I deployed a PHP+postgreqsl application (TinyTiny RSS, https://github.com/dittos/ttrss-mirror) on the new Openshift v3. On initial access you create a config.php from the available template, which contains DB passwords etc. to enable tt-rss to connect to the database. Now I need to add that file to the app root directory (/opt/app-root/src/) where tt-rss expects it.
Following the apparently canonical way I created a configmap with the key config.php and the file contents as the value. However, when mounting that config file into a volume to make it available to the application, I ran into problems as it's apparently expected that the mountpoint of the volume is a non-existing directory, so when I gave a target path of /opt/app-root/src/, my application code got overwritten.
Then, I found a way to provide a single file in an already populated directory:
you need to supply the absolute path including the filename in the mountPath and the filename again in subPath. The filename (obviously) needs to match the key in your config map.
I did that, but that leads to an inaccessible (no permissions) config.php file with very strange properties, see excerpt of ls -la in the deployed pod:
drwxrwxr-x. 8 default root 4096 Sep 29 13:41 classes
-?????????? ? ? ? ? ? config.php
-rw-rw-r--. 1 default root 8057 Sep 29 13:41 config.php-distconfig.php-dist is the template. What's up with the question marks?? Is this feature not working on Openshift?
The related YAML parts look like this:
volumeMounts:
- mountPath: /opt/app-root/src/config.php
name: volume-2k03m
subPath: config.phpand
volumes:
- configMap:
defaultMode: 420
items:
- key: config.php
path: config.php
name: tt-rss-config
name: volume-2k03mIs there a way to fix this configuration? Is there another way to "inject" (for want of a better word) that config.php into the application?
Some people recommend symlinks, but I don't know how to programmatically create a symlink at the needed location without running into the same problems as with config.php itself.
I don't want to push it to the (public) source repo as it contains secrets and the source repo is actually an upstream repo that I would prefer not to fork and continually keep up-to-date myself.
Not being familiar with tt-rss, the way I would do this is to pre-create the config.php file and include it in your source code. You can use environment variables in config.php for any values that would change.
And then it's not clear if you have to move the config.php file out of your repo directory or not, but anything you would need to do after a container is already running is a perfect use case for .s2i/bin scripts. Here's a sample run script, use it exactly as it is, and then just add anything else you need, like moving files, or changing permissions (note: you can't change anything that requires root permissions). Finally, any additional configuration of PHP cam be done via environment variables defined in the PHP S2I documentation.
Apparently, this is a current bug, see https://github.com/openshift/origin/issues/15750 and https://bugzilla.redhat.com/show_bug.cgi?id=1481617#c1.
As a workaround, specify the subPath like this: subPath: ..data/config.php, and everything starts to work as expected.