Too many volumes?

[fdcastel]

The current image has SIX volumes declared in Dockerfile.

Each new container instance creates 6 new volumes, most of them containing data which should not really persists between instances.

I actually use only one (the /databases one) so I got 5 unneeded (and unnamed) volumes in my docker volume ls results. And this for each Firebird instance I start. This is burdensome. 😟

Am I missing something? We really need to create volumes for all this? (/tmp?)

Since we always can declare new volumes for any file or folder inside the container, I propose to reduce the Dockerfile volumes to the bare minimum:

VOLUME ["/databases"]

This way, should the need arise, the user could declare extra volumes just for what he needs (e.g. secrets db or log files).

[jacobalberty]

I don't mind cleaning it up, it may not be as simple as just removing the volumes from the dockerfile, At one point the volumes changed the build properties (would remove unneeded files). All of those volumes should be corrected now so the build isn't dependent on them to remain consistent but I need to check before removing them.

[jacobalberty]

Ok looked into it, I do believe /var/firebird/system should stay as it is the default location for the security database, you probably want that to persist. So at a minimum I believe /databases and /var/firebird/system should be volumes, or at least merge the two volumes. Are there any security issues associated with that? It would make it more complicated to restrict access to the security database.

There is one other caveat with removing the other volumes, if /var/firebird/log and /tmp/firebird are in volumes then by default the container should be capable of running with a read only filesystem, though I believe this could be mitigated while satisfying your request by removing the volumes and documenting how to add those volumes on the docker run command line to allow running with a read_only root in README.md instead.

So as I see it it should be safe to remove /var/firebird/run, /var/firebird/etc, /var/firebird/log and /tmp/firebird.

/databases will definitely stay

and from what I see /var/firebird/system should probably stay as well either as its own volume or change --with-fbsecure-db=/var/firebird/system to --with-fbsecure-db=/databases and then updating docker-entrypoint.sh to recognize the new location.

[fdcastel]

--with-fbsecure-db=/databases seems good to me.

I can't see any security concerns ATM. But consider that other RDMBs (see PostgreSQL and MariaDB) also use one volume for all data storage (metadata, security, schema, life, the universe... and everything 😄 ).

[jacobalberty]

Looking at it some more and I'm thinking the cleanest option may actually be to just do a single /firebird volume then you could put databases under /firebird/data configuration files under /firebird/etc log files under /firebird/log security db under /firebird/system . the entrypoint could easily detect any of those folders missing and recreate whats missing when launched. That way separation between data and the security db can be maintained while reducing volumes.

[jacobalberty]

Took me a little bit but this is now merged and up on github and building on docker hub. branches master, 2.5-ss and 2.5-sc have it and I have remade the tags 3.0.2, 2.5.7-ss and 2.5.7-sc with it.