From fa8087a7e1847394520c84c759bfc549610a562f Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Fri, 1 Nov 2024 01:54:35 -0500
Subject: Production container: TMPDIR: New issue.

---
 .../genenetwork/containerising-production-issues.gmi   |  1 +
 issues/genenetwork/handle-tmp-dirs-in-container.gmi    | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 issues/genenetwork/handle-tmp-dirs-in-container.gmi

(limited to 'issues')

diff --git a/issues/genenetwork/containerising-production-issues.gmi b/issues/genenetwork/containerising-production-issues.gmi
index 3803dac..883f52a 100644
--- a/issues/genenetwork/containerising-production-issues.gmi
+++ b/issues/genenetwork/containerising-production-issues.gmi
@@ -29,3 +29,4 @@ The link above documents the various services that make up the GeneNetwork servi
 => ./umhet3-samples-timing-slow [ ] Figure out and fix UM-HET3 Samples mappings on Tux04
 => ./setup-mailing-on-tux04 [x] Setting up email service on Tux04
 => ./virtuoso-shutdown-clears-data [x] Virtuoso seems to lose data on restart
+=> ./handle-tmp-dirs-in-container [ ] Handle temporary directories in the container
diff --git a/issues/genenetwork/handle-tmp-dirs-in-container.gmi b/issues/genenetwork/handle-tmp-dirs-in-container.gmi
new file mode 100644
index 0000000..7636a00
--- /dev/null
+++ b/issues/genenetwork/handle-tmp-dirs-in-container.gmi
@@ -0,0 +1,18 @@
+# Handle Temporary Directories in the Container
+
+## Tags
+
+* status: open
+* type: feature
+* assigned: fredm
+* priority: critical
+* keywords: production, container, tux04
+* interested: alexk, aruni, bonfacem, pjotrp, zsloan
+
+## Description
+
+The container's temporary directories should be in a large partition on the host to avoid a scenario where the writes fill up one of the smaller drives.
+
+Currently, we use the `/tmp` directory by default, but we should look into transitioning away from that — `/tmp` is world readable and world writable and therefore needs careful consideration to keep safe.
+
+Thankfully, we are running our systems within a container, and can bind the container's `/tmp` directory to a non-world-accessible directory, keeping things at least contained.
-- 
cgit 1.4.1