Request for comments - changing Mosquitto's volumes definitions #269
Description
I'm thinking of proposing a Pull Request to (slightly) simplify Mosquitto's persistent volumes definitions.
At the moment, the definitions look like this:
volumes:
- ./volumes/mosquitto/data:/mosquitto/data
- ./volumes/mosquitto/log:/mosquitto/log
- ./volumes/mosquitto/pwfile:/mosquitto/pwfile
- ./services/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf
- ./services/mosquitto/filter.acl:/mosquitto/config/filter.acl
I'm thinking it should be like this:
volumes:
- ./volumes/mosquitto/data:/mosquitto/data
- ./volumes/mosquitto/log:/mosquitto/log
- ./volumes/mosquitto/pwfile:/mosquitto/pwfile
- ./services/mosquitto:/mosquitto/config:ro
Docker-compose assumes that everything in a volumes definition is a folder. File mappings "work" but any time a file goes missing, docker-compose will automatically create a folder with root ownership. The result is a mess that you have to undo by hand.
Out-of-the-box, IOTstack sets up the ~/IOTstack/services directory and its contents with ownership pi:pi.
Mosquitto runs as user ID 1883. The two files in ./services/mosquitto mentioned in the definition (mosquitto.conf and filter.acl) have mode 644 so they are read-only for world, which is why the container can read them. The corollary is that Mosquitto has never needed write access to either file. Hence the read-only (:ro) suffix on the proposed folder mapping.
It's true that mapping the ./services/mosquitto folder lets the container see everything else in the folder (eg service.yml) but it can't do anything with them because of the read-only flag.
I've tested this change on my own systems and it works.
Questions, comments, violent objections - all welcome!