then:

Creating the configuration directory

Start by creating a suitable directory for the DHIS2 configuration files. This directory will also be used for apps, files and log files. An example directory could be:
mkdir /home/dhis/config
chown dhis:dhis /home/dhis/config
DHIS2 will look for an environment variable called DHIS2_HOME to locate the DHIS2 configuration directory. This directory will be referred to as DHIS2_HOME in this installation guide. We will define the environment variable in a later step in the installation process.

If no environment variable DHIS2_HOME is found, the default configuration file location /opt/dhis2 is used.

The permissions are now given to the dhis user; however, in your instance the permissions are not given to root instead of 1000 so this is why I suspect it is causing the errors.

What guide are you following to install this setup? Thanks!

Seigi_Takada · 24 October 2023 23:47

Thank you for the response. I will try to change the permission. Actually, this is working when using the default volume path of docker but to have a backup of the actual data I’m pointing it to an attached storage. Also, I want also to try using the filestore which for now supports only AWS S3. but on the configuration, there is no config for the endpoint of S3 or is it automatically handled by DHIS?

Gassim · 26 October 2023 12:14

Great, you could compare permissions on the the default volume path and the new custom path you’re using for back up as I think they should be the same.

This is a different discussion point which is not exactly the same as the main post, so you’re welcome to create a new topic post but with further details and explaination please.
Thanks!