Layer7 API Management

 View Only

Portal 4.5 - dispatcher container has file permission error logs

  • 1.  Portal 4.5 - dispatcher container has file permission error logs

    Posted Oct 29, 2020 08:53 AM
    Hello expert,

    Producet : Portal 4.5

    I've assgined custom pages  but it's not worked. But the other basic function is working good.
    I've found some error logs and root permission directories.
    I could not find any reason why dispatcher container has root permission.
    I've restarted the portal serveral times but still same error.


    The dispatcher container starting error log.

    sed: can't create temp file '/www/data/dev/index.htmlXXXXXX': Permission denied

    portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | MAC verified OK portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | MAC verified OK portal_dispatcher.0.dwbktx8ves0h@dapipt02 | MAC verified OK portal_dispatcher.0.dwbktx8ves0h@dapipt02 | MAC verified OK portal_dispatcher.0.dwbktx8ves0h@dapipt02 | MAC verified OK portal_dispatcher.0.dwbktx8ves0h@dapipt02 | sed: can't create temp file '/www/data/dev/index.htmlXXXXXX': Permission denied portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | MAC verified OK portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | sed: can't create temp file '/www/data/dev/index.htmlXXXXXX': Permission denied portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | INFO: Skipping custom URL configuration. Set CUSTOM_URLS_ENABLED variable to true to enable. portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | echo '##############################************************************################################' echo '##############################*********FCGIWRAP SCRIPT************################################' echo '##############################************************************################################' 127.0.0.1 - - [29/Oct/2020:08:26:36 +0000] "GET /nginx_status HTTP/1.1" 200 97 "-" "curl/7.61.1" portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | 2020/10/29 08:26:36 [info] 36#36: *3 client 127.0.0.1 closed keepalive connection portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | 127.0.0.1 - - [29/Oct/2020:08:27:06 +0000] "GET /nginx_status HTTP/1.1" 200 97 "-" "curl/7.61.1" portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | 2020/10/29 08:27:06 [info] 36#36: *14 client 127.0.0.1 closed keepalive connection portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | 127.0.0.1 - - [29/Oct/2020:08:27:36 +0000] "GET /nginx_status HTTP/1.1" 200 99 "-" "curl/7.61.1" portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | 2020/10/29 08:27:36 [info] 36#36: *17 client 127.0.0.1 closed keepalive connection portal_dispatcher.0.z4syf6c2hmlh@dapipt02 | 127.0.0.1 - - [29/Oct/2020:08:28:06 +0000] "GET /nginx_status HTTP/1.1" 200 99 "-" "curl/7.61.1" portal_dispatcher.0.dwbktx8ves0h@dapipt02 | INFO: Skipping custom URL configuration. Set CUSTOM_URLS_ENABLED variable to true to enable. portal_dispatcher.0.dwbktx8ves0h@dapipt02 | 2020/10/29 08:24:42 [emerg] 1#1: host not found in upstream "apim" in /etc/nginx/server_base.conf:72​ ​


    I could not access the custom page after I assigned a custom page.
    Some directories used by custom pages are also root permission, and I've got below errors. 

    /var/tmp/content-cache/21ae4a895f1ce47cba7abdb688a1ed6b.0000000050" failed (13: Permission denied) while reading upstream,

    [root@dapipt02 ~]# journalctl -fu docker | grep resetPassword.html docker.1ed0d5ee7608[28584]: [system-portal.log] [2020-10-29 04:13:48,942] [INFO ] [c.l.p.t.CustomHttpServletRequestSpanExtractor] [http-nio-8080-exec-1] [|] [|||] parent span for uri /content/1.0/ui-assets/resetPassword.html : name http:/parent/content/1.0/ui-assets/resetPassword.html, trace id 2981057488988551233, span id 2687333355735272208, docker.91de01d7ad28[28584]: 2020/10/29 04:13:48 [crit] 36#36: *27912 open() "/var/tmp/content-cache/21ae4a895f1ce47cba7abdb688a1ed6b.0000000050" failed (13: Permission denied) while reading upstream, client: 103.60.122.118, server: developers.miraeassetdaewoo.com, request: "GET /pages/resetPassword.html HTTP/1.1", upstream: "http://10.0.10.19:8080/portal-data/content/1.0/ui-assets/resetPassword.html", host: "developers.miraeassetdaewoo.com:443", referrer: "https://developers.miraeassetdaewoo.com/admin/login?to-default-config=true" docker.91de01d7ad28[28584]: [91de01d7ad28,f75592934453f632295ed7fdee2e3841,f75592934453f632] 103.60.122.118 - - 29/Oct/2020:04:13:48 +0000 "GET /pages/resetPassword.html HTTP/1.1" 200 0 0.011 docker.1ed0d5ee7608[28584]: [system-portal.log] [2020-10-29 04:13:48,988] [INFO ] [c.l.p.t.CustomHttpServletRequestSpanExtractor] [http-nio-8080-exec-8] [|] [|||] parent span for uri /content/1.0/ui-assets/resetPassword.html : name http:/parent/content/1.0/ui-assets/resetPassword.html, trace id -8229986438608044327, span id -1829227189847577329, docker.91de01d7ad28[28584]: 2020/10/29 04:13:48 [crit] 36#36: *27914 open() "/var/tmp/content-cache/21ae4a895f1ce47cba7abdb688a1ed6b.0000000051" failed (13: Permission denied) while reading upstream, client: 103.60.122.118, server: developers.miraeassetdaewoo.com, request: "GET /pages/resetPassword.html HTTP/1.1", upstream: "http://10.0.10.19:8080/portal-data/content/1.0/ui-assets/resetPassword.html", host: "developers.miraeassetdaewoo.com:443", referrer: "https://developers.miraeassetdaewoo.com/admin/login?to-default-config=true" docker.91de01d7ad28[28584]: [91de01d7ad28,cc3a3fde4bcb8eca8dc936f03c7c3ed9,cc3a3fde4bcb8eca] 103.60.122.118 - - 29/Oct/2020:04:13:48 +0000 "GET /pages/resetPassword.html HTTP/1.1" 200 0 0.011​​

    I inspect the dispatcher container and compare with another working portal.
    The good working portal has 1010 owner permission, but this has root permission.

    bash-4.4$ ls -al /var/tmp total 0 drwxrwxrwt 1 root root 27 Mar 24 2020 . drwxr-xr-x 1 root root 17 Sep 11 2018 .. drwxr-xr-x 1 root root 6 Mar 24 2020 content-cache drwxr-xr-x 2 root root 6 Mar 24 2020 props bash-4.4$ bash-4.4$ ls -al /www/data/dev total 13692 drwxr-xr-x 1 root root 4096 Mar 24 2020 . drwxr-xr-x 1 root root 106 Mar 24 2020 .. drwxr-xr-x 1 root root 38 Mar 24 2020 META-INF drwxr-xr-x 1 root root 21 Mar 24 2020 WEB-INF -rwxr-xr-x 1 root root 1099 Mar 24 2020 asset-manifest.json -rwxr-xr-x 1 root root 586 Mar 24 2020 developer.html drwxr-xr-x 1 root root 38 Mar 24 2020 fonts -rwxr-xr-x 1 root root 1980 Mar 24 2020 index.html -rwxr-xr-x 1 root root 185731 Mar 24 2020 main.css -rwxr-xr-x 1 root root 29090 Mar 24 2020 main.css.gz -rwxr-xr-x 1 root root 7325080 Mar 24 2020 main_29c17c12bf9b4a4877d3.js -rwxr-xr-x 1 root root 2351329 Mar 24 2020 main_29c17c12bf9b4a4877d3.js.gz -rwxr-xr-x 1 root root 1421 Mar 24 2020 manifest_61c96d254146fb0784b9.js -rwxr-xr-x 1 root root 1425 Mar 24 2020 manifest_af63d5df9486e5f74b29.js -rwxr-xr-x 1 root root 2431 Oct 26 1985 oauth2-redirect.html -rwxr-xr-x 1 root root 657 Mar 24 2020 publisher.html drwxr-xr-x 1 root root 40 Mar 24 2020 static -rwxr-xr-x 1 root root 3168886 Mar 24 2020 vendor_48bc4f2975c68617896d.js -rwxr-xr-x 1 root root 909894 Mar 24 2020 vendor_48bc4f2975c68617896d.js.gz​ ​
    Thank you.