Allow ddclient.conf to be served from read-only filesystem

[rhuss]

---

Expected Behavior

This is a feature request. It would be cool, if this image would allow a ddclient.conf which is store on read-only filesystem. The use case here, that if you use this image within Kubernetes and provide the configuration from a ConfigMap / Secret, then the file is mounted read-only.

A sample K8s deployment would look like:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ddclient
  name: ddclient
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ddclient
  template:
    metadata:
      labels:
        app: ddclient
      name: ddclient
    spec:
      containers:
      - image: linuxserver/ddclient:3.9.0-ls23
        name: ddclient
        env:
        - name: TZ
          value: Europe/Berlin
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        command:
        volumeMounts:
        - mountPath: /config
          name: ddclient-config
      volumes:
      - name: ddclient-config
        secret:
          secretName: ddclient-config

where the config is stored in a secrtet named ddclient-config.

It would be awesome to not raise in error in this setup.

Current Behavior

Currently it looks like that it works, but some errors are shown on the console:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

chown: changing ownership of '/config': Read-only file system
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing...
chown: changing ownership of '/config/..data': Read-only file system
chown: changing ownership of '/config/ddclient.conf': Read-only file system
chown: changing ownership of '/config/..2020_01_06_08_57_18.599307433/ddclient.conf': Read-only file system
chown: changing ownership of '/config/..2020_01_06_08_57_18.599307433': Read-only file system
chown: changing ownership of '/config': Read-only file system
chmod: changing permissions of '/config': Read-only file system
chmod: changing permissions of '/config/..2020_01_06_08_57_18.599307433': Read-only file system
chmod: changing permissions of '/config/..2020_01_06_08_57_18.599307433/ddclient.conf': Read-only file system
[cont-init.d] 30-config: exited 1.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
Setting up watches.
Watches established.
[services.d] done.

[aptalca]

It seems the issue is not that it's read only, but that you mapped a file as /config where our container expects a folder and wants to do some init logic on it.

See here for the init logic: https://github.com/linuxserver/docker-ddclient/blob/master/root/etc/cont-init.d/30-config

If you save your customized ddclient.conf file as a secret and mount it as /defaults/ddclient.conf inside the container, it should work.

It will basically replace our default with your default, which the container will copy into the /config folder during initial start and use it.

[rhuss]

No, I really mapped /config to a folder:

kubectl exec -it ddclient-58ff467b57-krjf5 ash
root@ddclient-58ff467b57-krjf5:/# ls -l /config/
total 0
lrwxrwxrwx 1 root root 20 Jan  6 14:27 ddclient.conf -> ..data/ddclient.conf

So I mapped, the secret to a /config folder with then contains the single file ddclient.conf which is the single entry of the mounted secret (it's read only though and can't be chmod-ed).

The trick with mounting on /defaults/ though worked, so I'm fine with that.

Thanks !

[rhuss]

But even with mounting on /defaults I get

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    1000
User gid:    1000
-------------------------------------

chown: changing ownership of '/defaults': Read-only file system
[cont-init.d] 10-adduser: exited 1.

However, as it doesn't seem to impact the functionality, it's ok for me.

[rhuss]

@aptalca fyi, that is the code part which fails if either /app, /config or /defaults is mounted read-only:

https://github.com/linuxserver/docker-baseimage-alpine/blob/bb9c9b65b2268e8296bef4c177c2d4a127d95273/root/etc/cont-init.d/10-adduser#L29-L31

Interestingly it still moves on, but I would suggest to check for a read-only filesystem here or silent the error messages (I'm missing a set -e here anyway, even when it's helpful for my use case ;-)

[aptalca]

oh, that's right. Forgot about that chown