Issues to consider before releasing as production

[manics]

Now that #1 is merged we're close to production. Once this becomes official it'll be harder to make changes. Some of the issues we should give a final review to are:

• Configuration environment variables: e.g. CONFIG_omero_web_public_enabled=false becomes omero.web.public.enabled=false
• Default passwords: The default OMERO root account password is omero, should we generate a random password instead? Similarly for the public password when Enable public user #2 is merged?
• Default value for the database host. Currently it's db under the assumption that a postgres container will be linked with the name db, should we remove the default and make it mandatory instead?

[joshmoore]

• I slightly prefer using the dotted versions and dropping the underscore parsing.
• I'd vote yes for generating passwords.
• I don't particularly mind db being part of the the docker "API".

[manics]

I slightly prefer using the dotted versions

Unfortunately that doesn't work for environment variables:

$ docker run -it -e ENV.VAR=a -e ENV_VAR=b centos sh -c 'set | grep ENV'
BASH_EXECUTION_STRING='set | grep ENV'
ENV_VAR=b

[joshmoore]

docker run -ti --rm -e a.b=1 centos python -c "import os; print os.environ['a.b']"

does as does:

docker run -it --rm -e ENV.VAR=a -e ENV_VAR=b centos bash -c 'printenv ENV.VAR'
a

[manics]

Cool, I wasn't aware of that. Do you know an easy way to reference ENV.VAR in a shell, e.g. @dpwrussell uses a bash script in #2 165c1ae

[dpwrussell]

I also just realised that the underscore replacement technique wont work because of configs like this: omero.web.public.url_filter, which contain a literal underscore.

[dpwrussell]

With respect to password generation, it would then be necessary to pass in a password if using docker-compose (or some other prescripted docker start commands) I assume?

[manics]

Underscores are supported by replacing _ with __, e.g. CONFIG_omero_web_public_url__filter=

. in the variable names seems nicer but less standard or obvious to work with in scripting languages. Do you have a preference, or other ideas?

For password generation: I guess if you're linking containers then the onus would be on you to define a password for all containers requiring it.

[dpwrussell]

Ah, I see.

I think it would be a mistake to use the periods as then it is harder to customize as you couldn't write a bash script for example.

I can imagine that as configs get more complicated, we would probably want to be passing some encoded lock of YML or JSON, so perhaps the underscore technique is ok, if it is not going to be the recommended way down the line.

[manics]

One alternative to using env-vars could be to pass them as command line parameters when starting the container, e.g. docker run openmicroscopy/omero-server --config omero.db.name=xxx --config omero.data.dir=/external/mount

[mtbc]

Though, maybe not for passwords because one's command-line parameters are visible to other users on the system. (I may be misunderstanding this discussion though.)