-
Notifications
You must be signed in to change notification settings - Fork 24
Warning on mongo instance startup #9
Comments
These warning have been removed with PR #81 - that enforce authentication |
The current log a year later of the issue opening date is :
There are two warning :
Running service as a root user is a common wide problem for EdgeX. It was pointed pointed out by the Security WG. It needs to be solved elsewhere. Edgex-Mongo as all other services need to be run by user different than root. This user should be granted with permissions to be able to read the secrets inside Vault. I suggest this problem to be addressed in a separate issue. About the FileSystem warning message.
On my setup I use ext4 filesystem:
As I understand It depends what will be the users filesystem. I guess we need to add note about that in the documentation. It looks that additional database improvements could be achieved if recommended configuration is followed in production |
The issue for running containers as non-root users is https://github.com/edgexfoundry/edgex-go/issues/1955. Also, security-secretstore-setup now supports the |
O, let me check what have been done with the other services |
Most of the other services run as root as well. Vault starts as root and then deprivileges itself (same strategy could be used here as well.) |
On the note on XFS, I noticed the following on the RedHat site. "Another way to characterize this is that the Ext4 file system variants tend to perform better on systems that have limited I/O capability. Ext3 and Ext4 perform better on limited bandwidth (< 200MB/s) and up to ~1,000 IOPS capability. For anything with higher capability, XFS tends to be faster." https://access.redhat.com/articles/3129891 I have also read that Fedora desktop defaults to extX, and defaults to XFS for server. It appears that file system choice may be workload-dependent, and that a switch to XFS may not be appropriate for a resource-constrained device. In any case, Docker configuration cannot change the file system type of a volume. |
Closing the issue because part of the warning messages are already addressed:
The above warning messages have been removed with PR #81 - that enforce authentication Two warning messages that are still present :
Running the service as none-root user will be implemented as follow-up issue on edgexfoundry/edgex-go#1955. |
While starting the mongo instance from inside my edgexfoundry-core snap on an Ubuntu 16.04 desktop system, I see the following warnings output in syslog:
Jan 27 10:38:49 tex1 edgexfoundry-core.mongod[19510]: 2018-01-27T10:38:49.832-0500 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
Jan 27 10:38:49 tex1 edgexfoundry-core.mongod[19510]: 2018-01-27T10:38:49.832-0500 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
Jan 27 10:38:49 tex1 edgexfoundry-core.mongod[19510]: 2018-01-27T10:38:49.976-0500 W STORAGE [initandlisten] Detected configuration for non-active storage engine mmapv1 when current storage engine is wiredTiger
[initandlisten] ** WARNING: Access control is not enabled for the database.
Jan 27 10:38:49 tex1 edgexfoundry-core.mongod[19510]: 2018-01-27T10:38:49.976-0500 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
I haven't yet verified that the same warnings are produced when running mongo inside a docker container on the same OS, but would be surprised if the same warnings weren't seen there as well.
Note, my core snap is currently building all of the services using the Barcelona release, and I'm using my own version of the launch-mongo script:
https://github.com/tonyespy/edgex-core-snap/blob/service-ordering-test/bin/start-mongo.sh
The text was updated successfully, but these errors were encountered: