Always specify config file in command and always run as gemstash user.#7
Always specify config file in command and always run as gemstash user.#7hadrianvalentine merged 12 commits intomasterfrom
Conversation
|
Really good job on finding this. 🎉 I'd change the approach you've taken in fixing it though. I'm thinking we should probably drop the Thoughts? |
I agree that we might as well clean it up. Using entry points was pre-securitycontext where it was a hacky way to force the app running as a certain user. Better to keep the image generic and tweak runtime configuration outside the docker image. |
|
SGTM 👌 |
Also, updated the description with a screen shot of the process from local testing. |
Co-authored-by: King'ori Maina <j@kingori.co>
|
In 5912c04 you removed
In #7 (comment) I made the argument that the I'm leaning on no.2 as most of what the docker-compose files demonstrate would be in the Gemstash docs. But keen on Zac's comments. Either way, I don't think this should be a blocker as it seems to me this is turning into a bit of a 🐰 🕳️ for you. We can merge this for the sake of progress and address it later. |
I have a bit of a different opinion on the generic-ness idea, but I think I have good a reason for that. This is a public repository and I'd say the idea would be that anyone else could easily get Gemstash up and running on whatever container runtime or orchestration tooling they're using. To support this notion, you need to be able to spin up the container with as little configuration as possible for the general use-case. That said I think there are two options which sort of align with your first point. Non-generic
Generic
As I mentioned I'm in favour of the non-generic approach. Both will be easy to get started from a That said, I echo your notion that this should not block @hadrianvalentine too much. I'm okay with whatever we do but just dropping my opinion! |
|
I should've explained where I think this should go in light of King's initial suggestion of being more generic. I don't think there's any reason we should be explicitly specifying the config location when Gemstash already has a sensible default. I was planning on mounting the config file to the appropriate default locations from a configmap. In the config map we would specify |
Ah, yes. That location is the default so it should Just Work™! 🤦🏽♂️ Then I think we're good to go!! 💪🏽 |
| @@ -1,33 +0,0 @@ | |||
| :base_path: <%= "#{ENV['GEMSTASH_HOME']}/data" %> | |||
There was a problem hiding this comment.
#7 (comment)
☝️ As suggested above, I was going to put it in the config map.
There was a problem hiding this comment.
Oops, I'm referring to the file itself.
There was a problem hiding this comment.
I blame the pain meds! 😅 Lemme take a step back.
I take this back. I think the config file shouldn't have been deleted. We read envs through it. |
|
Sorry @hadrianvalentine I feel like I've misled you a bit. 🙈 🙉 🙊 |
I don't think so. Unless I'm missing something, we should be able to remove config here and specify it in our manifests instead. |
Yeah. I think I'm responding too quickly without thinking everything through ... so gonna take a step back for now. 🙈 |
We can't remove it from here without breaking |
Gemstash will revert to its default config. Gemstash isn't aware of that file unless you explicitly tell it to be. I've just build and run successfully using docker compose. |
|
Perhaps we should remove |
Agreed. I don't like image that specify |
Could you post what the config looks like? I don't think it will support the environment variables we use in our compose files: |
|
These appear to be the defaults for the version we're currently using unless a config file is present: I think the only thing we'd need to change is removing the volume from the dockerfile and the docker-compose files since the user should be able to specify their own volume location via config. Thoughts? |
Yeah, so the default one won't work with our
Don't mind removing the |
|
I've been thinking about this issue. I think there are two solutions to the compose file issue (aside from just deleting them):
I think quite like the docker configs approach because it means we can keep the images clean and not bake in unnecessary config. Thoughts? |
I like the config approach too! If you're willing to give it a stab I'm ok with that. |
|
Reverted changes to remove config from images as discussed in standup. |
|
Update the changelog c2df0e9. |
3 participants
Problem
Currently a bug exists where we only specify the gemstash config when the root user is used.
See output from top below:
v1 Gemstash
v2 Gemstash
As you can see, when we run gemstash v2, which uses rootless containers in, we do not specify a config file. The result of this is that gemstash writes and reads data to and from
/home/gemstash/.gemstashinstead of/home/gemstash/datawhere we mount our data volume. As a result we're not able to query gem versions from our restored database.Solution
Remove the
entrypoint.shfile and specify a simpler entrypoint in theDockerfile.Results from local build