Hi Jenkins!
Thanks for reviewing this PR. I think the best thing to do at this point
is to add your thoughts (as expressed in this email) to the comments and I
will reach out to person who created the PR. If we don't hear back from
that person in a reasonable amount of time then we can close it a
My suggestion here would be to follow up with comments on the PR in the
form of a review on Github, but also follow up here to enable the community
that is not following the PR to be in the loop and participate.
My specific response to your 4 points:
1. What does Tomcat do in this regard? Feel fr
Hello Jon,
I forked the repo and have started some examples on using docker. Here is
where I am headed:
https://github.com/scriptmonkey/tomee/tree/add_docker_examples/examples/docker-examples
Any comments would be welcome.
Thanks,
Rod.
On 10/29/19, 10:08 AM, "Jonathan Gallimore"
wrote:
I have done some further testing
All testing is on :
$ java -version
openjdk version "11.0.5" 2019-10-15 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.5+10-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.5+10-LTS, mixed mode, sharing)
When I pull apache-tomee-microprofile-7.1.1, I do not
Yes, I'll take a look and report back.
Thanks
Jon
On Fri, Nov 8, 2019 at 3:39 PM Jenkins, Rodney J (Rod) <
jenki...@nationwide.com> wrote:
> I have done some further testing
>
> All testing is on :
>
> $ java -version
> openjdk version "11.0.5" 2019-10-15 LTS
> OpenJDK Runtime Environment 1
I can confirm I see the same error. Looks like its specific to the
microprofile flavor. I'll see if I can spot anything odd there.
On Fri, Nov 8, 2019 at 3:39 PM Jenkins, Rodney J (Rod) <
jenki...@nationwide.com> wrote:
> I have done some further testing
>
> All testing is on :
>
> $ java -ve
Looks like the microprofile distribution is missing jakarta.activation.
Adding that in (from the plus distribution) allows the server to start
correctly. I've filed a JIRA:
https://issues.apache.org/jira/browse/TOMEE-2731
I'm happy to take, but if you would like to take a swing at it Rod, let me
k
Hello,
Here is what I am proposing:
https://github.com/scriptmonkey/docker-tomee
I have accomplished a few things with this proposal:
1) Gets 8.0.0 out and other latest versions
2) Addresses the previous discussions
3) Cleans up the old versions. Users can still get previous versions with tags
Go for it.
Jon
On Wed, Nov 20, 2019 at 7:37 PM Jenkins, Rodney J (Rod) <
jenki...@nationwide.com> wrote:
> Hello,
>
> Here is what I am proposing:
> https://github.com/scriptmonkey/docker-tomee
>
> I have accomplished a few things with this proposal:
>
> 1) Gets 8.0.0 out and other latest versi
I saw your PR and merged it. So, there's one more step to make this
"official", which is to submit a PR against this repository:
https://github.com/docker-library/official-images. For reference, here's
the last PR I submitted for it:
https://github.com/docker-library/official-images/pull/6638.
In
I just submitted this pull request:
https://github.com/docker-library/official-images/pull/7013
I will let you know how it goes.
Thanks,
Rod.
On 11/20/19, 3:27 PM, "Jonathan Gallimore"
wrote:
I saw your PR and merged it. So, there's one more step to make this
"official", which
Sounds like good feedback. I merged your changes in. You could well be a
published author on the official docker images by the end of the day :)
Jon
On Fri, Nov 22, 2019 at 1:45 AM Jenkins, Rodney J (Rod) <
jenki...@nationwide.com> wrote:
> Update:
>
> They wanted a change to the Docker files.
This has not been on my radar for some time but I thought the user was
changed back in January/May or are these different efforts/projects?
: https://github.com/tomitribe/docker-tomee/pull/33
On Fri, Nov 22, 2019 at 4:18 AM Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
> Sounds like
There's other cleanup for old Dockerfiles, and making everything consistent
throughout. Certainly some changes for new images had come through where
they were running as root. There's a flip to using `useradd` to add the
TomEE user as opposed to manually appending to /etc/passwd. I think the
goal y
Jon,
I am not familiar with the flip to the useradd but one of the key points is
to ensure that the runtime user id may be arbitrary.
The idea is that (at least in some/our use cases), we don't know by design
what the user id (UID) will be at runtime but we can be assured the group
id will be roo
Hi Rod,
I am seeing some of my messages bouncing back - perhaps they are too long
so I apologize if this was already sent:
I am not sure if you're asking "why" I think it's a good idea to run as an
arbitrary UID or the "why" behind what's going on with doing so...I try to
touch on all of it:
We
Carl,
I also had issues posting to the group on Friday night/Saturday morning.
I fear that we are talking past one another. I will try to be much clearer in
my responses. If we cannot resolve this via email, I am willing to host a
Skype session to talk through. Anyone on the list would be we
Hi Rod,
I am certainly willing to talk about this via Skype or similar.
I take no offense to a differing position on the desired used of running a
process as an arbitrary UID. I came along in a time when if you ran as
root or even did a sudo command you should have a good reason and be aware
of
Thank you both for the excellent conversation on this topic, and for the
visibility for everyone else on the list.
I would encourage you to keep going - it doesn't sound like you're too far
apart. In terms of communication, the preference is to not have off-list
conversations, but if you do, we'd
Thank you Jon - that reminder about open communication is much appreciated.
Carl
On Tue, Nov 26, 2019 at 6:48 AM Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
> Thank you both for the excellent conversation on this topic, and for the
> visibility for everyone else on the list.
>
> I
All,
I was proposing a video chat because I was concerned that we were not
understanding one another. I do think that we now understand each other and
the off list talk is not necessary. However, understanding is not necessarily
agreeing, lol.
As I see it we have really two options
1)
Rod,
I don't see value in creating the user in the root group in the image if
one has a desire/need to run as an arbitrary UID as that same user.
I think I would leave out all of my suggested approach because as you said,
folks can create their own images.
We actually have some similar situation
Carl,
I apologize for thinking you did not understand the issue of setting root and
the primary group. I missed how you were setting that in your example.
I viewed "arbitrary UID" as an id other than root. Are you defining it as a
UID set by the environment at execution? My entire premise wa
Hi Rod,
I believe we're on the same page with the desire to run as a non-root
user. Technically I guess the arbitrary UID could be root but that flies
in the face of its purpose which is to prevent predicting the UID to reduce
the possibility of exploiting a vulnerability should one exist. When
Carl,
First, my docker folks would agree (well, most of them) that everyone needs to
change the UID. It really comes down to the user responsibility to set it up
correctly for their needs. The question remains how do we do it for the base
that everyone uses to build from.
Second, I cannot ag
I will have the discussion on my four points here and in the PR.
Thank you,
Rod.
On 10/29/19, 4:16 AM, "Richard Monson-Haefel" wrote:
Nationwide Information Security Warning: This is an external email. Do not
click on links or open attachments unless you trust the sender.
--
Here are my expanded thoughts on the 4 items:
1. Tomcat exposes 8080 out of the box, a user can always enable and expose SSL
in their config. I would recommend against this because not everyone will
enable SSL. For example many times SSL is terminated prior to traffic being
send to TomEE.
On Tue, Oct 29, 2019 at 2:34 PM Jenkins, Rodney J (Rod) <
jenki...@nationwide.com> wrote:
> Here are my expanded thoughts on the 4 items:
>
> 1. Tomcat exposes 8080 out of the box, a user can always enable and
> expose SSL in their config. I would recommend against this because not
> everyone wi
I will have something next week for a pull request, if the current one does not
pan out.
Can I assume that silence is equal(ish) to approval on my previous comments?
If so, that is the direction I will head.
Have a great weekend!!
Thanks,
Rod.
On 10/29/19, 4:16 AM, "Richard Monson-Haefel"
Its reasonable to allow a few days as folks might not see messages right
away. I'd go ahead with your PR based on the discussion here so far as
there appears to be no objections.
Jon
On Fri, Nov 1, 2019 at 10:06 PM Jenkins, Rodney J (Rod) <
jenki...@nationwide.com> wrote:
> I will have something
I have submitted a pull request to fix this issue. Please merge at your
earlier convivence.
Jon, thank you for the guidance.
Thanks,
Rod.
On 11/8/19, 10:47 AM, "Jonathan Gallimore"
wrote:
Looks like the microprofile distribution is missing jakarta.activation.
Adding that in (
Hey Rod and others
As we're discussing Docker images, could I get some review on this:
https://github.com/tomitribe/docker-tomee/pull/37. This is a super simple
update to provide TomEE 8 with both Java 8 and 11. I'm totally happy for
other changes to be applied after this.
I'm looking to provide
Carl,
The reason you add the user with the primary group is that all files created by
that user would then have the group of root. If you did not include that, then
the new files created would have a user of tomee and the root group would not
have permissions on those files. I found this when
Rod,
Thank you. I do understand the use of the root group. My statement
included the assumption that one wanted to run as an arbitrary UID with the
same already created username.
I am not certain it was sent, but one of the points I think I tried to make
early on was the need/desire to run as a
Hello all,
I have a completed repo for you all to look at here:
https://github.com/scriptmonkey/docker-tomee
The only thing I am having an issue with is the Java 11 8.0.0 microprofile
image. I am getting some stack traces when I build that. I have pasted the
log file below. I did not creat
Hi Rodney,
Thanks for all the hard work! I think the problem is with JAXB which
suffered some changes in Java 8 - 11. This article should provide some
guidance on what needs to be done to fix the problem.
https://www.jesperdj.com/2018/09/30/jaxb-on-java-9-10-11-and-beyond/
Richard
On Tue, Nov
36 matches
Mail list logo
