Graylog Errors and Exits When Running Docker

I am running the latest Graylog docker image (v 3.0.1-1)and I am encountering these warnings:

*graylog_1        | chown: changing ownership of '/usr/share/graylog/data/config/log4j2.xml': Permission denied*
*graylog_1        | chown: changing ownership of '/usr/share/graylog/data/config/graylog.conf': Permission denied*
*graylog_1        | chown: changing ownership of '/usr/share/graylog/data/config': Operation not permitted*
*graylog_1        | Warning can not change owner to graylog:graylog*

Followed by these errors, before Graylog exits out (mongo and ES both startup successfully)

*graylog_1        | ERROR StatusLogger File not found in file system or classpath: /usr/share/graylog/data/config/log4j2.xml*
*graylog_1        | ERROR StatusLogger Reconfiguration failed: No configuration found for '1b6d3586' at 'null' in 'null'*
*graylog_1        | 21:11:57.563 [main] ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist!*
*graylog_graylog_1 exited with code 1*

The files, graylog.conf and log4j2.xml exist in the path that it is complaining about. Just for testing, I even applied 755 permissions to the folders and files, but it makes no difference.

I am using the methods described in the manual for setting up persistent data for all modules, as well as the recommended method for mounting local configuration files.

Does anyone have any ideas as to why this might be happening?
I am wondering if there is something wrong with the graylog volume definitions, although I’m following exactly what is outlined in the documentation.

Here is the docker-compose file that I am using:

version: '2'
services:
  mongodb:
    image: mongo:3
    volumes:
      - mongo_data:/data/db
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  graylog:
    image: graylog/graylog:3.0
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
      - ./graylog/config:/usr/share/graylog/data/config
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=blahblah...
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://foobar.com:9000/
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

I’m not entirely up to speed anymore on docker-compose but I’m sure there’s a way to set the --user command line option to docker run somewhere; set that to graylog and see if it makes a difference

./graylog/config

is that directory writable by the Graylog user-id/user that is used in Docker? Graylog is running with the userid 1100 ( https://github.com/Graylog2/graylog-docker/blob/3.0/Dockerfile#L63 ) so that userid needs the ability to chown the mounted directory as Graylog runs as user Graylog and not root in the docker container.

Thank you both for offering solutions to this.
I was unable to make the changes to the user-id/user due to some policy restrictions, but I did find a way to make it work.

Changing the user on “docker-compose up” is not possible (it is possible for “docker-compose run”).
That breadcrumb leads to the version 3.3 spec (https://docs.docker.com/compose/compose-file/), which now allows you to specify a user in the yaml file.

Here are the changes I made to get it to work:

At the top of the YAML file:

version: "3.3"

and then:

  graylog:
    user: $USER

We have a pretty vanilla setup, with the files being externalized, but it is all running on a single server.
It may be naive, but the question I have is, wouldn’t the user/userid permissions problem that I ran into affect everyone trying to use the full docker yaml?

Thanks in advance.

wouldn’t the user/userid permissions problem that I ran into affect everyone trying to use the full docker yaml?

only if the person is not able to give the UID access to the mounted directories.

Changing the user on “docker-compose up” is not possible (it is possible for “docker-compose run”).
That breadcrumb leads to the version 3.3 spec (Overview | Docker Docs), which now allows you to specify a user in the yaml file.

if you like, contribute to the documentatiotn. using 3.3 specs and add your findings.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.