Location of openmrs.log

Reference Application 2.11 Linux

Now that I’ve got OpenMRS running more secure with SSL, I’m trying to enhance security by running it as a user (tomcat) rather than root. Along with a few other issues, the main one I have just now is the following error:

localhost-startStop-1 ERROR RollingFileManager (openmrs.log) java.io.FileNotFoundException: openmrs.log (Permission denied)

The problem is that there’s no indication of where it is trying to locate this file. Any clues, as I’ve tried various locations and setting environment variables?

@alwaysskint Congratulations for the milestone! kindly have you shared the entire error logs?

1 Like

Hi,

No, because most of the 5MB catalina.out log is irrelevant, as it begins from three days ago. :wink: As for /opt/tomcat7/logs/catalina.2021-09-02.log , that is a little bit better and in fact, you’ve prompted me to have a look at it. Thanks.

(I thought that I’d asked a very simple question. :sweat_smile: )

I’ve truncated the logs (and touched catalina.out, so that it repopulates):

Brand new installation and this is still a problem. Debian 9, mySQL 5.6, Java 1.8, /opt/tomcat7

2021-09-03 01:07:54,862 localhost-startStop-1 ERROR Unable to create file openmrs.log java.io.IOException: Permission denied

Currently, I have manually created a /var/lib/OpenMRS and deployed Platform 2.11 - runtime.properties and relevant files have been written to /var/lib/OpenMRS

I have also tried creating /opt/tomcat7/.OpenMRS, /home/username/.OpenMRS and /root/.OpenMRS; none of these help the situation. I removed them again, so at least now the code uses the fallback position of /var/lib

An openmrs.log file is created in /var/lib/OpenMRS

There also appears to be a missing environment variable somewhere, as I’ve seen the following frequently:

OpenmrsUtil.getRuntimePropertiesFilePathName(2138) |2021-09-03T01:08:59,686| Unable to find a runtime properties file at /openmrs-runtime.properties

There’s no way that it should be looking in the / directory.

Surely someone has come across this before?

could you try with tomcat 8 for this combination!!

Unfortunately, that doesn’t answer the query.

I don’t have the luxury of time/energy to try every conceivable combination and just want to get a workable solution.

The chosen software combination is purely derived from the information scattered around OpenMRS. Otherwise, I’d have stuck with the sensible thing and used the latest stable versions of all the required software.

Just ignore this one. It is just a log for the first attempts to look for the runtime properties file.

Hopefully that slack/poor bit of coding is addressed in later releases. :wink: I shall re-iterate: There’s no way that it should be looking in the / directory under any circumstances. Is this added to the other classic error to ignore?

ERROR - BrokerService.checkSystemUsageLimits(1925) |2021-09-03T12:57:31,737| Temporary Store limit is 51200 mb, whilst the temporary data directory: /var/lib/OpenMRS/activemq-data/localhost/tmp_storage only has 1775 mb of usable space

Still no-one seems able/wanting to reply to my original simple question. I daren’t imagine what kind of systems that others have OpenMRS running in. :expressionless: Do people just ignore warnings/errors until something nasty rears its’ head?

To those already responding, thanks for the effort though I need an answer to a specific question in this thread. I have another thread about the general implementation issues.

I’ve managed to debug the problem…

/opt/tomcat7/webapps/openmrs/WEB-INF/classes/log4j2.xml The undeclared path in the following line is the root cause. I don’t know the syntax for the xml, but it should be prefixed by, for examples the webapp (openmrs) or CATALINA_TMPDIR variable. For debugging purposes, I hard-coded a path; this is not a solution.

<RollingFile name="DEBUGGING_FILE_APPENDER" fileName="/var/lib/OpenMRS/openmrs.log" filePattern="openmrs.%i.log.gz" append="false">

@alwaysskint Yes, you’re right. You’re in no way expected to touch that file since the default should be to put the relative to the OpenMRS Application Directory (the logic is here).

We determine the OpenMRS Application Directory in several different ways. By default it’s in ~/.OpenMRS for whatever the user running OpenMRS. If that directory isn’t writable, it tries to fall-back to /var/lib/OpenMRS/. However, as documented here there are a few ways that you can control which directory is regarded as the OpenMRS Application Directory.

If you setup the environment variable CATALINA_OPTS for the user your Tomcat install runs under to "-DOPENMRS_APPLICATION_DATA_DIRECTORY=/var/lib/OpenMRS" (and assuming this directory is writable by the user your Tomcat install runs under, the log file should be in the same place.

The way that that code would end up looking for /openmrs-runtime.properties is if Tomcat is running with the current working directory of /, which is even more worrying as it implies that your CATALINA_HOME is set to /. You probably should verify that /opt/tomcat7/bin/setenv.sh (if any) is set sanely.

1 Like

Now you’re talking my language. :slight_smile:

Thanks!

"-DOPENMRS_APPLICATION_DATA_DIRECTORY=/var/lib/OpenMRS" is the key and I’ll add to the systemd startup.

See snippets below…

..
[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
Environment=CATALINA_PID=/opt/tomcat7/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat7
Environment=CATALINA_BASE=/opt/tomcat7
Environment='CATALINA_OPTS=-Xmx1536M -Xms512M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat7/bin/startup.sh
ExecStop=/opt/tomcat7/bin/shutdown.sh

User=tomcat
Group=tomcat
..
/opt/tomcat7/bin/setenv.sh
export CATALINA_PID="/opt/tomcat7/work/tomcat.pid"
export CATALINA_TMPDIR="/opt/tomcat7/temp"

I see a difference in TMP definition, I’ll make them the same, though one will take precedence.

The wiki wasn’t loading…

I captured the environment in catalina.sh which gives the following:

LANGUAGE=en_GB:en
USER=tomcat
HOME=/opt/tomcat7
CATALINA_HOME=/opt/tomcat7
CATALINA_PID=/opt/tomcat7/temp/tomcat.pid
LOGNAME=tomcat
JOURNAL_STREAM=8:218431
JDK_JAVA_OPTIONS= --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
CATALINA_TMPDIR=/opt/tomcat7/temp
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
INVOCATION_ID=xxxxxxxxxxxxxxxxxxxxxx
JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Djdk.tls.ephemeralDHKeySize=2048 -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
LANG=en_GB.UTF-8
SHELL=/bin/false
JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
PWD=/
CATALINA_BASE=/opt/tomcat7
CATALINA_OPTS=-Xmx1536M -Xms512M -server -XX:+UseParallelGC -DOPENMRS_APPLICATION_DATA_DIRECTORY=/var/lib/OpenMRS

I notice that the working directory isn’t set to the expected CATALINA_BASE nor HOME. Interesting.

If I explicitly set the working directory in /opt/tomcat7/bin/setenv.sh , then there’s a much cleaner startup. I’m sure that there’s a better way. :confused:

export CATALINA_PID="/opt/tomcat7/temp/tomcat.pid"
export CATALINA_TMPDIR="/opt/tomcat7/temp"
export CATALINA_HOME="/opt/tomcat7"
cd /var/lib/OpenMRS