search

openkm / document-management-system

OpenKM is a Open Source Document Management System
https://www.openkm.com/
GNU General Public License v2.0
671 stars 297 forks source link

The Docker image uses VOLUME directive incorrectly #364

Open jakubgs opened 6 months ago

jakubgs commented 6 months ago

Currently the official Docker image applies the VOLUME directive to the /opt/tomcat folder:

 > docker history openkm/openkm-ce:6.3.12 | grep VOLUME
<missing>      14 months ago   /bin/sh -c #(nop)  VOLUME [/opt/tomcat]         0B

But this is wrong if you look at the documentation for Docker:

Volumes are the preferred mechanism for persisting data generated by and used by Docker containers. — https://docs.docker.com/storage/volumes/

Since /opt/tomcat folder contains software in form or JARs, WARs, and scripts, it is not supposed to be a volume, since volumes are intended for "data generated and used Docker containers". This means VOLUME directive was used incorrectly.

Furthermore:

Changing the volume from within the Dockerfile: If any build steps change the data within the volume after it has been declared, those changes will be discarded.https://docs.docker.com/engine/reference/builder/#notes-about-specifying-volumes

This in effect means that it is impossible to modify the /opt/tomcat folder - for example to change permissions - since it's a volume:

FROM openkm/openkm-ce:6.3.12
RUN chown -R www-data /opt/tomcat
USER www-data

Such a Dockerfile intended to allow the container as non-root user will have no effect, since the /opt/tomcat folder is a volume.

The correct usage of VOLUME directive would be for folders like /opt/tomcat/conf or /opt/tomcat/data, not /opt/tomcat.

jakubgs commented 6 months ago

Furthermore, the turning of /opt/tomcat into a volume means that every time the containers are re-created the volumes are as well, which leaves a lot of large volumes on the host:

 > docker system df
TYPE            TOTAL     ACTIVE    SIZE      RECLAIMABLE
Images          0         0         0B        0B
Containers      0         0         0B        0B
Local Volumes   55        0         19.83GB   19.83GB (100%)
Build Cache     0         0         0B        0B

About 360 MB per volume in case of Pro version, or 280 MB in Community version:

 > d run --rm -it --entrypoint=/bin/sh openkm/openkm-ce:6.3.12
# du -hsc /opt/tomcat
280M    /opt/tomcat
280M    total