Minor Description
When running a new container, with variables passed in through -e or --env-file, variables with a dollar sign get corrupted when stopping and starting a container. When the container starts, it saves all Grouper env variables into /opt/grouper/grouperEnv.sh, into an (unquoted) export statement for each variable. Then when a container is stoppeed and then restarted, it executes these lines to set them again. Since the export commands are not quoted, it interprets any value with a dollar sign as something to interpolate variables into.
I haven't looked into any potential environment flags to pass in that would circumvent reading grouperEnv.sh. Stopped containers should retain their existing environment, so I am not sure what the purpose of this is, since it overwrites a good value with a bad one.
(Window 1)
|
podman run \
|
--name grouper_loader_debug \
|
-e GROUPER_OPENSHIFT=true \
|
--mount type=bind,source=/opt/local/GrouperSyncRunner/log/grouper_loader.log,target=/tmp/logtomcat \
|
--env-file=/opt/local/grouper/config/grouper-secrets.env \
|
-e 'GROUPER_DATABASE_HELLO=Hello$World' \
|
-it unc-idm/grouper-docker:latest daemon
|
|
|
|
|
(Window 2)
|
podman exec -it grouper_loader_debug bash
|
[root@d148472ac8a7 WEB-INF]# echo $GROUPER_DATABASE_HELLO
|
Hello$World
|
|
|
[root@d148472ac8a7 WEB-INF]# xargs -r0a "/proc/1/environ" printf "%s\n" | grep HELLO
|
GROUPER_DATABASE_HELLO=Hello$World
|
|
|
[root@c378c21d16e7 WEB-INF]# cat /opt/grouper/grouperEnv.sh | grep HELLO
|
export GROUPER_DATABASE_HELLO=Hello$World
|
|
|
[root@d148472ac8a7 WEB-INF]# exit
|
|
|
|
|
[(1)idman@idmtools-snd log 566]$ podman container stop grouper_loader_debug
|
[(1)idman@idmtools-snd log 567]$ podman container start grouper_loader_debug
|
[(1)idman@idmtools-snd log 574]$ podman exec -it grouper_loader_debug bash
|
|
|
[root@c378c21d16e7 WEB-INF]# echo $GROUPER_DATABASE_HELLO
|
Hello$World
|
|
|
[root@c378c21d16e7 WEB-INF]# xargs -r0a "/proc/1/environ" printf "%s\n" | grep HELLO
|
GROUPER_DATABASE_HELLO=Hello
|
Note that in the restarted container, a new process for bash has the correct value. But the Grouper daemon process with id=1 has the wrong value after restarting.
Logs for the restarted container show that it's executing those export lines as is:
grouperContainer; INFO: (library.sh) Start loading library.sh
|
grouperContainer; INFO: (library.sh) End loading library.sh
|
grouperContainer; INFO: (libraryPrep.sh-prep_conf) Start setting up initial pipes
|
grouperContainer; INFO: (libraryPrep.sh-prep_conf) GROUPER_USE_PIPES=true
|
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/logpipe
|
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/logsuperd
|
grouperContainer; INFO: (librarySetupPipe.sh-setupPipe) Setup pipe: /tmp/loggrouper
|
grouperContainer; INFO: (libraryPrep.sh-prep_conf) End setting up initial pipes
|
grouperContainer; INFO: (libraryPrep.sh-prep_conf) Loading env vars from /opt/grouper/grouperEnv.sh
|
grouperContainer; INFO: (entrypoint.sh) Executing daemon
|
grouperContainer; INFO: (libraryPrep.sh-prep_daemon) export GROUPER_DAEMON=true
|
...
|