Docker upgrade from 9.8 to 9.9 fails with es.log Permission Denied

Going from 9.8 to 9.9, running on Amazon ECS the only difference in the task definition is the image URI

oldURI: sonarqube:9.8-community
newURI: sonarqube:9.9-community

everything is fine up to
2023.07.04 07:41:34 INFO app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
then
2023-07-04 07:41:44,072 main ERROR Unable to create file /opt/sonarqube/logs/es.log java.io.IOException: Permission denied
starts throwing exceptions
2023-07-04 07:41:44,172 main ERROR Unable to locate appender "file_es" for logger config "root"

these docker mounts and volumes work fine with 9.8:
"mountPoints": [ { "sourceVolume": "sonarqube_data", "containerPath": "/opt/sonarqube/data", "readOnly": false }, { "sourceVolume": "sonarqube_logs", "containerPath": "/opt/sonarqube/logs", "readOnly": false }, { "sourceVolume": "sonarqube_extensions", "containerPath": "/opt/sonarqube/extensions", "readOnly": false } ],

workaround for file permission is [ECS] [Fargate Task Storage]: Allow permission configuration of Fargate bind mounts · Issue #938 · aws/containers-roadmap · GitHub is a temporary container to change filesystem permissions

"command": [
                "/bin/chmod 777 /opt/sonarqube/logs && /bin/chmod 777 /opt/sonarqube/data && /bin/chmod 777 /opt/sonarqube/extensions"
            ],

and note sonar.search.javaadditionalopts has been renamed SONAR_SEARCH_JAVAOPTS

1 Like

Hello @ganncamp, thanks a lot for the ping. The setup from the user is quite specific and not really supported, that was caused because of the changes we did in Docker 9.9

Dont think it add value to change the doc so far.