Uploaded image for project: 'Repose'
  1. REP-6135

Update Dockerfile to add group read permissions for the root group

    Details

    • Type: Story
    • Status: Resolved (View workflow)
    • Priority: Medium
    • Resolution: Done
    • Affects versions: None
    • Fix versions: 8.7.1.0
    • Components: None
    • Labels:
      None
    • Epic Link:
    • Sprint:
      Sprint 153
    • Story Points:
      1
    • Capitalizable:
      True

      Description

      To make it easier to use the Repose Docker image in RSI, we need to update the permissions to add read permissions for the root group. The details about how to do this and how it's totally legit are here:
      https://docs.openshift.com/container-platform/3.6/creating_images/guidelines.html#use-uid

      Acceptance Criteria:

      • Permissions are verified in the Docker image.
      • If feasible, we test the Docker image in RSI.

      Slack conversation:

      Andrew Widdersheim
      @dmnjohns https://github.rackspace.com/andr0815/cirsia/blob/master/repose/Dockerfile

      Damien Johnson
      Thanks.

      Andrew Widdersheim
      I guess the biggest pain points were two things
      the first is /etc/repose is marked as a voluem
      which is totally fine in some cases
      but in cases where you want to bake configs in it's not possible to override the files there
      the other thing was supporting openshift arbitrary user IDs
      so not having things have to run as root is one thing but it takes a little more work for openshift
      most of my changes are based on the docs here
      https://docs.openshift.com/container-platform/3.6/creating_images/guidelines.html#use-uid
      so the USER 1001 and

          && for i in \
                  ${REPOSE_CONFIG} \
                  /var/repose \
                  /var/log/repose \
              ; do chgrp -R 0 $i && chmod -R g=u $i; done
      

      bits specifically
      being able to change ports and things would be nice but I just hacked that together with environment variables and a bash docker-entrypoint.sh script

      Damien Johnson
      Interesting. Yeah, we'll definitely take a look and see what we can do here. Thanks for showing us this!

      Andrew Widdersheim
      https://github.rackspace.com/andr0815/cirsia/blob/master/repose/docker-entrypoint.sh
      sure thanks for your help as well!

      Damien Johnson
      Oh, yeah, so we have a solution for that on the book.
      Soon(TM) we want to add environment variable interpolation into our configuration service. That would allow you to set environment variables to be used in your configs instead of rewriting the configs themselves.

      Andrew Widdersheim
      yeah that'd be super nice

      Damien Johnson
      You can track that work here, if you'd like:
      https://repose.atlassian.net/browse/REP-5401
      I mean, we haven't started it yet...
      but we know people want it.

      Andrew Widdersheim
      there is always things like https://github.com/kelseyhightower/confd too
      GitHub
      kelseyhightower/confd
      confd - Manage local application configuration files using templates and data from etcd or consul
      that is like.. a stand alone tool to do similar things
      and I'd probably use that now if I need to do more than just a few seds

      Damien Johnson
      Sure, that works.

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                wdschei Bill Scheidegger
                Reporter:
                mario.lopez Mario Lopez
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: