Hello,
Today I submitted a classic confinement request for my app. When running in classic confinement, the application works normally and is able to write data to SNAP_USER_COMMON
as expected.
In an attempt to use the home interface instead, I’m trying to run it in strict mode. Yet when I start the app, it throws errors, related to ElasticSearch not being able to write in SNAP_USER_COMMON
:
java.lang.IllegalStateException: failed to obtain node locks, tried [[/home/pirhoo/snap/datashare/common/index]] with lock id [0]; maybe these locations are not writable or multiple nodes were started witho
ut increasing [node.max_local_storage_nodes] (was [1])?
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:302)
at org.elasticsearch.node.Node.<init>(Node.java:362)
at org.icij.datashare.text.indexing.elasticsearch.EsEmbeddedServer$PluginConfigurableNode.<init>(EsEmbeddedServer.java:72)
at org.icij.datashare.text.indexing.elasticsearch.EsEmbeddedServer.createNode(EsEmbeddedServer.java:61)
at org.icij.datashare.text.indexing.elasticsearch.EsEmbeddedServer.<init>(EsEmbeddedServer.java:37)
at org.icij.datashare.mode.EmbeddedMode.configure(EmbeddedMode.java:16)
at com.google.inject.AbstractModule.configure(AbstractModule.java:62)
at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340)
at com.google.inject.spi.Elements.getElements(Elements.java:110)
at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138)
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104)
at com.google.inject.Guice.createInjector(Guice.java:99)
at com.google.inject.Guice.createInjector(Guice.java:73)
at com.google.inject.Guice.createInjector(Guice.java:62)
at net.codestory.http.injection.GuiceAdapter.<init>(GuiceAdapter.java:28)
at org.icij.datashare.mode.CommonMode.defaultRoutes(CommonMode.java:161)
at org.icij.datashare.mode.CommonMode.lambda$createWebConfiguration$c4402707$1(CommonMode.java:147)
at net.codestory.http.routes.RouteCollection.configure(RouteCollection.java:88)
at net.codestory.http.reload.FixedRoutesProvider.<init>(FixedRoutesProvider.java:27)
at net.codestory.http.reload.RoutesProvider.fixed(RoutesProvider.java:29)
at net.codestory.http.AbstractWebServer.configure(AbstractWebServer.java:62)
at org.icij.datashare.WebApp.lambda$start$0(WebApp.java:31)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.io.IOException: failed to obtain lock on /home/promera/snap/datashare/common/tmp/index/nodes/0
at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:224)
at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:272)
... 22 more
Caused by: java.io.IOException: Mount point not found
at java.base/sun.nio.fs.LinuxFileStore.findMountEntry(LinuxFileStore.java:105)
at java.base/sun.nio.fs.UnixFileStore.<init>(UnixFileStore.java:69)
at java.base/sun.nio.fs.LinuxFileStore.<init>(LinuxFileStore.java:49)
at java.base/sun.nio.fs.LinuxFileSystemProvider.getFileStore(LinuxFileSystemProvider.java:51)
at java.base/sun.nio.fs.LinuxFileSystemProvider.getFileStore(LinuxFileSystemProvider.java:39)
at java.base/sun.nio.fs.UnixFileSystemProvider.getFileStore(UnixFileSystemProvider.java:373)
at java.base/java.nio.file.Files.getFileStore(Files.java:1488)
at org.elasticsearch.env.Environment.getFileStore(Environment.java:328)
at org.elasticsearch.env.NodeEnvironment$NodePath.<init>(NodeEnvironment.java:113)
at org.elasticsearch.env.NodeEnvironment$NodeLock.<init>(NodeEnvironment.java:218)
... 23 more
Any limitation in strict mode that might prevent ElasticSearch from writing to SNAP_USER_COMMON
? Or maybe there are additional interfaces that I should use?
For reference, here is my snapcraft.yml:
name: datashare
base: core20
version: '10.15.3-beta0'
summary: Datashare is a self-hosted search engine for documents.
website: https://datashare.icij.org
description: |
Datashare is a self-hosted search engine for documents,
using Apache Tika and Apache Tesseract to read hundreds
of file formats. Datashare is developed by the
International Consortium of Investigative Journalists (ICIJ),
famously known for its groundbreaking investigations
into the offshore world (Pandora Papers, Panama Papers, etc).
grade: stable
confinement: strict
parts:
datashare:
plugin: dump
source: https://github.com/ICIJ/datashare-installer/releases/download/$SNAPCRAFT_PROJECT_VERSION/datashare-$SNAPCRAFT_PROJECT_VERSION.tgz
stage-packages:
- openjdk-11-jre
- tesseract-ocr
build-packages:
- ca-certificates
- ca-certificates-java
override-prime: |
snapcraftctl prime
chmod +x datashare
apps:
datashare:
command: datashare
plugs:
- home
- x11
environment:
DATASHARE_HOME: $SNAP_USER_COMMON
DATASHARE_JAR: $SNAP/datashare-dist-$SNAPCRAFT_PROJECT_VERSION-all.jar
JAVA_HOME: "$SNAP/usr/lib/jvm/java-11-openjdk-amd64"
JAVA_BIN: "$JAVA_HOME/bin/java"
PATH: "$SNAP/bin:$JAVA_HOME/bin:$PATH"
Thanks!