Configuration from docker config or secret? #73
Comments
endyjasmi
changed the title
|
Docker config and secret by default seems to be read only system system. By chaging ownership and permission at the following couchdb-docker/2.1.1/docker-entrypoint.sh Lines 29 to 35 in 1f85f08 Maybe we can change it to the following command where the script will ignore the error? chown -R couchdb:couchdb /opt/couchdb
chmod -R 0770 /opt/couchdb/data
chmod 664 /opt/couchdb/etc/*.ini || true
chmod 664 /opt/couchdb/etc/default.d/*.ini
chmod 775 /opt/couchdb/etc/*.dIt seems that couchdb will overwrite |
|
CouchDB has to be able to write to its ini files. If your setup doesn't allow this then it will fail any Is there no way to allow docker swarm to mount configuration files in a writeable form? |
|
@wohali Thanks for the reply. Based on https://docs.docker.com/compose/compose-file/#long-syntax and https://docs.docker.com/compose/compose-file/#long-syntax-2 . It seems to me that both config and secret is mounted at read only filesystem. My current workaround is based on https://github.com/apache/couchdb-docker#build-your-own where I build my own image for persistent. The only caveat I encounter is whenever I update and re- |
|
If you are preserving your For your other problem as reported in this ticket, please open a ticket against CouchDB itself. I'm not going to change the Dockerfile until CouchDB has a way to separate read-only and read-write configuration files. |
|
@endyjasmi One option is that, instead of mounting the entire Remember that CouchDB will always write to the very last file in your config file chain, which is often the alphabetically-sorted last So, you can mount your shared secret files ahead of these, read only, then mount something like |
|
@wohali After I On the config and secret side of thing, I am currently mounting the As for mounting the shared config as read only then mount a couchdb-docker/2.1.1/docker-entrypoint.sh Line 33 in 1f85f08 Personally though, I thought we can maybe fix |
|
What I'm going to do is just have the chmod/chown script do a -f, which means if it fails it won't complain and won't error out. That way we both get what we want. |
|
Closed with 45b9dd1 in |
|
Not sure if things have changed since the last post, but I could not get it to work when mounting a Docker Swarm config to This workaround resolved it for me: command: '/bin/bash -c "cp -f /couch-v1 /opt/couchdb/etc/local.d/couch.ini && /opt/couchdb/bin/couchdb"'
configs:
- couch-v1 |
This workaround will not set variables properly, i.e. couchdb-docker/3.1.1/docker-entrypoint.sh Line 27 in 03af73d Instead of overriding services:
couchdb:
# ...skip
entrypoint: /bin/bash -c "cp -f /couchdb_conf /opt/couchdb/etc/local.d/couch.ini && tini -- /docker-entrypoint.sh /opt/couchdb/bin/couchdb"
configs:
- couchdb_conf
configs:
couchdb_conf:
file: ./config.ini |
I am trying to run CouchDB cluster with this image in production and everything works fine. My question is, is there anyway for us to mount config file from docker swarm config or secret. Currently doing so will cause the image to complain about chmod againts read only file system.
Expected Behavior
CouchDB should be able to read the docker swarm secret mounted at
/opt/couchdb/etc/local.d/config.ini.Current Behavior
Complain about changing permission for read only file system on boot.
Possible Solution
Maybe remove the chmod command at
docker-entrypoint.sh?Steps to Reproduce (for bugs)
config.inidocker-compose.ymlfile with the following content;docker stack deploy --compose-file docker-compose.yml couchdbagaints a docker swarm.docker service logs -f couchdb_server-0Context
Basically I am trying to deploy CouchDB cluster to the production using docker swarm.
The text was updated successfully, but these errors were encountered: