[OPENIG-4760] Cannot mount local instance directory in read only mode with IG docker image Created: 07/Jul/20  Updated: 19/Aug/20  Resolved: 08/Jul/20

Status: Closed
Project: Identity Gateway
Component/s: Docker
Affects Version/s: 7.0.0, 7.0.0-micsvc-1.0.3
Fix Version/s: 7.0.0, 7.0.0-micsvc-1.0.3

Type: Bug Priority: Minor
Reporter: Violette Roche Montane Assignee: Violette Roche Montane
Resolution: Not a defect Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to OPENIG-4775 Growing /tmp folder full of empty fol... Closed
is related to OPENIG-4737 Provide a working Dockerfile in the I... Closed
Sprint: 2020.09 - IG / Microservices
Story Points: 1

 Description   

This issue applies both in gcr.io/forgerock-io/ig/docker-build and in the (not merged yet) standalone docker image.
Actually, if I mount my local instance directory in read-only mode :

$ docker run -v /home/vio/.openig/:/var/ig/:ro gcr.io/forgerock-io/ig/docker-build
[main] INFO  o.f.openig.launcher.Launcher @system - /var/ig/config/admin.json not readable, using default-admin.json
[main] INFO  o.f.openig.launcher.Launcher @system - Environment:
[main] INFO  o.f.openig.launcher.Launcher @system - - instance directory: /var/ig
[main] INFO  o.f.openig.launcher.Launcher @system - - temporary directory: /var/ig/tmp
[main] ERROR o.f.openig.launcher.Launcher @system - Unable to start - product stopped
java.nio.file.NoSuchFileException: /var/ig/tmp/groovy-script-cache-7513184378261892202
	at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
Wrapped by: javax.script.ScriptException: java.nio.file.NoSuchFileException: /var/ig/tmp/groovy-script-cache-7513184378261892202
	at org.forgerock.openig.script.GroovyScriptFactory.tmpDirectory(GroovyScriptFactory.java:58)
Wrapped by: org.forgerock.http.HttpApplicationException: Error starting admin application
	at org.forgerock.openig.http.AdminHttpApplication.<init>(AdminHttpApplication.java:291)
[main] INFO  o.f.openig.launcher.Launcher @system - Cleaning up resources

The tmp folder in .openig is growing at each startup of IG, as far as I can see when running some tests, growing full of temporary empty folder named such as groovy-script-cache-1964974339709789650/ but that be a another issue.

As a user, I should be able to share my local IG configuration, in read-only mode, to be sure that nothing is altered, between my docker images.



 Comments   
Comment by Laurent Vaills [ 07/Jul/20 ]

Do not mount it as ro (read-only), or you can specify the location of the tmp directory through a setting in the admin.json file.

BTW, prefer the new option --mount .

https://docs.docker.com/storage/volumes/

Comment by Violette Roche Montane [ 08/Jul/20 ]

I created this issue as the :ro option is commonly used in docker world and keep track on that.
I forgot the admin.json but you are right, from the documentation:

"temporaryDirectory": configuration expression<string>, optional
Directory containing temporary storage files.

Set this property to store temporary files in a different directory, for example:

{
   "temporaryDirectory": "/path/to/my-temporary-directory"
}

Default: $HOME/.openig/tmp (on Windows, %appdata%\OpenIG\tmp)

Thanks

Comment by Jean-Charles Deville [ 19/Aug/20 ]

Closing issue after Release 7.0.0

Generated at Mon Mar 01 10:46:32 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.