Creating an Egeria container with a pre-defined configuration

[dwolfson]

I've been trying to create a docker container with a pre-defined configuration. The strategy that I'm exploring is to:

1) start from an Egeria build (for convenience I am doing this in IntelliJ) 2) Start Egeria normally 3) Configure a single Egeria metadata access server with a repository using commands with Python and/or Postman 4) Test the configured Egeria 5) Stop the server 6) Copy the contents (including the data directory) to /open-metadata-resources/open-metadata-deployment/docker/egeria/build/assembly 7) Use the Dockerfile in /open-metadata-resources/open-metadata-deployment/docker/egeria to build the container 8) Run the container (have tried a variety of arguments) - the image comes up and looks normal

Now at this point, I can query the platform and it indicates it is active - but it doesn't see any configuration for the server. If I then try to configure the server - I get the error:

"class": "VoidResponse", "relatedHTTPCode": 500, "exceptionClassName": "org.odpi.openmetadata.adminservices.ffdc.exception.OMAGConfigurationErrorException", "exceptionCausedBy": "org.odpi.openmetadata.frameworks.connectors.ffdc.OCFRuntimeException", "actionDescription": "setGraphLocalRepository", "exceptionErrorMessage": "OMAG-ADMIN-500-001 Method setGraphLocalRepository for OMAG server DMP_metadataServer returned an unexpected exception of org.odpi.openmetadata.frameworks.connectors.ffdc.OCFRuntimeException with message ENCRYPTED-DOC-STORE-400-010 Unable to find any file containing keys in the secure directory, and unable to remove the directory; exception was java.nio.file.DirectoryNotEmptyException with message data/platform/keys/keystore_zZNlcxGXFuIPtqxEDFPmYspYKRTNW618.", "exceptionErrorMessageId": "OMAG-ADMIN-500-001", "exceptionErrorMessageParameters": [ "DMP_metadataServer", "setGraphLocalRepository", "org.odpi.openmetadata.frameworks.connectors.ffdc.OCFRuntimeException", "ENCRYPTED-DOC-STORE-400-010 Unable to find any file containing keys in the secure directory, and unable to remove the directory; exception was java.nio.file.DirectoryNotEmptyException with message data/platform/keys/keystore_zZNlcxGXFuIPtqxEDFPmYspYKRTNW618." ], "exceptionSystemAction": "The system is unable to work with the OMAG server. No change was made to the server's configuration document.", "exceptionUserAction": "This is likely to be either a configuration, operational or logic error. Look for other errors. Validate the request. If you are stuck, raise an issue." }

I also get this error (or something very similar) if I run the container with Autostart enabled.

I was able to run Egeria in intelliJ, configure it, stop it, and then rerun it and be able to use the saved configuration..

Is it the way that I'm building the container?

Thoughts and ideas welcome..

[planetf1]

It's a missing key ....

The default security connector is the encrypted file store.

So to get this to work you’d need to also encrypt using google tink, and store the key in the data directory. You could likely copy both the encrypted file and key from where you created the file. See https://github.com/odpi/egeria/tree/main/open-metadata-implementation/adapters/ope[…]n-store-connectors/configuration-encrypted-file-store-connector

Key is generated data/platform/keys/keystore_ or you can create your own

Alternatively you can use the non-encrypted file store, but to use this you have to issue a REST API call to set the appropriate store to use in the platform configuration … (These simple things are what made configuring in k8s tricky, especially for persistence/restart)

It’s also possible there are permissions issues with the image when trying to do this. I suggest ssh’ing into the container & check the required files are readable (minimum - for the key) and writeable (config - as the platform ALSO WRITES to this file — another pain point!)

[dwolfson]

@planetf1 Hi Nigel, I checked to see that the keys and config files were in fact being copied into the image - and they are. After a careful deployment, making sure all the files were in place, I also tried to run with an initial server and got:

2023-05-15T14:39:24.480Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Starting OMAGServerPlatform using Java 17.0.7 with PID 1 (/deployments/server/server-chassis-spring-4.1-SNAPSHOT.jar started by default in /deployments) 2023-05-15T14:39:24.482Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : No active profile set, falling back to 1 default profile: "default" 2023-05-15T14:39:26.373Z INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 9443 (https) 2023-05-15T14:39:27.042Z WARN 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : strict.ssl is set to false! Invalid certificates will be accepted for connection! 2023-05-15T14:39:29.137Z INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 9443 (https) with context path '' 2023-05-15T14:39:29.157Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Started OMAGServerPlatform in 5.033 seconds (process running for 5.379) 2023-05-15T14:39:29.182Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Startup detected for servers: DMP_metadataServer 2023-05-15T14:39:29.462Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Received startup fail event with message: {} Server startup failed with error: OMAG-ADMIN-500-001 Method activateWithSuppliedConfig for OMAG server DMP_metadataServer returned an unexpected exception of java.lang.IllegalArgumentException with message File parameter 'file is not writable: 'data/servers/DMP_metadataServer/config/DMP_metadataServer.config' 2023-05-15T14:39:29.462Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Temporarily deactivating any auto-started servers '[DMP_metadataServer]' Mon May 15 14:39:29 UTC 2023 OMAG Server Platform shutdown requested. Shutting down auto-started servers (if running): [DMP_metadataServer] Server startup failed with error: OMAG-ADMIN-500-001 Method activateWithSuppliedConfig for OMAG server DMP_metadataServer returned an unexpected exception of java.lang.IllegalArgumentException with message File parameter 'file is not writable: 'data/servers/DMP_metadataServer/config/DMP_metadataServer.config' Error: exit status 43

As suggested, I did check to see if the path was writable in the container and it is not. Is there some change I need to make to the Dockerfile used to build the image?

[davidradl]

@dwolfson the cloud native prototype https://github.com/odpi/egeria/pull/7513 seems to be trying to do something similar. it starts a platform with one server based on a single server config file pointed to by an environment variable. @lpalashevski is moving this early code to the new cloud native repo.

[dwolfson]

@davidradl Thanks, I need to catch up on that - but trying to understand why the current approach isn't working..

[planetf1]

@dwolfson Your server is failing to start due to

file is not writable: 'data/servers/DMP_metadataServer/config/DMP_metadataServer.config'

This is in issue that I hit when working on the operator - see https://github.com/odpi/egeria-k8s-operator/blob/90509e3afba1c9e6a287ecf7ff73aeaee66e0f5d/controllers/egeriaplatform_controller.go#L373

Or at least very similar.

The operator uses configmaps - there is 1 per egeria server, and it's mounted under data/servers// or similar. These are preloaded into k8s. So very similar to what you're doing. And the operator also used the autostart mechanism to subsequently ensure the servers run on startup. These files cannot be written to. So I had to add an init task to copy the config maps from that mount to a writeable (tmp) directory so that the server would start up. It worked of course :-)

One gotcha with the writeability is around security - for example when running in openshift the userid is randomized, and cannot be root, so choregraphing getting the right things in place at the right time isn't trivial....

Then on top It's this jumping around trying to avoid the pitfalls inherent in the current model (writeable files, autostart/having to issue REST APi calls in particular - when in k8s) that in part led to needing a proper rethink about what it means to work nicely with k8s.

As such the simple server launcher that david prototyped is one of those steps....

So to suggest a few things you could do a) Modify the docker file to ensure the statically defined config files are put in place with the correct permissions. If you're only going to run in local docker, you can probably skip over the security constraints for now. b) Create a mounted filesystem within which to place the config file -- this emulates how the helm charts work. But note that podman, rancher, docker desktop and windows vs macOS seems to have some variations (I stuck to k8s) c) Move forward with a simpler launcher as per David's prototype d) Adopt a workaround similar to the initial go-based k8s operator (a combinations of mounts, copies, setting permissions) e) similar to b) but work with modified k8s resources, or a helm chart if k8s is suitable as a target environment f) run egeria as a local process. If it's supporting dev this introduces more dependence on the environment, though could be worth exploring 'testcontainers'

it might be worth adding some use cases for the developer (not us -- of the user of the environment working locally) experience - this could inform both a tactical solution, as well feed into the cloud native workgroup work (accepting that we will have variations!)

[dwolfson]

Well - being somewhat stubborn - I forced the data directory to be writeable all the way down and then built an image from that ..and ran it..which was interesting..Egeria came up and properly started and configured the server - but then became non-responsive to requests...I guess I'll start chasing the above pointers.. ;)

(base) ➜ egeria git:(adda-investigation) ✗ nerdctl run -it -e startup.server.list=DMP_metadataServer -e startup.user=garygeeke -e server.port=9443 -e JAVA_OPTS="-Dstrict.ssl=false" -p 9443:9443 pdr/egeria-dev:monday2 Starting the Java application using /opt/jboss/container/java/run/run-java.sh ... INFO exec java -Dstrict.ssl=false -cp "." -jar /deployments/server/server-chassis-spring-4.1-SNAPSHOT.jar Project Egeria - Open Metadata and Governance

---

/ \ / |/ // | / __/ / / _ _ _ / \ / / _ / / / / _ / / / // /|/ // /| | / / \ \ / _ \ / /| | / // _ \ / / / // // // | / \ / / / | / // || | / // // / / // |/ /_/ / _/ // // / | |/ // // / / // // / \ / / / // / // / / / / / __/// //// ||__/ /__/ _//_/ |/ \/// // // _/\///// \/// // /_/

:: Powered by Spring Boot (v3.0.5) ::

2023-05-15T16:11:20.751Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Starting OMAGServerPlatform using Java 17.0.7 with PID 1 (/deployments/server/server-chassis-spring-4.1-SNAPSHOT.jar started by default in /deployments) 2023-05-15T16:11:20.753Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : No active profile set, falling back to 1 default profile: "default" 2023-05-15T16:11:22.701Z INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 9443 (https) 2023-05-15T16:11:23.347Z WARN 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : strict.ssl is set to false! Invalid certificates will be accepted for connection! 2023-05-15T16:11:25.320Z INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 9443 (https) with context path '' 2023-05-15T16:11:25.334Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Started OMAGServerPlatform in 4.977 seconds (process running for 5.343) 2023-05-15T16:11:25.363Z INFO 1 --- [ main] o.o.o.s.springboot.OMAGServerPlatform : Startup detected for servers: DMP_metadataServer Mon May 15 16:11:25 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0064 The Open Metadata Repository Services (OMRS) has initialized the audit log for the Metadata Access Store called DMP_metadataServer Mon May 15 16:11:25 UTC 2023 DMP_metadataServer Startup OMAG-ADMIN-0001 The DMP_metadataServer server is configured with a max page size of 600 Mon May 15 16:11:25 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0001 The Open Metadata Repository Services (OMRS) is initializing the subsystems to support a new server Mon May 15 16:11:25 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0002 Enterprise access through the Enterprise Repository Services is initializing Mon May 15 16:11:25 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0003 The local repository is initializing the metadata collection named DMP_metadataServer with an id of e915f2fa-aaac-4396-8bde-bcd65e642b1d Mon May 15 16:11:25 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0029 The local repository outbound event manager is initializing Mon May 15 16:11:25 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0030 Registering the Local Repository to Local Enterprise event consumer with the local repository outbound event manager Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0040 An enterprise OMRS connector has been created for the Repository REST Services Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0041 The enterprise OMRS connector for the Repository REST Services has started Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0007 The Open Metadata Repository Services (OMRS) has initialized Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OPEN-METADATA-SECURITY-0003 The Open Metadata Security Service org.odpi.openmetadata.metadatasecurity.samples.CocoPharmaServerSecurityConnector for server DMP_metadataServer is initializing Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0031 The local repository outbound event manager is starting with 1 type definition event consumer(s) and 1 instance event consumer(s) Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0032 The local repository outbound event manager is sending out the 1020 type definition events that were generated and buffered during server initialization Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0040 An enterprise OMRS connector has been created for the Connected Asset Services Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0041 The enterprise OMRS connector for the Connected Asset Services has started Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup CONNECTED-ASSET-SERVICES-0001 The Open Connector Framework (OCF) Metadata Management Service is initializing the connected asset services in a new server instance Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup CONNECTED-ASSET-SERVICES-0003 The Open Connector Framework (OCF) Metadata Management Service has initialized a new instance for server DMP_metadataServer Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OPEN-METADATA-STORE-0001 The Open Metadata Store Services are initializing a new server instance Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OPEN-METADATA-STORE-0005 The Open Metadata Store Services has initialized a new instance for server DMP_metadataServer Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OPEN-INTEGRATION-SERVICE-0001 The Open Integration Service is initializing a new server instance Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OPEN-INTEGRATION-SERVICE-0005 The Open Integration Service has initialized a new instance for server DMP_metadataServer Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAG-ADMIN-0010 The Open Metadata Access Services (OMASs) are starting Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0040 An enterprise OMRS connector has been created for the Asset Manager OMAS Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0041 The enterprise OMRS connector for the Asset Manager OMAS has started Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-ASSET-MANAGER-0001 The Asset Manager Open Metadata Access Service (OMAS) is initializing a new server instance Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-ASSET-MANAGER-0005 The Asset Manager Open Metadata Access Service (OMAS) has initialized a new instance for server DMP_metadataServer Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0040 An enterprise OMRS connector has been created for the Asset Consumer OMAS Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0041 The enterprise OMRS connector for the Asset Consumer OMAS has started Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-ASSET-CONSUMER-0001 The Asset Consumer Open Metadata Access Service (OMAS) is initializing a new server instance Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-ASSET-CONSUMER-0003 The Asset Consumer Open Metadata Access Service (OMAS) has initialized a new instance for server DMP_metadataServer Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0040 An enterprise OMRS connector has been created for the Asset Owner OMAS Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0041 The enterprise OMRS connector for the Asset Owner OMAS has started Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-ASSET-OWNER-0001 The Asset Owner Open Metadata Access Service (OMAS) is initializing a new server instance Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-ASSET-OWNER-0003 The Asset Owner Open Metadata Access Service (OMAS) has initialized a new instance for server DMP_metadataServer Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0040 An enterprise OMRS connector has been created for the Governance Engine OMAS Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0041 The enterprise OMRS connector for the Governance Engine OMAS has started Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-GOVERNANCE-ENGINE-0001 The Governance Engine Open Metadata Access Service (OMAS) is initializing a new server instance Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAS-GOVERNANCE-ENGINE-0005 The Governance Engine Open Metadata Access Service (OMAS) has initialized a new instance for server DMP_metadataServer Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAG-ADMIN-0012 4 out of 4 configured Open Metadata Access Services (OMASs) have started. Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0019 An OMRS Topic Connector has registered with an event bus connector for topic DMP_metadataServer.openmetadata.repositoryservices.enterprise.DMP_metadataServer.OMRSTopic Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0020 An OMRS Topic Connector is ready to send and receive events on topic DMP_metadataServer.openmetadata.repositoryservices.enterprise.DMP_metadataServer.OMRSTopic Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMAG-ADMIN-0004 The DMP_metadataServer server has successfully completed start up. The following services are running: [Open Metadata Repository Services (OMRS), Connected Asset Services, Open Metadata Store Services, Open Integration Service, Asset Manager OMAS, Asset Consumer OMAS, Asset Owner OMAS, Governance Engine OMAS] Mon May 15 16:11:27 UTC 2023 OMAG Server 'DMP_metadataServer' successful start , with message: Mon May 15 16:11:27 UTC 2023 DMP_metadataServer is running the following services: [Open Metadata Repository Services (OMRS), Connected Asset Services, Open Metadata Store Services, Open Integration Service, Asset Manager OMAS, Asset Consumer OMAS, Asset Owner OMAS, Governance Engine OMAS]

Mon May 15 16:11:27 UTC 2023 OMAG server platform ready for more configuration Mon May 15 16:11:27 UTC 2023 DMP_metadataServer Startup OMRS-AUDIT-0015 The listener thread for an OMRS Topic Connector for topic DMP_metadataServer.openmetadata.repositoryservices.enterprise.DMP_metadataServer.OMRSTopic has started

[davidradl]

@dwolfson Ok no worries - my change does not write back to the config file - as we do not want this in this case I think.

[planetf1]

@dwolfson Ok no worries - my change does not write back to the config file - as we do not want this in this case I think. Absolutely -- not writing back is absolutely what we eventually need :-)

[planetf1]

Well - being somewhat stubborn - I forced the data directory to be writeable all the way down and then built an image from that ..and ran it..which was interesting..Egeria came up and properly started and configured the server - but then became non-responsive to requests...I guess I'll start chasing the above pointers.. ;)

That should be fine if just running locally

When you say non-responsive to requests, were you seeing log entries? Was it just busy/using cpu resources? Was it having trouble starting a connector? I presume you didn't configure event bus/cohort - as if so it would be waiting for kafka?

You can enable debug in the container, then attach with IntelliJ if needed. You'll need to set the JAVA_OPTS variable in the container to something like -agentlib:jdwp=transport=dt_socket,address=5005,server=y,suspend=n

[dwolfson]

@davidradl Hi David - what does your change do? I didn't see it in git (or maybe I'm not looking in the right place)

[dwolfson]

@planetf1 Actually it is rejecting my rest requests due to certificate errors even though strict.ssl=False

http: LogLevel.ERROR: SSLError: HTTPSConnectionPool(host='localhost', port=9443): Max retries exceeded with url: /open-metadata/platform-services/users/garygeeke/server-platform/origin (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)'))) while doing a GET request to URL: https://localhost:9443/open-metadata/platform-services/users/garygeeke/server-platform/origin

[planetf1]

Can you explain the context. Are you seeing that log file in the server or a client application?

Are you trying to get to server origin via curl etc

strict.ssl is a Java system property (or for the chassis a spring property) that we use in many of the Egeria applications to introduce a very relaxed certificate verifier for the current/default security context.

If you enable debug logs, you will see debit out put from the http helper class that implements this

[planetf1]

Postman ..... go into settings->general and turn off 'SSL certificate verification

Curl ... add the '-k'

Httpie .... add '--verify=no'

Or add the appropriate parameters for the correct certificate configuration . See https://egeria-project.org/guides/admin/omag-server-platform-transport-level-security/

[dwolfson]

@planetf1 As an aside, I was testing with Postman it was set properly - will have to come back to that issue...beacuse...

Much more interesting progress was had.

Since the process on my mac using nerdctl wasn't what I expected, I decided to test the process on my linux box with standard Docker - and had much better results! I was able to autostart the docker image with the right configuration and I didn't have to chmod the files first. The. configuration mostly worked out of the box.

Mostly...so I was setting my repository to the built-in Janusgraph over BerkeleyDB. And that only sort of worked. I could create terms and search for all terms but couldn't do wildcard searches - suggesting an issue with the Lucene configuration. So I looked into the container and found that the owner of the files created during the build were root and the new files created for the index during runtime were owned by default-user. I assume that the container is running as default-user. So now in the next round I probably need to modify the docker file to explicitly set the user - or allow the target user to be set at runtime using the run command (then who owns the files in the image?). Anyway, I feel like I've progressed a step forward - but more work to do... thoughts?

[planetf1]

@dwolfson I'd say that in general, persisting data in distinct volumes is preferred in a container environment - be it k8s, docker, podman, rancher. Docker itself also has 'bind mounts' which will just use a local directory. This could be useful for a developer environment. I think rancher/podman support this too, but I bet there are subtle differences.

Whilst you can keep data within the container, and commit as needed to the image, it's not particularly portable, or clear how to manage the data. If we deem the data purely to be temporary then it's probably ok.

The user a container runs with varies. In a simple container environment it will probably be the user encoded within the Dockerfile (and special permissions may be needed for root). You'll notice that our egeria container mostly runs with user 'jboss' as that is what the base openjdk redhat image uses

There are also techniques to map userids between the container namespace and local OS if needed (lookup 'user_namespaces' ie https://manpages.ubuntu.com/manpages/bionic/man7/user_namespaces.7.html) - but you'll probably be defaulting to a 1:1 mapping

Anyway assuming you are sticking to inside the container, want to get the right files in at build time, then take a look at https://github.com/odpi/egeria-connector-integration-event-schema/blob/main/Dockerfile . This is an example of adding an extra connector. In this case I wanted to retain the same ownership of root during build time, and then flip back to jboss after. You could also RUN 'chown' commands as needed. In your case you probably want to do the copy as jboss

I'll add again the caveat that there differences. If you have a Dockerfile to share I can check it out. Even better if that was generic enough to share in the project, perhaps as a sample.

[planetf1]

Will reassign to you, since you are now driving this work - but just mention with any questions

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 20 days if no further activity occurs. Thank you for your contributions.