Revert file_processor in .dev mode to use image:node#83
Revert file_processor in .dev mode to use image:node#83johnny-hausman wants to merge 3 commits intomasterfrom
Conversation
elephanteleven
left a comment
elephanteleven
left a comment
There was a problem hiding this comment.
Okay, the image:file_processor has some extra tools are installed https://github.com/CruGlobal/ab_service_file_processor/blob/master/Dockerfile#L28 including the image compressor we use for file-get. I think using image:node are missing those tools.
My idea (You can correct me if I am wrong.):
Should we force to use the api_sails image in dev instead?
We now default the USER node https://github.com/CruGlobal/ab_service_api_sails/blob/a389ad8c9d07c49ce85141e33e38b31075c360ec/Dockerfile#L42.
We modify the sharing volume /data permission to node:node https://github.com/CruGlobal/ab_service_file_processor/blob/0bc32b385b2f140fffbed3602fc8b9d43ecfddd3/Dockerfile#L53.
I think it should be fine for permission sharing file system since it will point to the same identity USER node user and the file system is extended from the root image:node.
There was a problem hiding this comment.
If we delete this line, Then
we use ENTRYPOINT ["bash", "/app/docker-entrypoint.sh"] in https://github.com/CruGlobal/ab_service_api_sails/blob/a389ad8c9d07c49ce85141e33e38b31075c360ec/Dockerfile#L46 or make this https://github.com/CruGlobal/ab_service_api_sails/blob/master/docker-entrypoint.sh file executable by default? we now don't need https://github.com/CruGlobal/ab_service_api_sails/blob/a389ad8c9d07c49ce85141e33e38b31075c360ec/Dockerfile#L45 that make our local dev file system different from the original one in the docker image.
So, the script can mount our local dev file system to the container image normally and start the container correctly in dev mode.
2 participants
With the recent security updates to our Docker packages, our services no longer run as root.
In a development environment, if our api_sails not using our docker image, it will run as the default user in the
nodecontainer.If we force file_processor to use our Docker image, it will default to a different "user" in unix. Since api_sails and file_processor are sharing the same file system, then one package will not be able to access and read the uploaded files the other one is creating due to file permissions.
So in a dev environment, let's make sure they both use the default :
image:nodeso they user permissions are the same.[fix] revert file_processor in .dev mode to use image:node