Getting an AccessDeniedException when trying to write to Docker Volume

denisnikolov · October 9, 2020, 6:49pm

Hi everyone,

I am pretty new to Docker and I have an issue that really puzzles me.

I am trying to run a container with persistent volume on Docker in marathon. The container persists a single .txt file in order to save its progress. When I deploy the container to test - it works just fine. The file is created if it doesn’t exist, gets read and overwritten successfully. When I deploy it to production, using the same configuration (same code, same config, same host), I get java.nio.AccessDeniedException on the first iteration - when it tries to create the file.

What I tried so far:

Run the container in privileged mode - no difference
Suspend the test application and re-deploy to production

Any help is much appreciated!

Dockerfile

WORKDIR /opt/klm
COPY target/auditlog.v1.batch.jar ./

RUN chown -R klm:klm /opt/klm

USER klm

CMD java -jar auditlog.v1.batch.jar

marathon.json

{
  "id": "${ID}",
  "cpus": 0.01,
  "mem": 512,
  "disk": 0,
  "instances": 1,
  "constraints": [
    [
      "hostname",
      "UNIQUE"
    ],
  ],
  "container": {
    "type": "DOCKER",
    "volumes": [
      {
        "containerPath": "/srv/data",
        "hostPath": "/srv/data/service-auditbatch-${ENV}/srv/data",
        "mode": "RW"
      }
    ],
    "docker": {
      "image": "${IMAGE}",
      "network": "BRIDGE",
      "portMappings": [
        {
          "containerPort": 8080,
          "servicePort": 0
        }
      ]
    }
  },
  "env": {
    "SPRING_PROFILES_ACTIVE": "${ENV}"
  },
  "healthChecks": [
    {
      "gracePeriodSeconds": 30,
      "intervalSeconds": 30,
      "timeoutSeconds": 20,
      "maxConsecutiveFailures": 3,
      "portIndex": 0,
      "path": "/actuator/health",
      "protocol": "HTTP",
      "ignoreHttp1xx": false
    }
  ],
  "labels": {
    "env": "${ENV}"
  },
  "upgradeStrategy": {
    "minimumHealthCapacity": 0,
    "maximumOverCapacity": 0
  }
}