[jira] [Comment Edited] (IGNITE-17032) Apache Ignite Docker container does not run correctly if image is run in read only file system mode

[Stanislav Lukyanov (Jira)]

[ 
https://issues.apache.org/jira/browse/IGNITE-17032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17563063#comment-17563063
 ] 

Stanislav Lukyanov edited comment on IGNITE-17032 at 7/6/22 8:57 AM:
-

Thanks for reporting [~tonkovic].

TLDR: this is fixable, and I think there is a workaround - see it at the end of 
the comment.

My first read of this was - well, Ignite should normally be used with a 
writable disk, so "Not an issue".

BUT reading the second time I realized that the problem is that we're trying to 
write into the *root* volume. We shouldn't do that.

 

Apparently, the thing that doesn't work is the following line

{code}
version=$(awk -F[\"\.] '{print $2}' <<< ${version})
{code}

In particular, the `<<<` is at fault.

Turns out, in Bash the `<<<` ("here-string") is implemented via `<<` 
("here-document") which is in turn implemented via temp files. The root file 
system is read-only, hence `/tmp` is also read-only, hence `<<` and `<<<` can't 
work. You learn something new everyday, don't you? 
[This](https://stackoverflow.com/questions/2500436/how-does-cat-eof-work-in-bash)
 explains it.

I'm quite surprised that basic Bash syntax can be unfriendly to cloud but here 
we are.

Two things we should do (each of them will suffice, but I'd do both):

1. Get rid of the `<<<` and `<<` in the scripts, just in case.

2. Mount `/tmp` as tmpfs. It should always be tmpfs in all environments, for 
many good reasons. I'm a bit surprised it's not tmpfs now, and I'd certainly 
change that. The question is whether we can and should do this right in the 
Dockerfile, or ask everyone to mount `/tmp` as tmpfs when running. The latter 
requires at least docs changes.

As a workaround, I think running the container with an [explicit tmpfs 
mount](https://stackoverflow.com/questions/34698620/docker-and-volatile-volumes-ala-tmp)
 will do the trick:
{code}
docker run --tmpfs /tmp ...
{code}

Disclaimer: I haven't got my hands dirty yet, so all of the above needs to be 
confirmed with tests.


was (Author: slukyanov):
Thanks for reporting [~tonkovic].

TLDR: this is fixable, and I think there is a workaround - see it at the end of 
the comment.

My first read of this was - well, Ignite should normally be used with a 
writable disk, so "Not an issue".

BUT reading the second time I realized that the problem is that we're trying to 
write into the *root* volume. We shouldn't do that.

 

Apparently, the thing that doesn't work is the following line

```
version=$(awk -F[\"\.] '{print $2}' <<< ${version})
```

In particular, the `<<<` is at fault.

Turns out, in Bash the `<<<` ("here-string") is implemented via `<<` 
("here-document") which is in turn implemented via temp files. The root file 
system is read-only, hence `/tmp` is also read-only, hence `<<` and `<<<` can't 
work. You learn something new everyday, don't you? 
[This](https://stackoverflow.com/questions/2500436/how-does-cat-eof-work-in-bash)
 explains it.

I'm quite surprised that basic Bash syntax can be unfriendly to cloud but here 
we are.

Two things we should do (each of them will suffice, but I'd do both):

1. Get rid of the `<<<` and `<<` in the scripts, just in case.

2. Mount `/tmp` as tmpfs. It should always be tmpfs in all environments, for 
many good reasons. I'm a bit surprised it's not tmpfs now, and I'd certainly 
change that. The question is whether we can and should do this right in the 
Dockerfile, or ask everyone to mount `/tmp` as tmpfs when running. The latter 
requires at least docs changes.

As a workaround, I think running the container with an [explicit tmpfs 
mount](https://stackoverflow.com/questions/34698620/docker-and-volatile-volumes-ala-tmp)
 will do the trick:
```
docker run --tmpfs /tmp ...
```

Disclaimer: I haven't got my hands dirty yet, so all of the above needs to be 
confirmed with tests.

> Apache Ignite Docker container does not run correctly if image is run in read 
> only file system mode
> ---
>
> Key: IGNITE-17032
> URL: https://issues.apache.org/jira/browse/IGNITE-17032
> Project: Ignite
>  Issue Type: Bug
>  Components: build
>Affects Versions: 2.13
>Reporter: Petar Tonkovic
>Priority: Major
>
> When following the Kubernetes deployment tutorials (online: 
> https://ignite.apache.org/docs/latest/installation/kubernetes/azure-deployment,
>  youtube: [https://youtu.be/38YgdAOs038]), trying to run the official docker 
> image () with the --read-only flag is causing errors:
> /opt/ignite/apache-ignite/bin/include/functions.sh: line 52: cannot create 
> temp file for here-document: Read-only file system
> /opt/ignite/apache-ignite/bin/include/functions.sh: line 85: [: -lt: unary 
> operator expected2022-05-25T14:27:34.50

[jira] [Comment Edited] (IGNITE-17032) Apache Ignite Docker container does not run correctly if image is run in read only file system mode

[Stanislav Lukyanov (Jira)]

[ 
https://issues.apache.org/jira/browse/IGNITE-17032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17563063#comment-17563063
 ] 

Stanislav Lukyanov edited comment on IGNITE-17032 at 7/6/22 8:56 AM:
-

Thanks for reporting [~tonkovic].

TLDR: this is fixable, and I think there is a workaround - see it at the end of 
the comment.

My first read of this was - well, Ignite should normally be used with a 
writable disk, so "Not an issue".

BUT reading the second time I realized that the problem is that we're trying to 
write into the *root* volume. We shouldn't do that.

 

Apparently, the thing that doesn't work is the following line

```
version=$(awk -F[\"\.] '{print $2}' <<< ${version})
```

In particular, the `<<<` is at fault.

Turns out, in Bash the `<<<` ("here-string") is implemented via `<<` 
("here-document") which is in turn implemented via temp files. The root file 
system is read-only, hence `/tmp` is also read-only, hence `<<` and `<<<` can't 
work. You learn something new everyday, don't you? 
[This](https://stackoverflow.com/questions/2500436/how-does-cat-eof-work-in-bash)
 explains it.

I'm quite surprised that basic Bash syntax can be unfriendly to cloud but here 
we are.

Two things we should do (each of them will suffice, but I'd do both):

1. Get rid of the `<<<` and `<<` in the scripts, just in case.

2. Mount `/tmp` as tmpfs. It should always be tmpfs in all environments, for 
many good reasons. I'm a bit surprised it's not tmpfs now, and I'd certainly 
change that. The question is whether we can and should do this right in the 
Dockerfile, or ask everyone to mount `/tmp` as tmpfs when running. The latter 
requires at least docs changes.

As a workaround, I think running the container with an [explicit tmpfs 
mount](https://stackoverflow.com/questions/34698620/docker-and-volatile-volumes-ala-tmp)
 will do the trick:
```
docker run --tmpfs /tmp ...
```

Disclaimer: I haven't got my hands dirty yet, so all of the above needs to be 
confirmed with tests.


was (Author: slukyanov):
Thanks for reporting [~tonkovic].

TLDR: this is fixable, and I think there is a workaround - see it at the end of 
the comment.

My first read of this was - well, Ignite should normally be used with a 
writable disk, so "Not an issue".

BUT reading the second time I realized that the problem is that we're trying to 
write into the *root* volume. We shouldn't do that.

 

Apparently, the thing that doesn't work is the following line
```
version=$(awk -F[\"\.] '{print $2}' <<< ${version})
```
In particular, the `<<<` is at fault.

Turns out, in Bash the `<<<` ("here-string") is implemented via `<<` 
("here-document") which is in turn implemented via temp files. The root file 
system is read-only, hence `/tmp` is also read-only, hence `<<` and `<<<` can't 
work. You learn something new everyday, don't you? 
[This](https://stackoverflow.com/questions/2500436/how-does-cat-eof-work-in-bash)
 explains it.

I'm quite surprised that basic Bash syntax can be unfriendly to cloud but here 
we are.

Two things we should do (each of them will suffice, but I'd do both):

1. Get rid of the `<<<` and `<<` in the scripts, just in case.

2. Mount `/tmp` as tmpfs. It should always be tmpfs in all environments, for 
many good reasons. I'm a bit surprised it's not tmpfs now, and I'd certainly 
change that. The question is whether we can and should do this right in the 
Dockerfile, or ask everyone to mount `/tmp` as tmpfs when running. The latter 
requires at least docs changes.

As a workaround, I think running the container with an [explicit tmpfs 
mount](https://stackoverflow.com/questions/34698620/docker-and-volatile-volumes-ala-tmp)
 will do the trick:
```
docker run --tmpfs /tmp ...
```

Disclaimer: I haven't got my hands dirty yet, so all of the above needs to be 
confirmed with tests.

> Apache Ignite Docker container does not run correctly if image is run in read 
> only file system mode
> ---
>
> Key: IGNITE-17032
> URL: https://issues.apache.org/jira/browse/IGNITE-17032
> Project: Ignite
>  Issue Type: Bug
>  Components: build
>Affects Versions: 2.13
>Reporter: Petar Tonkovic
>Priority: Major
>
> When following the Kubernetes deployment tutorials (online: 
> https://ignite.apache.org/docs/latest/installation/kubernetes/azure-deployment,
>  youtube: [https://youtu.be/38YgdAOs038]), trying to run the official docker 
> image () with the --read-only flag is causing errors:
> /opt/ignite/apache-ignite/bin/include/functions.sh: line 52: cannot create 
> temp file for here-document: Read-only file system
> /opt/ignite/apache-ignite/bin/include/functions.sh: line 85: [: -lt: unary 
> operator expected2022-05-25T14:27:34.504369604+02:00