preliminary spee.ch container #5

New issue

Closed

opened 2018-10-06 18:28:20 +02:00 by Leopere · 2 comments

Leopere commented

2018-10-06 18:28:20 +02:00

(Migrated from github.com)


One of the biggest issues is that in a decision made by the LBRY team to avoid putting any secrets in the system as environment variables at any point they've decided on using a config file and a setup script.  Both of which are excellent however doesn't make for an easy setup for a container.  

In this we can operate and submit a container which will have a special start script that will need to do the following:
- Check for an installed config file.
- Set environment variables using sed/grep/awk in the configs. Then set secrets to /dev/null after they are used to set up the config during launch time.
- Assert that file permissions are correct because users can't / shouldn't be trusted to do this correctly. (this should reduce/eliminate any potential issues being created for file permissions problems.)
- Detect if the user is using `docker exec` to attempt to execute commands inside of the container image and allow them to override any `ENTRYPOINT` and `CMD` directives.
- Launch the main process in the container foreground so that docker can handle the main executable correctly.

~~~This should function similarly to what is laid out in issue #1 and then also a few other details.~~~ One of the biggest issues is that in a decision made by the LBRY team to avoid putting any secrets in the system as environment variables at any point they've decided on using a config file and a setup script. Both of which are excellent however doesn't make for an easy setup for a container. In this we can operate and submit a container which will have a special start script that will need to do the following: - Check for an installed config file. - Set environment variables using sed/grep/awk in the configs. Then set secrets to /dev/null after they are used to set up the config during launch time. - Assert that file permissions are correct because users can't / shouldn't be trusted to do this correctly. (this should reduce/eliminate any potential issues being created for file permissions problems.) - Detect if the user is using `docker exec` to attempt to execute commands inside of the container image and allow them to override any `ENTRYPOINT` and `CMD` directives. - Launch the main process in the container foreground so that docker can handle the main executable correctly.

Leopere commented

2018-10-07 03:53:16 +02:00

(Migrated from github.com)

This is waiting on https://github.com/lbryio/spee.ch to release a Chainquery enabled version before it would make sense to carry on too much further with heading towards a release, however, I can likely refine this a bunch more before it can be considered release ready.

Leopere commented

2018-10-15 09:25:53 +02:00

(Migrated from github.com)

Started working on this again now that Chainquery is containerized and Spee.ch is Chainquery production ready. I may have a few ways to do some of these things more reliably and technically simpler.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: LBRYCommunity/lbry-docker#5

No description provided.