cp '/opt/bitnami/matomo/config/config.ini.php': Read-only file system

[RaimundasR]

Name and Version

bitnami/matomo:7.3.5

What architecture are you using?

amd64

What steps will reproduce the bug?

I am encountering an issue while attempting to mount a customized config.ini.php file into a Matomo container within a pod. Initially, the file inside the container is replaced with my configuration values. However, upon Matomo pod connection to the MariaDB pod, an issue arises where it appears something is attempting to overwrite the config.ini.php file mounted via ConfigMap. This results in a permission-related error due to the file being mounted with root:1001.

matomo 16:02:34.32 INFO  ==> An already initialized Matomo database was provided, configuration will be skipped                                                     
cp: cannot create regular file '/opt/bitnami/matomo/config/config.ini.php': Read-only file system

my configmap from the matomo helm charts values:

  extraVolumeMounts:
      - name: matomo-config
        mountPath: /opt/bitnami/matomo/config/config.ini.php
        subPath: config.ini.php
        readOnly: false  
    extraVolumes:
      - name: matomo-config
        configMap:
          name: matomo-config

ContainerSec....context:

    containerSecurityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      enabled: true
      privileged: false
      readOnlyRootFilesystem: false
      runAsGroup: 0
      runAsNonRoot: true
      runAsUser: 1001

My cluster allows everything only as non root user and also privileged = false

I need my own config.ini.php because matomo doesn't have another way to automate SSO setup and enable plugins, this is why I also use my custom Dockerfile for matomo to download plugins into an image and to be ready to enable those config.ini.php file....

Anybody can help me, with how I can resolve this issue, and why it tried to copy the file on my config file mounted over configmap one more time?

Thank you.

What is the expected behavior?

I need to enable plugins automatically over deployment with helm charts.

What do you see instead?

I can't stop/force do not cp config.ini.php into directory '/opt/bitnami/matomo/config/ as my file already exists from configmap

so I see this 👇

matomo 16:02:34.31 INFO  ==> Ensuring Matomo directories exist                                                                                                      
matomo 16:02:34.31 INFO  ==> Trying to connect to the database server                                                                                               
matomo 16:02:34.32 INFO  ==> An already initialized Matomo database was provided, configuration will be skipped                                                     
cp: cannot create regular file '/opt/bitnami/matomo/config/config.ini.php': Read-only file system

[RaimundasR]

I even tried change owner ship over initContainer for this directory /opt/bitnami/matomo/config/ but also doesn't allow cause of permissions

   initContainers: 
      - name: volume-permissions
        image: registry-emea.app.corpintra.net/dottools/busybox:latest
        command: ["sh", "-c", "chmod 664 /opt/bitnami/matomo/config/config.ini.php"]
        volumeMounts:
          - name: matomo-config
            mountPath: /opt/bitnami/matomo/config
        securityContext:
          runAsNonRoot: true
          runAsUser: 0 # also tried with 1001

My Dockerfile is very simple

# Base image from Bitnami Matomo
FROM docker.io/bitnami/matomo:5.0.3-debian-12-r10

USER root

# Update and install necessary packages
RUN apt-get update \
   && apt-get upgrade -y \
   && apt-get install -y unzip

USER 1001

# Download, unzip, and install the EnvironmentVariables plugin
RUN curl -o /opt/bitnami/matomo/plugins/EnvironmentVariables.zip \
     https://plugins.matomo.org/api/2.0/plugins/EnvironmentVariables/download/latest \
     && unzip -o /opt/bitnami/matomo/plugins/EnvironmentVariables.zip -d /opt/bitnami/matomo/plugins \
     && rm /opt/bitnami/matomo/plugins/EnvironmentVariables.zip

# Download, unzip, and install the LoginOIDC plugin
RUN curl -o /opt/bitnami/matomo/plugins/LoginOIDC.zip \
     https://plugins.matomo.org/api/2.0/plugins/LoginOIDC/download/5.0.0 \
     && unzip -o /opt/bitnami/matomo/plugins/LoginOIDC.zip -d /opt/bitnami/matomo/plugins \
     && rm /opt/bitnami/matomo/plugins/LoginOIDC.zip

# Download the DB-IP city lite database
RUN curl -o /opt/bitnami/matomo/misc/dbip-city-lite-2024-05.mmdb.gz \
     https://download.db-ip.com/free/dbip-city-lite-2024-05.mmdb.gz \
     && gunzip /opt/bitnami/matomo/misc/dbip-city-lite-2024-05.mmdb.gz

[RaimundasR]

let me know if u'll need any info...

Thank you for the help!!!
I appreciate it very much!!!

[im-jinxinwang]

@RaimundasR You can try to mount it in this /opt/bitnami/php/etc.default directory

[RaimundasR]

@RaimundasR You can try to mount it in this /opt/bitnami/php/etc.default directory

Thanks for suggestion @im-jinxinwang, but then I need move config.ini.php anyway to /opt/bitnami/matomo/config , seems doesn't matter that I'm using matomoSkipInstall: true, during pod init it creates default config.ini.php based on environement variables.. How I can skip it, I mean create this config.ini.php in the /opt/bitnami/matomo/config

One more thing, I can't see in the pod logs, when and what copies this file config.ini.php to /opt/bitnami/matomo/config ?

[im-jinxinwang]

@RaimundasR That might not work well with bitnami's image. You need to customize the startup script yourself

[RaimundasR]

@RaimundasR That might not work well with bitnami's image. You need to customize the startup script yourself

Ok, I finally managed it. Actually, it’s very easy. You just need to mount your custom config.ini.php to any directory in the pod container. I did it in /tmp. Then, after the pod connects to the database, you can simply cp the config.ini.php using customPostInitScripts from /tmp to /opt/bitnami/matomo/config. That’s it.

So, the solution was:

  extraVolumeMounts:
      - name: matomo-config
        mountPath: /tmp/config.ini.php
        subPath: config.ini.php
        readOnly: false  
    extraVolumes:
      - name: matomo-config
        configMap:
          name: matomo-config

And then:

    customPostInitScripts: 
      custom-post-init.sh: |
        #!/bin/bash
        cp /tmp/config.ini.php /opt/bitnami/matomo/config

In this way, you can copy any file you need using ConfigMap and a bash script after the pod connects to the database.

But thanks for the @im-jinxinwang ;)

[RaimundasR]

issue can be closed ;) 🍄 🤖 🥳