Closed masalinas closed 7 years ago
@rmg can comment more on his choices with the dockerfile, but
read permissions for all users
you do realize that strong-pm needs write access?
Also, why are you using strong-pm in docker? We supply it, because some people find it a convenient way to run and try strong-pm out, but strong-supervisor is a much better fit for docker.
strong-pm adds remote deploy capabilities, but since docker systems support this themselves, its not a great fit with docker.
The use of chown -R strong-pm:strong-pm /usr/local && su strong-pm -c ".."
serves two purposes:
/usr/local/*
(only) instead of disabling all of npm's privilege separation with --unsafe-perms
su
in the RUN
layer instead of doing a second RUN
after USER strong-pm
in order to reduce layers.That said, these Dockerfiles were last touched over a year ago and their origins date back to over 2 years ago. This is a long time in the world of Docker best practices!
@masalinas if you are actually using the strongloop/strong-pm image that gets published to Docker Hub and you feel strongly about this change then please feel free to submit a pull request for it.
@sam-github Actually we are using docker with this infraestructure inside one container:
We use several volumes attached to the container to persist logs, flows repository and ftp integration messages and mongodb compose to persist any business data
All this services controlled by supervisor under IBM Bluemix.
@masalinas you don't use arc, though, right? I would suggest looking at strong-supervisor, it is simpler, and might do everything you want.
I checked your last dockerfile to instance a docker container with strong-pm running inside. I observed that you change the owner of the /usr/local directory to strong-pm user to installed the process, but Why do you do that??. I think that the correct way to install strong-pm is under root the natural way and later you could start the process under strong-pm with any problem because the directory have read permissions for all users
This is your code
This is the code recomended by me: