Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Docker image uses VOLUME directive incorrectly #364

Open
jakubgs opened this issue Dec 4, 2023 · 1 comment
Open

The Docker image uses VOLUME directive incorrectly #364

jakubgs opened this issue Dec 4, 2023 · 1 comment

Comments

@jakubgs
Copy link

jakubgs commented Dec 4, 2023

Currently the official Docker image applies the VOLUME directive to the /opt/tomcat folder:

 > docker history openkm/openkm-ce:6.3.12 | grep VOLUME
<missing>      14 months ago   /bin/sh -c #(nop)  VOLUME [/opt/tomcat]         0B

But this is wrong if you look at the documentation for Docker:

Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.
https://docs.docker.com/storage/volumes/

Since /opt/tomcat folder contains software in form or JARs, WARs, and scripts, it is not supposed to be a volume, since volumes are intended for "data generated and used Docker containers". This means VOLUME directive was used incorrectly.

Furthermore:

Changing the volume from within the Dockerfile: If any build steps change the data within the volume after it has been declared, those changes will be discarded.
https://docs.docker.com/engine/reference/builder/#notes-about-specifying-volumes

This in effect means that it is impossible to modify the /opt/tomcat folder - for example to change permissions - since it's a volume:

FROM openkm/openkm-ce:6.3.12
RUN chown -R www-data /opt/tomcat
USER www-data

Such a Dockerfile intended to allow the container as non-root user will have no effect, since the /opt/tomcat folder is a volume.

The correct usage of VOLUME directive would be for folders like /opt/tomcat/conf or /opt/tomcat/data, not /opt/tomcat.
@jakubgs
Copy link
Author

jakubgs commented Dec 4, 2023

Furthermore, the turning of /opt/tomcat into a volume means that every time the containers are re-created the volumes are as well, which leaves a lot of large volumes on the host:

 > docker system df
TYPE            TOTAL     ACTIVE    SIZE      RECLAIMABLE
Images          0         0         0B        0B
Containers      0         0         0B        0B
Local Volumes   55        0         19.83GB   19.83GB (100%)
Build Cache     0         0         0B        0B

About 360 MB per volume in case of Pro version, or 280 MB in Community version:

 > d run --rm -it --entrypoint=/bin/sh openkm/openkm-ce:6.3.12
# du -hsc /opt/tomcat
280M	/opt/tomcat
280M	total

jakubgs added a commit to status-im/infra-role-openkm that referenced this issue Dec 4, 2023
@jakubgs
docker: use nonroot image provided by OpenKM
5977679 
Since the original image misuses `VOLUME` directive and makes it
impossible t actually change permissions for `/opt/tomcat`:
openkm/document-management-system#364
https://support.openkm.com/tickets.php?id=13006

Signed-off-by: Jakub Sokołowski <jakub@status.im>
jakubgs added a commit to status-im/infra-role-openkm that referenced this issue Dec 4, 2023
@jakubgs
docker: use nonroot image provided by OpenKM
704162e 
Since the original image misuses `VOLUME` directive and makes it
impossible t actually change permissions for `/opt/tomcat`:
openkm/document-management-system#364
https://support.openkm.com/tickets.php?id=13006

Signed-off-by: Jakub Sokołowski <jakub@status.im>
jakubgs added a commit to status-im/infra-role-openkm that referenced this issue Dec 4, 2023
@jakubgs
docker: use nonroot image provided by OpenKM
4762933 
Since the original image misuses `VOLUME` directive and makes it
impossible t actually change permissions for `/opt/tomcat`:
openkm/document-management-system#364
https://support.openkm.com/tickets.php?id=13006

Signed-off-by: Jakub Sokołowski <jakub@status.im>
jakubgs added a commit to status-im/infra-role-openkm that referenced this issue Dec 4, 2023
@jakubgs
docker: use nonroot image provided by OpenKM
c696ba6 
Since the original image misuses `VOLUME` directive and makes it
impossible t actually change permissions for `/opt/tomcat`:
openkm/document-management-system#364
https://support.openkm.com/tickets.php?id=13006

Signed-off-by: Jakub Sokołowski <jakub@status.im>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jakubgs