Content
Updated by Markus Kahl 5 months ago
### Steps to reproduce
1. Have a local _minikube_ or _kind_ cluster set up
2. Try installing OpenProject via its helm chart
To reproduce the underlying issue more directly, you can also use _docker_ directly.
```bash
docker run --rm -v ./app-tmp:/app/tmp -v ./sys-tmp:/tmp --read-only -it openproject/openproject:15.3-slim ruby -e "require 'tempfile'; Dir.tmpdir"
```
### What is the buggy behavior?
* The containers fail to start due to the following error
```text
system temporary path is not writable: /tmp
/tmp is not writable: /tmp
. is not writable: /app
/usr/local/lib/ruby/3.4.0/tmpdir.rb:44:in 'Dir.tmpdir': could not find a temporary directory (ArgumentError)
end or raise ArgumentError, "could not find a temporary directory"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
from -e:1:in '<main>'
```
### What is the expected behavior?
* The containers should start
### Workaround
Disable the read-only file system and the use of tmp volumes via `values.yaml`.
```yaml
containerSecurityContext:
readOnlyRootFilesystem: false
openproject:
useTmpVolumes: false
```
### Environment information
**OpenProject installation type**
* helm
* this happens here because the chart configures a read-only file system and mounts PVCs for its tmp folders (/app/tmp and /tmp)
* we have **not** observed this on production clusters because it seems to be specific to _minikube_ and _kind_ that mounted volumes are world writable
**OpenProject version**
v15.3.0
1. Have a local _minikube_ or _kind_ cluster set up
2. Try installing OpenProject via its helm chart
To reproduce the underlying issue more directly, you can also use _docker_ directly.
```bash
docker run --rm -v ./app-tmp:/app/tmp -v ./sys-tmp:/tmp --read-only -it openproject/openproject:15.3-slim ruby -e "require 'tempfile'; Dir.tmpdir"
```
### What is the buggy behavior?
* The containers fail to start due to the following error
```text
system temporary path is not writable: /tmp
/tmp is not writable: /tmp
. is not writable: /app
/usr/local/lib/ruby/3.4.0/tmpdir.rb:44:in 'Dir.tmpdir': could not find a temporary directory (ArgumentError)
end or raise ArgumentError, "could not find a temporary directory"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
from -e:1:in '<main>'
```
### What is the expected behavior?
* The containers should start
### Workaround
Disable the read-only file system and the use of tmp volumes via `values.yaml`.
```yaml
containerSecurityContext:
readOnlyRootFilesystem: false
openproject:
useTmpVolumes: false
```
### Environment information
**OpenProject installation type**
* helm
* this happens here because the chart configures a read-only file system and mounts PVCs for its tmp folders (/app/tmp and /tmp)
* we have **not** observed this on production clusters because it seems to be specific to _minikube_ and _kind_ that mounted volumes are world writable
**OpenProject version**
v15.3.0