Re: How to install things on specfic APP container
Michal Tekel
Hi,
depending on which buildpack you use it might be easier or more complicated
to launch custom scripts at app runtime. In these scripts you can install
apps, but only in "userspace" - that is, not as root. This is possible for
various ubuntu packages, but it involves manual resolution of dependencies,
which all need to be installed in the same userspace.
In our case we have run nmap to do port scan from within app container (to
verify what everything is reachable by deployed apps). We have used install
script [1], which we added into bin/post_compile (python buildpack) - which
would run at the end of staging and put installed packages into the final
app droplet, making them available inside app container on launch. We then
run the scan by using another script [2] where we explicitly define
LD_LIBRARY_PATH to point to dependencies that we have also installed in
"userspace".
This is quite cumbersome, but at least it can be done this way. Some other
PAASes support direct installation of package dependencies in their
buildpacks [3].
[1]
https://github.com/alphagov/paas-cf/blob/c0db1e38a9294112b8ecbfd7e0eee3dea5cf94ac/tests/example-apps/port-scan/nmap_portable.sh
[2]
https://github.com/alphagov/paas-cf/blob/c0db1e38a9294112b8ecbfd7e0eee3dea5cf94ac/tests/example-apps/port-scan/scan.sh
[3] https://docs.tsuru.io/stable/using/python.html - see requirements.apt
file description
toggle quoted message
Show quoted text
depending on which buildpack you use it might be easier or more complicated
to launch custom scripts at app runtime. In these scripts you can install
apps, but only in "userspace" - that is, not as root. This is possible for
various ubuntu packages, but it involves manual resolution of dependencies,
which all need to be installed in the same userspace.
In our case we have run nmap to do port scan from within app container (to
verify what everything is reachable by deployed apps). We have used install
script [1], which we added into bin/post_compile (python buildpack) - which
would run at the end of staging and put installed packages into the final
app droplet, making them available inside app container on launch. We then
run the scan by using another script [2] where we explicitly define
LD_LIBRARY_PATH to point to dependencies that we have also installed in
"userspace".
This is quite cumbersome, but at least it can be done this way. Some other
PAASes support direct installation of package dependencies in their
buildpacks [3].
[1]
https://github.com/alphagov/paas-cf/blob/c0db1e38a9294112b8ecbfd7e0eee3dea5cf94ac/tests/example-apps/port-scan/nmap_portable.sh
[2]
https://github.com/alphagov/paas-cf/blob/c0db1e38a9294112b8ecbfd7e0eee3dea5cf94ac/tests/example-apps/port-scan/scan.sh
[3] https://docs.tsuru.io/stable/using/python.html - see requirements.apt
file description
On 7 May 2016 at 03:52, Stanley Shen <meteorping(a)gmail.com> wrote:
Yes, the file is actually stored in database, we don't rely on the FS of
the container.
Just we want to do virus scan and other checks before we accept it and
store it to database.