Skip to content

Commit

Permalink
Podman: Mounting volumes with z to work around permission issues (#80)
Browse files Browse the repository at this point in the history
* Mounting volumes in readOnly shared mode to work around permission issues

* Adding hack back

* Changing volume format

---------

Co-authored-by: Ole Martin Handeland <[email protected]>
  • Loading branch information
olemartinorg and Ole Martin Handeland authored Feb 13, 2024
1 parent 1d23de2 commit 9808173
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 34 deletions.
1 change: 0 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ podman-compose-start-localtest:
.PHONY: podman-compose-stop-localtest
podman-compose-stop-localtest:
podman-compose --file podman-compose.yml down


.PHONY: podman-selinux-bind-hack
podman-selinux-bind-hack:
Expand Down
16 changes: 0 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -218,22 +218,6 @@ This would be required if your app requires a role which none of the test users

### Known issues

#### Bind mounts folders gives permission denied. Nginx returns default page

On some nix systems you might experience problems with the bind mounts used by the containers. If you get the default nginx page when trying to access local.altinn.cloud this might be the case.

To verify this you can run the following command:

```shell
podman container exec -it localtest-loadbalancer cat /etc/nginx/templates/nginx.conf.conf
```

if you get a permission denied message this verifies that the bind mount is not working. A best effort fix for this is to run the following command:

```shell
make podman-selinux-bind-hack
```

#### Localtest reports that the app is not running even though it is

If localtest and you app is running, but localtest reports that the app is not running, it might be that the port is not open in the firewall.
Expand Down
22 changes: 5 additions & 17 deletions podman-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,8 @@ services:
- NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx/
- NGINX_ENVSUBST_TEMPLATE_SUFFIX=.conf
volumes:
- type: bind
source: ./loadbalancer/templates/
target: /etc/nginx/templates/
read_only: true
- type: bind
source: ./loadbalancer/www/
target: /www/
read_only: true

- ./loadbalancer/templates/:/etc/nginx/templates/:ro,z
- ./loadbalancer/www/:/www/:ro,z

altinn_platform_pdf:
container_name: altinn-pdf
Expand All @@ -44,6 +37,7 @@ services:
- altinntestlocal_network
ports:
- "5070:5070"

altinn_pdf_service:
container_name: altinn-pdf-service
image: browserless/chrome:1-puppeteer-19.2.2
Expand All @@ -69,14 +63,8 @@ services:
- GeneralSettings__BaseUrl=http://${TEST_DOMAIN:-local.altinn.cloud}:${ALTINN3LOCAL_PORT:-8000}
- GeneralSettings__HostName=${TEST_DOMAIN:-local.altinn.cloud}
volumes:
- type: volume
source: AltinnPlatformLocal
target: /AltinnPlatformLocal/
read_only: false
- type: bind
source: ./testdata/
target: /testdata/
read_only: true
- ./testdata/:/testdata/:ro,z
- AltinnPlatformLocal:/AltinnPlatformLocal/:rw

volumes:
AltinnPlatformLocal:

0 comments on commit 9808173

Please sign in to comment.