GCP Cloud run container service : [pool www] failed to write the ACL of the socket '/run/php-fpm/www.sock'

1
votes

I am running a containerized web based application on AWS ECS fargate for a few months now. But due to few issues with AWS my team planned to take it multicloud with GCP. So when deploy my container image on GCP Cloud Run it gives me this errors

ERROR: [pool www] failed to write the ACL of the socket '/run/php-fpm/www.sock': Operation not permitted (1)" 
ERROR: FPM initialization failed

Then i tried to change permission make of /run/php-fpm using

chmod 777 -R /run/php-fpm

It again shows me same error
After than i run the container locally and exec into the container to check the www.sock file, its permission was

srw-rw----+ root root www.sock

and the permission of /run/php-fpm was

drwxrwxrwx. root root php-fpm

After that i tried to change permissions with

chmod 777 -R /run/php-fpm/*

in the docker file but it gives me an error that file doesn't exists
I also tried using setfacl but when i exec into container and check it locally the permission off www.sock is not changed and give same error when deployed on cloud run
I don't want to move to azure so i need the solution for cloud run only. I am using port 80 to expose to docker file
Here is my dockerfile

FROM amazonlinux:2
# Environment variables
ENV PORT 80
# Install dependencies
RUN amazon-linux-extras install php7.2
RUN yum clean metadata && yum update -y && \
    yum install -y \
    curl \
    httpd httpd-tools\
    git \
    openssh-server \
    openssh-clients \
    php-cli php-pdo php-fpm php-json \
    php-bcmath \
    php-cli \
    php-common \
    php-dba \
    php-devel \
    php-embedded \
    php-enchant\
    php-gd\
    php-intl \
    php-lda\
    php-mbstrin\
    php-mysqlnd \
    php-odbc \
    php-pd\
    php-pear.noarch \
    php-pgsql\
    php-process \
    php-pspel \
    php-recode \
    php-snmp \
    php-soap \
    php-xml \
    php-xmlrpc \
    php-mbstring \
    unzip \
 && ln -s /usr/sbin/httpd /usr/sbin/apache2 \
 && curl -sS https://getcomposer.org/installer | php \
 && mv composer.phar /usr/local/bin/composer \
 && ln -s /usr/local/bin/composer /usr/bin/composer
COPY github_key .
COPY httpd.conf /etc/httpd/conf/httpd.conf
# Install app
RUN rm -rf /var/www/html/* && mkdir -p /var/www/html
# git clone command
#few sed commands
WORKDIR /var/www/html/
RUN composer require mpdf/mpdf && \
chmod 777 -R vendor/mpdf/mpdf/tmp
EXPOSE $PORT
ENTRYPOINT ["sh", "-c", "/usr/sbin/php-fpm && /usr/sbin/apache2 -DFOREGROUND"]
1
phpapachedockergoogle-cloud-platformgoogle-cloud-run
Check this thread for hints.Emil Gi
I have tried these techniques it still does't workUsama Shujaat
what parameters did you use with setfacl?Rafael Lemos

1 Answers

0
votes

Well after alot of searching and hit n trail i got the solution. Most of solutions online recommend set values in /etc/php-fpm.d/www.conf to

;listen.owner = nginx 
;listen.group = nginx 
listen.acl_users = apache, nginx 
listen.acl_groups = apache, nginx

But this does NOT WORK

For perfect deployment on Cloud Run we have to comment listen.acl_users and listen.acl_groups

;listen.acl_users = apache, nginx
;listen.acl_groups = apahce, nginx

For that i am using sed command in Dockerfile

RUN sed -i 's/listen.acl_users/;listen.acl_users/g' /etc/php-fpm.d/www.conf
RUN sed -i 's/listen.acl_groups/;listen.acl_groups/g' /etc/php-fpm.d/www.conf

After that my app will perfectly deployed on Cloud Run but started giving error on AWS ECS Fargate. So, i end up making 2 different Dockerfiles for each service.