Error launching docker container for 10.4 enterprise

I’m trying to test the upgrade of our 9.9.4 docker installation of sonarqube enterprise to version 10.4.

Following the upgrade guidelines, i’m trying direct upgrade from 9.9.4 to 10.4. So I updated the image in our docker compose file and launched docker compose up.

And i got the following error message in the docker compose logs :

sonar10-sonarqube-1 | /bin/bash: /opt/sonarqube/docker/entrypoint.sh: Permission denied

Has someone successfully used this image ?

My docker compose :

version: "3"

services:
  sonarqube:
    image: ${SONAR_IMAGE}
    user: ${SONAR_USERID}:${SONAR_GROUPID}
    env_file:
      - sonard.env
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - ${SONAR_HOME}/conf:/opt/sonarqube/conf
      - ${SONAR_HOME}/logs:/opt/sonarqube/logs
      - ${SONAR_HOME}/extensions:/opt/sonarqube/extensions
    ports:
      - "${SONAR_PORT}:9000"
    ulimits:
      nofile:
        soft: 262144
        hard: 262144
      memlock:
        soft: -1
        hard: -1
    
  db:
    image: postgres:14
    environment:
      POSTGRES_USER: sonard
      POSTGRES_PASSWORD: sonard
    volumes:
      - pg_data:/var/lib/postgresql/data

volumes:
  sonarqube_data:
  pg_data:

Ok, I nailed the cause. It comes from my setting a userid/groupid in the docker compose file :

 SONAR_USERID=8520
 SONAR_GROUPID=8036

in the container though, the /opt/sonarqube/docker/entrypoint.sh script does this :

DEFAULT_CMD=('/opt/java/openjdk/bin/java' '-jar' 'lib/sonarqube.jar' '-Dsonar.log.console=true')

and the sonar-application-10.4.0.87286.jar is not world readable.

sonarqube@a4048930c8ad:/opt/sonarqube$ ls -l lib/sonarqube.jar
lrwxrwxrwx 1 root root 53 Feb  6 01:50 lib/sonarqube.jar -> /opt/sonarqube/lib/sonar-application-10.4.0.87286.jar
sonarqube@a4048930c8ad:/opt/sonarqube$ ls -l /opt/sonarqube/lib/sonar-application-10.4.0.87286.jar
-r-xr-x--- 1 root root 128202017 Feb  5 09:32 /opt/sonarqube/lib/sonar-application-10.4.0.87286.jar

Is there a reason to this change ?

1 Like

Hello @FredericS, thanks a lot for taking the time to participate in the community.

In order to harder our images and follow best practices, we re now restricting permissions and following a model that is well described in this openshift document (please take a look at support arbitrary UserIds)

You can then use any UID and make sure GroupId is assigned to root.

Please let us know if you need more detail.

Cheers,
Jeremy.

2 Likes