fix: fixed security-bootstrapper Docker volume init semantics #4085
Conversation
|
@vli11 , please complete the PR checklist with a |
jim-wang-intel
added
tech-debt
cmd/security-bootstrapper/Dockerfile
Outdated
|
|
||
| RUN apk add --update --no-cache dumb-init su-exec | ||
|
|
||
| ENV SECURITY_INIT_DIR /edgex-init | ||
| ARG BOOTSTRAP_REDIS_DIR=${SECURITY_INIT_DIR}/bootstrap-redis | ||
| ENV SECURITY_INIT_STAGING_DIR /edgex-init-staging |
There was a problem hiding this comment.
@bnevis-i , @jim-wang-intel , Isn't this a breaking change? i.e. the ENV name change now requires end user to change the name?? Also the change to /edgex-init-staging is breaking.
End users/adopters will have existing compose files working with the previous release and should just be able to change the version of images to bump to the next release.
There was a problem hiding this comment.
good point, @lenny-intel , i guess we could still keep the original ENV SECURITY_INIT_DIR untouched. but we are adding a staging directory so that we can remove the work-around in Kubernetes' world. cc: @vli11
There was a problem hiding this comment.
Yep, that is probably the better approach, i.e. support both old and new way and then in 3.0 remove old way.
There was a problem hiding this comment.
SECURITY_INIT_DIR was only ever used locally, so I don't think it will break anything to change it. But I have other problems with the PR that I will detail. However, I think it should it should be left as it was and add the new one.
|
I have not added unit tests for this bug fix because NA; only Dockerfile, entrypoint.sh changed |
|
I have NOT opened a PR for the related docs change because it is fix for a WA |
|
@vli11 , looking for you to edit the PR description and add those comment where it says example:
|
DONE |
cmd/security-bootstrapper/Dockerfile
Outdated
|
|
||
| # Expose the file directory as a volume since there's long-running state | ||
| VOLUME ${SECURITY_INIT_DIR} | ||
| VOLUME ${SECURITY_INIT_STAGING_DIR} |
There was a problem hiding this comment.
Remove VOLUME line. No longer needed
cmd/security-bootstrapper/Dockerfile
Outdated
|
|
||
| RUN apk add --update --no-cache dumb-init su-exec | ||
|
|
||
| ENV SECURITY_INIT_DIR /edgex-init | ||
| ARG BOOTSTRAP_REDIS_DIR=${SECURITY_INIT_DIR}/bootstrap-redis | ||
| ENV SECURITY_INIT_STAGING_DIR /edgex-init-staging |
There was a problem hiding this comment.
SECURITY_INIT_DIR was only ever used locally, so I don't think it will break anything to change it. But I have other problems with the PR that I will detail. However, I think it should it should be left as it was and add the new one.
cmd/security-bootstrapper/Dockerfile
Outdated
| RUN mkdir -p ${SECURITY_INIT_STAGING_DIR} \ | ||
| && mkdir -p /edgex-init \ |
There was a problem hiding this comment.
mkdir -p ${BOOTSTRAP_REDIS_DIR} is the only thing needed; it will create any parent directories as needed; remove the others.
cmd/security-bootstrapper/Dockerfile
Outdated
| && mkdir -p ${BOOTSTRAP_REDIS_DIR} | ||
|
|
||
| WORKDIR ${SECURITY_INIT_DIR} | ||
| WORKDIR ${SECURITY_INIT_STAGING_DIR} |
cmd/security-bootstrapper/Dockerfile
Outdated
| COPY --from=builder /edgex-go/cmd/security-bootstrapper/entrypoint-scripts/ ${SECURITY_INIT_STAGING_DIR}/ | ||
| RUN chmod +x ${SECURITY_INIT_STAGING_DIR}/*.sh |
cmd/security-bootstrapper/Dockerfile
Outdated
| @@ -59,10 +60,10 @@ COPY --from=builder /edgex-go/cmd/security-bootstrapper/res/configuration.toml . | |||
| COPY --from=builder /edgex-go/cmd/security-bootstrapper/res-bootstrap-redis/configuration.toml ${BOOTSTRAP_REDIS_DIR}/res/ | |||
|
|
|||
| # copy Consul ACL related configs | |||
| COPY --from=builder /edgex-go/cmd/security-bootstrapper/consul-acl/ ${SECURITY_INIT_DIR}/consul-bootstrapper/ | |||
| COPY --from=builder /edgex-go/cmd/security-bootstrapper/consul-acl/ ${SECURITY_INIT_STAGING_DIR}/consul-bootstrapper/ | |||
| @@ -37,6 +37,7 @@ EDGEX_USER_ID=${EDGEX_USER:-$DEFAULT_EDGEX_USER_ID} | |||
| # which then injecting into all other related containers on other services' entrypoint scripts | |||
| # if the executable is not 'security-bootstrapper'; then we consider it not running the bootstrapping process | |||
| # for the user may just want to debug into the container shell itself | |||
| cp -rpd /edgex-init-staging/* /edgex-init/ | |||
There was a problem hiding this comment.
This cp should use the env vars defined in the dockerfile. Copy from STAGING_DIR to INIT_DIR.
|
@lenny-intel @jim-wang-intel all are updated, please review again |
|
@vli11 i think you lost your Dockerfile changes.... please do not squash the commits before others finish your change reviews... |
fixes: edgexfoundry#3851 Signed-off-by: Valina Li <valina.li@intel.com>
Signed-off-by: Valina Li <valina.li@intel.com>
|
Kudos, SonarCloud Quality Gate passed!
|
There was a problem hiding this comment.
LGTM, but deferring to @bnevis-i & @jim-wang-intel for approval.
@lenny-intel can you dismiss your review? |
|
recheck |
|
Hi @ernestojeda how do we do a ci/cd re-build? .. want to re-run the build to see if this is just intermittent issue |
|
recheck |
"recheck" is correct. However, you may not have the correct permissions, so Jenkins might have ignored. |
weird, it used to be working for me though... |
fixes: #3851
Signed-off-by: Valina Li valina.li@intel.com
If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-go/blob/main/.github/Contributing.md
PR Checklist
Please check if your PR fulfills the following requirements:
BREAKING CHANGE:describing the break)Testing Instructions
New Dependency Instructions (If applicable)