[
https://issues.apache.org/jira/browse/FINERACT-830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17103161#comment-17103161
]
Petri Tuomola commented on FINERACT-830:
----------------------------------------
[~xurror] I think error is because tomcat/temp directory is owned by root, is
not writeable by the tomcat user. There's also a tomcat/tmp directory with the
right permissions, but for some reason the environment variable for temp
directory is pointing to the tomcat/temp rather than tomcat/tmp.
So possible solutions would be either to change the environment variable to
point to the right directory, or run chown to change the owner of the "other"
temp directory.
But of course this issue is likely to be specific to the bitnami tomcat distro
- if we are moving away to another image then it's probably worth not spending
time on find a fix to this...
> Use distroless base image instead of bitnami/tomcat in container
> ----------------------------------------------------------------
>
> Key: FINERACT-830
> URL: https://issues.apache.org/jira/browse/FINERACT-830
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Michael Vorburger
> Priority: Major
> Labels: kubernetes, technical
>
> Rohit Verma on the mailing list raised using a "more hardened base image like
> distroless".
> I'll admit that I'm personally not a huge fan of "FROM bitnami/tomcat:7.0.94"
> myself! Any contributions you'd like to make on this front would be very very
> welcome, from my side.
> https://github.com/GoogleContainerTools/distroless is a great alternative.
> (BTW
> https://access.redhat.com/containers/?tab=images#/registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift
> is a another great choice, if you're into something supported.)
> Your mission, should you choose to accept it and work on this issue, would be
> to raise a PR modifying our Dockerfile, but then still have the related test
> at the end of .travis.yml pass - everything (container, Docker Compose,
> Kubernetes) should, obviously, still "work as is", even if you go for
> changing the base image. Makes sense and sounds fair?
>
> PS: What we really should do at some point is move away from 1990s style
> WAR-in-Tomcat, and make java -jar fineract.war work instead (and then use
> that in the container)... people working on this could also contribute,
> before or after, to FINERACT-730. (On a related front, there's also
> FINERACT-764, but both are probably independent enough from each other to be
> tackled separately.)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
