I am running the latest Graylog docker image (v 3.0.1-1)and I am encountering these warnings:
*graylog_1 | chown: changing ownership of '/usr/share/graylog/data/config/log4j2.xml': Permission denied* *graylog_1 | chown: changing ownership of '/usr/share/graylog/data/config/graylog.conf': Permission denied* *graylog_1 | chown: changing ownership of '/usr/share/graylog/data/config': Operation not permitted* *graylog_1 | Warning can not change owner to graylog:graylog*
Followed by these errors, before Graylog exits out (mongo and ES both startup successfully)
*graylog_1 | ERROR StatusLogger File not found in file system or classpath: /usr/share/graylog/data/config/log4j2.xml* *graylog_1 | ERROR StatusLogger Reconfiguration failed: No configuration found for '1b6d3586' at 'null' in 'null'* *graylog_1 | 21:11:57.563 [main] ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist!* *graylog_graylog_1 exited with code 1*
The files, graylog.conf and log4j2.xml exist in the path that it is complaining about. Just for testing, I even applied 755 permissions to the folders and files, but it makes no difference.
I am using the methods described in the manual for setting up persistent data for all modules, as well as the recommended method for mounting local configuration files.
Does anyone have any ideas as to why this might be happening?
I am wondering if there is something wrong with the graylog volume definitions, although I’m following exactly what is outlined in the documentation.
Here is the docker-compose file that I am using:
version: '2' services: mongodb: image: mongo:3 volumes: - mongo_data:/data/db elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1 volumes: - es_data:/usr/share/elasticsearch/data environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 mem_limit: 1g graylog: image: graylog/graylog:3.0 volumes: - graylog_journal:/usr/share/graylog/data/journal - ./graylog/config:/usr/share/graylog/data/config environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET=blahblah... # Password: admin - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_HTTP_EXTERNAL_URI=http://foobar.com:9000/ links: - mongodb:mongo - elasticsearch depends_on: - mongodb - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udp volumes: mongo_data: driver: local es_data: driver: local graylog_journal: driver: local