containers icon indicating copy to clipboard operation
containers copied to clipboard

Published 20 hours ago verified publisher icon bitnami

MongoDB compatibility with Azure File Share Issue

Open saif-chaudhry opened this issue 2 years ago • 2 comments

Name and Version

bitnami/mongodb:latest

What steps will reproduce the bug?

Hi, I am deploying bitnami/mongodb:latest container as Azure Container Instance (ACI) in a group using ARM template inside a vNET. The bitnami/mongodb container run as non-root user but Azure file share volume mount requires the Linux container to run as root . Looking at the documentation;

(link: https://docs.bitnami.com/tutorials/work-with-non-root-containers)

it states;

If you wish to run a Bitnami non-root container image as a root container image, you can do so by adding the line user: root right after the image: directive in the container's docker-compose.yml

How to achieve the same using ARM template since it doesn't appear to have any property for it ?

(link: https://docs.microsoft.com/en-us/azure/templates/microsoft.containerinstance/containergroups?tabs=json?)

I've tried various options but nothing so far working for me e.g. one possible solution was to explore init container option;

(link: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-init-container)

So I tried the Use of a InitContainer and see if I can update the permissions/ownership on the mounted volume e.g. "chown 1001:1001 -R /bitnami" but then I don't have the option to call a "depends_on" so having an image that just changes permissions wouldn't necessarily work as far a I can tell before starting MongoDB container itself, and the MonogoDB container won't be started until Init Container is finished as per Microsoft documentation

"Init containers run to completion before the application container or containers start." so in my testing this approach doesn't make any difference."

Also tried a new mount path i.e. /data/mongoaz instead of default path /data/db based on some of the suggestion online related to mongo container (not the bitnami image) but it didn't work either as this goes back to the permission issue.

Here is the error that I'm getting which I believe is expected to see in this environment unless we can fix the permissions problem.

{"t":{"$date":"2022-07-25T17:12:03.203+00:00"},"s":"I",  "c":"CONTROL",  "id":21951,   "ctx":"initandlisten","msg":"Options set by command line","attr":{"options":{"storage":{"dbPath":"/data/mongoaz"}}}}
{"t":{"$date":"2022-07-25T17:12:03.286+00:00"},"s":"I",  "c":"STORAGE",  "id":22315,   "ctx":"initandlisten","msg":"Opening WiredTiger","attr":{"config":"create,cache_size=483M,session_max=33000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),builtin_extension_config=(zstd=(compression_level=6)),file_manager=(close_idle_time=600,close_scan_interval=10,close_handle_minimum=250),statistics_log=(wait=0),verbose=[recovery_progress,checkpoint_progress,compact_progress],"}}
{"t":{"$date":"2022-07-25T17:12:04.253+00:00"},"s":"E",  "c":"STORAGE",  "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":1,"message":"[1658769124:253222][4195:0x7fc83c453c80], connection: __posix_open_file, 808: /data/mongoaz/WiredTiger.wt: handle-open: open: Operation not permitted"}}
{"t":{"$date":"2022-07-25T17:12:04.330+00:00"},"s":"E",  "c":"STORAGE",  "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":17,"message":"[1658769124:330802][4195:0x7fc83c453c80], connection: __posix_open_file, 808: /data/mongoaz/WiredTiger.wt: handle-open: open: File exists"}}
{"t":{"$date":"2022-07-25T17:12:04.354+00:00"},"s":"I",  "c":"STORAGE",  "id":22430,   "ctx":"initandlisten","msg":"WiredTiger message","attr":{"message":"unexpected file WiredTiger.wt found, renamed to WiredTiger.wt.1"}}
{"t":{"$date":"2022-07-25T17:12:04.366+00:00"},"s":"E",  "c":"STORAGE",  "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":1,"message":"[1658769124:366555][4195:0x7fc83c453c80], connection: __posix_open_file, 808: /data/mongoaz/WiredTiger.wt: handle-open: open: Operation not permitted"}}
{"t":{"$date":"2022-07-25T17:12:04.438+00:00"},"s":"E",  "c":"STORAGE",  "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":17,"message":"[1658769124:438502][4195:0x7fc83c453c80], connection: __posix_open_file, 808: /data/mongoaz/WiredTiger.wt: handle-open: open: File exists"}}
{"t":{"$date":"2022-07-25T17:12:04.460+00:00"},"s":"I",  "c":"STORAGE",  "id":22430,   "ctx":"initandlisten","msg":"WiredTiger message","attr":{"message":"unexpected file WiredTiger.wt found, renamed to WiredTiger.wt.2"}}
{"t":{"$date":"2022-07-25T17:12:04.473+00:00"},"s":"E",  "c":"STORAGE",  "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error","attr":{"error":1,"message":"[1658769124:473025][4195:0x7fc83c453c80], connection: __posix_open_file, 808: /data/mongoaz/WiredTiger.wt: handle-open: open: Operation not permitted"}}
{"t":{"$date":"2022-07-25T17:12:04.480+00:00"},"s":"W",  "c":"STORAGE",  "id":22347,   "ctx":"initandlisten","msg":"Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade."}
{"t":{"$date":"2022-07-25T17:12:04.480+00:00"},"s":"F",  "c":"STORAGE",  "id":28595,   "ctx":"initandlisten","msg":"Terminating.","attr":{"reason":"1: Operation not permitted"}}
{"t":{"$date":"2022-07-25T17:12:04.480+00:00"},"s":"F",  "c":"-",        "id":23091,   "ctx":"initandlisten","msg":"Fatal assertion","attr":{"msgid":28595,"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp","line":687}}
{"t":{"$date":"2022-07-25T17:12:04.481+00:00"},"s":"F",  "c":"-",        "id":23092,   "ctx":"initandlisten","msg":"\n\n***aborting after fassert() failure\n\n"}

I trying to achieve both Azure file share mounted volume and mongo authentication enabled in same ARM template file, can this be done?

What is the expected behavior?

Azure File Share Mounted with bitnami/mongodb container that is running as non-root.

What do you see instead?

Container is crashing as per the error details above.

Additional information

I can share the my ARM template if needed.

saif-chaudhry avatar Jul 25 '22 19:07 saif-chaudhry

We are going to transfer this issue to bitnami/containers

In order to unify the approaches followed in Bitnami containers and Bitnami charts, we are moving some issues in bitnami/bitnami-docker-<container> repositories to bitnami/containers.

Please follow bitnami/containers to keep you updated about the latest bitnami images.

More information here: https://blog.bitnami.com/2022/07/new-source-of-truth-bitnami-containers.html

carrodher avatar Jul 28 '22 13:07 carrodher

Hi, Maybe you want to give a try to put a script in $MONGODB_INITSCRIPTS_DIR. It will be run during start up time.

rafariossaa avatar Jul 29 '22 07:07 rafariossaa

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] avatar Aug 14 '22 01:08 github-actions[bot]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

github-actions[bot] avatar Aug 19 '22 01:08 github-actions[bot]