Docker-CODE
Docker-CODE copied to clipboard
CollaboraOnline
ERR Failed to load: file:///user/docs/nXqzbaME0Cw3450N/About.odt, error: loadComponentFromURL returned an empty reference| kit/Kit.cpp:1484
I try to connect nextcloud running on server1 with CODE 3 running on server2. Opening a document gives me the CODE menu but then I get a message which says that the document could not be loaded.
Versions Collabora Office 5.3.10.36 Build bb5e55d407c013b5b59459d9551268924cd7f785 Nextcloud 12.04
Logs
wsd-00025-00034 23:45:41.797344 [ websrv_poll ] WRN WOPI host did not pass optional access_token_ttl| wsd/FileServer.cpp:471
wsd-00025-00038 23:45:42.552152 [ docbroker_001 ] WRN Missing JSON property [WatermarkText]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552289 [ docbroker_001 ] WRN Missing JSON property [HidePrintOption]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552356 [ docbroker_001 ] WRN Missing JSON property [HideSaveOption]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552429 [ docbroker_001 ] WRN Missing JSON property [HideExportOption]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552546 [ docbroker_001 ] WRN Missing JSON property [EnableOwnerTermination]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552605 [ docbroker_001 ] WRN Missing JSON property [DisablePrint]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552658 [ docbroker_001 ] WRN Missing JSON property [DisableExport]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552706 [ docbroker_001 ] WRN Missing JSON property [DisableCopy]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.552793 [ docbroker_001 ] WRN Missing JSON property [DisableInactiveMessages]| wsd/Storage.cpp:421
wsd-00025-00038 23:45:42.901448 [ docbroker_001 ] WRN Attempted ping on non-upgraded websocket!| ./net/WebSocketHandler.hpp:280
kit-00032-00039 23:45:43.210406 [ lokit_001 ] ERR Failed to load: file:///user/docs/nXqzbaME0Cw3450N/About.odt, error: loadComponentFromURL returned an empty reference| kit/Kit.cpp:1484
kit-00032-00039 23:45:43.211604 [ lokit_001 ] ERR Failed to get LoKitDocument instance.| kit/ChildSession.cpp:363
kit-00032-00039 23:45:43.211793 [ lokit_001 ] WRN Document::ViewCallback. Session [-1] is no longer active to process [STATUS_INDICATOR_START] [(nil)] message to Master Session.| kit/Kit.cpp:1799
kit-00032-00039 23:45:43.211824 [ lokit_001 ] WRN Document::ViewCallback. Session [-1] is no longer active to process [STATUS_INDICATOR_SET_VALUE] [100] message to Master Session.| kit/Kit.cpp:1799
kit-00032-00039 23:45:43.211842 [ lokit_001 ] WRN Document::ViewCallback. Session [-1] is no longer active to process [STATUS_INDICATOR_FINISH] [(nil)] message to Master Session.| kit/Kit.cpp:1799
wsd-00025-00038 23:45:43.334510 [ docbroker_001 ] ERR Socket #22 SSL BIO error: closed (0).| ./net/SslSocket.hpp:255
wsd-00025-00038 23:45:43.334806 [ docbroker_001 ] ERR Socket #22 SSL BIO error: error:140D00CF:SSL routines:SSL_write:protocol is shutdown (errno: Success)| ./net/SslSocket.hpp:273
wsd-00025-00038 23:45:43.335240 [ docbroker_001 ] WRN ToClient-0002: Exception while closing socket for docKey [/apps/richdocuments/wopi/files/108_ocvfpdq3o6vh]: error:140D00CF:SSL routines:SSL_write:protocol is shutdown| wsd/ClientSession.cpp:919
kit-00032-00039 23:45:43.335366 [ lokit_001 ] WRN Skipping unload on incomplete view.| kit/ChildSession.cpp:72
kit-00032-00039 23:45:43.335412 [ lokit_001 ] ERR No socket associated with WebSocketHandler 0x0x136a1dd0| ./net/WebSocketHandler.hpp:100
wsd-00025-00038 23:45:43.857892 [ docbroker_001 ] ERR #21: Wrote outgoing data -1 bytes. (errno: Broken pipe)| ./net/Socket.hpp:927
wsd-00025-00038 23:45:43.857974 [ docbroker_001 ] ERR #21: Wrote outgoing data -1 bytes. (errno: Broken pipe)| ./net/Socket.hpp:927
wsd-00025-00026 23:45:43.858205 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_001], started: true, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 23:45:43.858244 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_001], started: true, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 23:45:43.858293 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_001], started: false, finished: true| ./net/Socket.hpp:507
wsd-00025-00026 23:45:43.858313 [ prisoner_poll ] WRN Waking up dead poll thread [docbroker_001], started: false, finished: true| ./net/Socket.hpp:507
Thank you for your great work, guys.
I'm hitting the same problem with the Docker image.
I've tried collabora/code:3.4.0.8 and a few earlier versions.
At some point turning logging up to debug yielded a slightly more descriptive error:
[ lokit_002 ] ERR Failed to load: file:///user/docs/J59M6usQHRz6Sv4E/About.odt, error: Unsupported URL <file:///user/docs/J59M6usQHRz6Sv4E/About.odt>: "type detection failed"| kit/Kit.cpp:1554
Still, I'm not sure how to proceed from it.
I've even tried building my own Docker image of Collabora Online, based on CentOS 7.5. I've confirmed things working on CentOS 7.5 in a VM, without Docker, so I tried replicating that setup as a container.. Unfortunately, I'm hitting the same exact problem with my own image too. For some reason it won't work in a container.
This is on Docker CE 18.06 with the overlay2 storage driver backed by an xfs filesystem.
I'm starting the container with the root user and with --cap-add MKNOD. I even tried adding --privileged or --cap-add ALL, but to no avail. SELinux is completely disabled too.
Same issue
Debian 9 Installed packages:
ii collaboraoffice5.3 5.3.10.61-61 amd64 Brand module for Collabora Office 5.3 -61 ii collaboraoffice5.3-ure 5.3.10.61-61 amd64 UNO Runtime Environment -61 ii collaboraofficebasis5.3-calc 5.3.10.61-61 amd64 Calc module for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-core 5.3.10.61-61 amd64 Core module for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-draw 5.3.10.61-61 amd64 Draw module for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-en-us 5.3.10.61-61 amd64 Language module for Collabora Office 5.3, language en_US -61 ii collaboraofficebasis5.3-en-us-calc 5.3.10.61-61 amd64 Calc language module for Collabora Office 5.3, language en_US -61 ii collaboraofficebasis5.3-en-us-res 5.3.10.61-61 amd64 Language resource module for Collabora Office 5.3, language en_US -61 ii collaboraofficebasis5.3-extension-pdf-import 5.3.10.61-61 amd64 PDF import extension for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-filter-data 5.3.10.61-61 amd64 Filter data for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-graphicfilter 5.3.10.61-61 amd64 Graphic filter module for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-images 5.3.10.61-61 amd64 Images module for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-impress 5.3.10.61-61 amd64 Impress module for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-noto-fonts 5.3.10.61-61 amd64 Google Noto fonts for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-ooofonts 5.3.10.61-61 amd64 3rd party free fonts for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-ooolinguistic 5.3.10.61-61 amd64 Linguistic module for Collabora Office 5.3 -61 ii collaboraofficebasis5.3-ru 5.3.10.61-61 amd64 Language module for Collabora Office 5.3, language ru -61 ii collaboraofficebasis5.3-ru-res 5.3.10.61-61 amd64 Language resource module for Collabora Office 5.3, language ru -61 ii collaboraofficebasis5.3-writer 5.3.10.61-61 amd64 Writer module for Collabora Office 5.3 -61 nextcloud 15
kit-30603-30634 2018-12-15 07:59:58.870659 [ lokit_001 ] ERR Failed to load: file:///user/docs/vUTo5YFHFK8hLgq2/%D0%9F%D1%80%D0%BE%D0%B1%D0%BB%D0%B5%D0%BC%D0%BD%D1%8B%D0%B5%20%D0%B4%D0%BE%D0%BC%D0%B0.xlsx, error: Unsupported URL <file:///user/docs/vUTo5YFHFK8hLgq2/%D0%9F%D1%80%D0%BE%D0%B1%D0%BB%D0%B5%D0%BC%D0%BD%D1%8B%D0%B5%20%D0%B4%D0%BE%D0%BC%D0%B0.xlsx>: "type detection failed"| kit/Kit.cpp:1554 kit-30603-30634 2018-12-15 07:59:58.871407 [ lokit_001 ] ERR Failed to get LoKitDocument instance for [file:///user/docs/vUTo5YFHFK8hLgq2/%D0%9F%D1%80%D0%BE%D0%B1%D0%BB%D0%B5%D0%BC%D0%BD%D1%8B%D0%B5%20%D0%B4%D0%BE%D0%BC%D0%B0.xlsx].| kit/ChildSession.cpp:370 kit-30603-30634 2018-12-15 07:59:58.871764 [ lokit_001 ] WRN Document::ViewCallback. Session [-1] is no longer active to process [ERROR] [{ "classification": "error", "cmd": "load", "kind": "io", "code": "770", "message": "" } ] message to Master Session.| kit/Kit.cpp:1868 kit-30603-30634 2018-12-15 07:59:59.016644 [ lokit_001 ] WRN Skipping unload on incomplete view.| kit/ChildSession.cpp:72 kit-30603-30634 2018-12-15 07:59:59.016869 [ lokit_001 ] ERR No socket associated with WebSocketHandler 0x0x55fbbf7a18c0| ./net/WebSocketHandler.hpp:107 kit-30603-30599 2018-12-15 08:00:00.017809 [ loolkit ] FTL Document [/apps/richdocuments/wopi/files/895_ocdl5gkb92i9] has no more views, exiting bluntly.| kit/Kit.cpp:834
But i found reason: if you are trying to open files names with cyrillic symbols you are get this error, but when i copy this file with numeric name (without cyrillic symbols) works without errors, please fix this issue
UPD Found fix: check your supported system locales: en_US* ru_RU* by locale -a, change something in /etc/locale.gen then locale-gen -a, and for me im not using docker, so just add Environment="LANG=en_US.UTF-8" in systemctl loolwsd service, then restart and you could be happy :)
the type detection error with special characters is one thing, while previous posts were mentioning opening some About.odt file. having set LANG, LANGUAGE, LC_CTYPE, locale-gen, dpkg-reconfigure locales, setting some value in /etc/default/locale, .. Trying with EN_US.UTF-8, C.UTF-8, ... I'm still hitting with that "type detection failed" error.
wsd-00008-00057 2019-12-12 11:59:59.589612 [ docbroker_001 ] INF WOPI::GetFile downloaded 77422 bytes from [https://<nextcloud-fqdn>/index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq/contents?access_token=Hihot4xoFinarkt5u9w3WufMarIs4UWP&access_token_ttl=0] -> /opt/lool/child-roots/ru8DIe1C7zFSTTjw/user/docs/ru8DIe1C7zFSTTjw/About.odt in 0.321827s| wsd/Storage.cpp:854
wsd-00008-00057 2019-12-12 11:59:59.590039 [ docbroker_001 ] INF SHA1 for DocKey [/index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq] of [/user/docs/ru8DIe1C7zFSTTjw/About.odt]: da39a3ee5e6b4b0d3255bfef95601890afd80709| wsd/DocumentBroker.cpp:813
wsd-00008-00057 2019-12-12 11:59:59.590111 [ docbroker_001 ] INF TileCache ctor for uri [https://<nextcloud-fqdn>/index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq?access_token=Hihot4xoFinarkt5u9w3WufMarIs4UWP&access_token_ttl=0], modifiedTime=1576151999], dontCache=false| wsd/TileCache.cpp:45
wsd-00008-00057 2019-12-12 11:59:59.590206 [ docbroker_001 ] INF Filesystem [/opt/lool/child-roots/.] has 52666 MB free (51.9576%).| common/FileUtil.cpp:324
wsd-00008-00057 2019-12-12 11:59:59.590290 [ docbroker_001 ] DBG #23 Thread affinity set to 0x7fa19affd700 (was 0).| ./net/Socket.hpp:282
wsd-00008-00031 2019-12-12 11:59:59.590353 [ admin ] DBG Added admin document [/index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq].| wsd/AdminModel.cpp:483
wsd-00008-00057 2019-12-12 11:59:59.590549 [ docbroker_001 ] INF Requesting document load from child.| wsd/ClientSession.cpp:759
kit-00028-00026 2019-12-12 11:59:59.590563 [ kit_spare_001 ] INF New session [05d] request on url [/index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq].| kit/Kit.cpp:2128
kit-00028-00026 2019-12-12 11:59:59.590593 [ kitbroker_001 ] INF Thread 26 (7f6faecf1000) of process 28 formerly known as [kit_spare_001] is now called [kitbroker_001].| common/Util.cpp:566
kit-00028-00026 2019-12-12 11:59:59.591683 [ kitbroker_001 ] INF Document ctor for [/index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq] url [/index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq] on child [ru8DIe1C7zFSTTjw] and id [001].| kit/Kit.cpp:724
kit-00028-00026 2019-12-12 11:59:59.591748 [ kitbroker_001 ] INF Creating first session for url: /index.php/apps/richdocuments/wopi/files/28_oc3xnhn67wcq for sessionId: 05d on jailId: ru8DIe1C7zFSTTjw| kit/Kit.cpp:781
kit-00028-00026 2019-12-12 11:59:59.591779 [ kitbroker_001 ] INF ChildSession ctor [ToMaster-05d].| kit/ChildSession.cpp:76
kit-00028-00026 2019-12-12 11:59:59.591798 [ kitbroker_001 ] DBG Sessions: 1| kit/Kit.cpp:790
kit-00028-00026 2019-12-12 11:59:59.592067 [ kitbroker_001 ] INF Loading url [file:///user/docs/ru8DIe1C7zFSTTjw/About.odt] for session [05d] which has 0 sessions. Another load in progress: 0| kit/Kit.cpp:1316
kit-00028-00026 2019-12-12 11:59:59.592097 [ kitbroker_001 ] INF Loading new document from URI: [file:///user/docs/ru8DIe1C7zFSTTjw/About.odt] for session [05d].| kit/Kit.cpp:1603
kit-00028-00026 2019-12-12 11:59:59.592152 [ kitbroker_001 ] DBG Calling lokit::documentLoad(file:///user/docs/ru8DIe1C7zFSTTjw/About.odt, "Language=en-en").| kit/Kit.cpp:1621
kit-00028-00026 2019-12-12 11:59:59.755049 [ kitbroker_001 ] DBG Returned lokit::documentLoad(file:///user/docs/ru8DIe1C7zFSTTjw/About.odt) in 162.874ms.| kit/Kit.cpp:1627
kit-00028-00026 2019-12-12 11:59:59.755109 [ kitbroker_001 ] ERR Failed to load: file:///user/docs/ru8DIe1C7zFSTTjw/About.odt, error: Unsupported URL <file:///user/docs/ru8DIe1C7zFSTTjw/About.odt>: "type detection failed"| kit/Kit.cpp:1635
kit-00028-00026 2019-12-12 11:59:59.755137 [ kitbroker_001 ] ERR Failed to get LoKitDocument instance for [file:///user/docs/ru8DIe1C7zFSTTjw/About.odt].| kit/ChildSession.cpp:612
kit-00028-00026 2019-12-12 11:59:59.755192 [ kitbroker_001 ] WRN Document::ViewCallback. Session [-1] is no longer active to process [LOK_CALLBACK_ERROR] [{
"classification": "error",
"cmd": "load",
"kind": "io",
"code": "0x302(Error Area:Io Class:NotExists Code:2)",
"message": ""
}
] message to Master Session.| kit/Kit.cpp:1944
wsd-00008-00057 2019-12-12 11:59:59.755345 [ docbroker_001 ] WRN Document load failed: faileddocloading| wsd/ClientSession.cpp:1112
AFAIU, that About.odt gets properly downloaded from NextCloud, I would eventually a new sub-folder in /opt/lool/child-roots, with what I assume to be a copy of my file (it gets created then dropped almost instantly).
$ find /opt/lool/child-roots
...
/opt/lool/child-roots/IMektHGge9idCRq6/user/docs/IMektHGge9idCRq6/About.odt
I am now suspecting some missing library or dependency, though could not figure it out.
Couldn't find missing libraries with ldd, the few binaries I checked seem to work properly. Pretty weird.
Is there any chance that "Unsupported URL" error could be somewhat generic? Couldn'f figure it out from sources, it seems to be legit, ... but file://<path> being unsupported makes no sense at all.
No, I did not. I've also been trying with libreoffice/online:master, as well as building it myself on some ubuntu:18:04, I've got the exact same problem either way. I'm sure I'm doing something wrong, though I couldn't figure out what yet...
sort question are you running this on a nfs root system? because i get to this point when i turn of the capabilities since they are not supported for nfs
I'm using an emptyDir. I could be wrong, though I'am not sure persisting data on that container is required, as I expect NextCloud to do this.
Then again, you're right. For that error to show up, I did remove caps from the loolforkit binary.
When keeping them, I would see the following:
/usr/bin/loolforkit: Operation not permitted
Running OpenShift, we have SecurityContextConstraints that would limit what most containers can do (kinda like PodSecurityPolicy with Kubernetes, though comes with a restrictive configuration by default, which I try to stick with).
I've been trying to:
- remove caps on loolforkit
- change config.security.seccomp to false
- change config.security.capabilities to false
- revert my previous changes, and create a custom SCC for this container, granting it with FOWNER, MKNOD and SYS_CHROOT capabilities
- re-add the config.security.seccomp to false
None of it worked. As long as loolforkit has caps, I'ld be hitting with permissions denied, regardless of my config.xml settings. Container would just restart in a loop. Without caps, container does start, I can get to the management interface, the health check URL works, all seems fine, ... and yet, document fails to load with the previously mentioned invalid URL errors.
Either way, I can't see anything wrong in my nodes audit logs nor Kubernetes logs.
For the record, that SCC I've been testing, which is a duplicate from OpenShift default, adding what I thought to be necessary:
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities:
- FOWNER
- MKNOD
- SYS_CHROOT
apiVersion: security.openshift.io/v1
defaultAddCapabilities:
- FOWNER
- MKNOD
- SYS_CHROOT
fsGroup:
type: MustRunAs
groups: []
kind: SecurityContextConstraints
metadata:
...
name: restricted-lool
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- SETUID
- SETGID
runAsUser:
type: MustRunAsRange
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:<my-test-project>:<serviceaccount-running-lool-container>
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
erratum: checking again, the above SCC seems to work as expected. I probably fucked up something in between.
So, for the record, here's how to deploy Lool on OpenShift:
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: lool-demo
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: lool-demo
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- restricted-lool
resources:
- securitycontextconstraints
verbs:
- use
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: lool-demo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: lool-demo
subjects:
- kind: ServiceAccount
name: lool-demo
namespace: lool-demo
- allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities:
- FOWNER
- MKNOD
- SYS_CHROOT
apiVersion: security.openshift.io/v1
defaultAddCapabilities:
- FOWNER
- MKNOD
- SYS_CHROOT
fsGroup:
type: MustRunAs
groups: []
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: restricted-lool denies access to all host features and requires
pods to be run with a UID, and SELinux context that are allocated to the namespace. It
pretty much matches the default restricted SecurityContextConstraint, with the
exception of granting FOWNER, MKNOD and SYS_CHROOT capabilities, required by
LibreOfficeOnline.
name: restricted-lool
priority: null
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- SETUID
- SETGID
runAsUser:
type: MustRunAsRange
seLinuxContext:
type: MustRunAs
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:lool-demo:lool-demo
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
- apiVersion: v1
kind: Service
metadata:
annotations:
service.alpha.openshift.io/serving-cert-secret-name: lool-demo-cert
name: lool-demo
spec:
ports:
- name: tcp-9980
port: 9980
protocol: TCP
targetPort: 9980
selector:
name: lool-demo
- apiVersion: v1
kind: Secret
metadata:
name: lool-demo
stringData:
admin-password: demo-pw
admin-username: demo-admin
- apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
labels:
name: lool-demo
name: lool-demo
spec:
replicas: 1
selector:
name: lool-demo
strategy:
type: Rolling
template:
metadata:
labels:
name: lool-demo
spec:
containers:
- env:
- name: password
valueFrom:
secretKeyRef:
key: admin-password
name: lool-demo
- name: username
valueFrom:
secretKeyRef:
key: admin-username
name: lool-demo
- name: DONT_GEN_SSL_CERT
value: dont
image: <not-exactly-using-official-images>
livenessProbe:
failureThreshold: 15
httpGet:
path: /
port: 9980
scheme: HTTPS
initialDelaySeconds: 30
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 1
name: lool
ports:
- containerPort: 9980
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /
port: 9980
scheme: HTTPS
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 300m
memory: 768Mi
securityContext:
capabilities:
add:
- FOWNER
- MKNOD
- SYS_CHROOT
drop:
- KILL
- SETGID
- SETUID
procMount: Default
volumeMounts:
- mountPath: /etc/loolwsd/server.crt
name: certs
subPath: tls.crt
- mountPath: /etc/loolwsd/server.key
name: certs
subPath: tls.key
- mountPath: /opt/lool/child-roots
name: data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccount: lool-demo
serviceAccountName: lool-demo
terminationGracePeriodSeconds: 30
volumes:
- name: certs
secret:
secretName: lool-demo-cert
- emptyDir: {}
name: data
- apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: lool-demo
spec:
tls:
insecureEdgeTerminationPolicy: Redirect
termination: reencrypt
to:
kind: Service
name: lool-demo
weight: 100
Though I'm not using the official image. One of my customization involves some XML config changes pointing the CA path to OpenShift service CA. I'm still disabling seccomp. Would eventually publish to github, once I'ld have figured out the last details, ...
Sorry for the noise.