go to post Robert Cemper · Apr 23, 2021 Hello Hannes!Thanks for the hint ! I'll check immedeatly.- for the stop:I've seen this in some cases but could imagine it related to large global buffers.default timeout for docker stop iris is 10 sec but docker stop -t 60 iris will give it a minutethe total save approach could be docker exec iris iris stop iris quietly so iris is downdocker stop iris now stop the container
go to post Robert Cemper · Apr 23, 2021 Hi @Kurro Lopez ! The Follows operator is ] while ] stands for Binary Follows stands ]] for Binary Sorts After the difference is described there though it may sound esoteric at first sight.
go to post Robert Cemper · Apr 22, 2021 Reacting to various security concerns I have adjusted Dockerfile to the templateAt the price of an additional command @ container start.It is now: $ docker-compose up -d$ docker-compose exec -u root iris /sshstart.sh README.md is adjusted, Video is unchanged (to hide the additional grey hairs) .
go to post Robert Cemper · Apr 21, 2021 This is an excellent application.- It allows to create a base configuration and handle variants.- And it's an excellent readable and easy-to-understand documentation.- On top, it is JSON based and therefore well suited to source and version managementThe original CachéParameterFile iris.cpf does a mimic of versioning.But it is buried deep into the installation directory and as cryptic as theEgyptian Book of the Dead. [reserved to the priest of IRIS cultus] I was waiting for something similar useful for decades!I suggest: No one running and supporting more than 2 configurations should miss it!
go to post Robert Cemper · Apr 21, 2021 <ctrl>+C doesn't work anymore . I had to kill terminal or process I'll step back
go to post Robert Cemper · Apr 21, 2021 Great hint! Up to now I just used select text > right click "copy + paste"
go to post Robert Cemper · Apr 20, 2021 Why not take advantage of what is there and what is still working well.You can't get all the %R*.int and %G*.int routines in Studio (no idea about VSCode)But a closer look to the well know system globals and a ZLOAD brings those zombies back to life.
go to post Robert Cemper · Apr 20, 2021 @Alexey Maslov Following your suggestion, I investigated public key bases authentication.And it's of course available (no surprise it's standard Linux) $ cd /etc/ssh$ ls -ltotal 580-rw-r--r-- 1 root root 553122 Mar 4 2019 moduli-rw-r--r-- 1 root root 1580 Mar 4 2019 ssh_config-rw------- 1 root root 227 Apr 20 20:32 ssh_host_ecdsa_key-rw-r--r-- 1 root root 179 Apr 20 20:32 ssh_host_ecdsa_key.pub-rw------- 1 root root 411 Apr 20 20:32 ssh_host_ed25519_key-rw-r--r-- 1 root root 99 Apr 20 20:32 ssh_host_ed25519_key.pub-rw------- 1 root root 1679 Apr 20 20:32 ssh_host_rsa_key-rw-r--r-- 1 root root 399 Apr 20 20:32 ssh_host_rsa_key.pub BUT: - These keys change with every run of a docker build- the client side varies with the platform, client type, .... and is rather tricky It is for sure beyond the bounds of this demo For production, it makes sense, but not for download and run within 4 minutes.
go to post Robert Cemper · Apr 20, 2021 Just great! I like it. with a solid partition / session under the feet. no local stuff, not browsers !(btw. I had something similaar in mind but this is much better)
go to post Robert Cemper · Apr 19, 2021 Thank you @Luca Ravazzolo It's a great story!And the CHUI interface is a dead horse. No doubt!But the need is not an invention but a demand from existing customers that fearto lose control over their data and operation. Especially if there is nothinganymore in the basement you can touch.So I show that is possible. I don't judge if it makes sense. Like in real life:- Some people climb Aiguille de Midi with ropes and hookseven as there is a cable car to the top installed.- Others drive SUV and HUMMERs but mostly run the highwayand almost never leave the well-pathed roads.
go to post Robert Cemper · Apr 19, 2021 It's just required to produce the demo video to demonstrate full functionality with this setup
go to post Robert Cemper · Apr 19, 2021 @Alexey Maslov !You are totally right.It is not the final solution but the start of a different scenario.PW was just the most simple approach to begin with.I was much more puzzled by the fact that sshd only starts from rootand that it does a very detailed check of the access rights on the internal generated keys.An just found no way to start a service from within IRIS.Now in the soft version, it is started with docker exec ... as by README.md and OEX.and the pw can be provided in a similar way
go to post Robert Cemper · Apr 18, 2021 Simple things as buffer allocation, adding DB, ECP + Activation, ...all this is lost after a new start ORI have to use DURABILITY which is quite an overhead e.g. during development
go to post Robert Cemper · Apr 18, 2021 Your suggestion is valid:IF - there is access with sufficient privileges to the server that hosts Docker.This is most likely an OS Level system manager or operator that runs all containers.BUT - To run / check / restart .. IRIS there is no need to have rights outside Docker containerbut instead, you need direct access to OS inside the container. Without external rights.The next level is SYSmgr access inside IRIS vs. Developer or User access.Back to the original scenario:Running Docker is to me from a security point of view the same as running Linux/ Windows on an ESX.Would you sugggest giving someone access to ESX with enough privileges just to doWindows System management? I don't think so!In any midsize to larger organization, there is a strict separation betweenHW server, Network, Virtualization, OS, Application - Management & Operationmainly to prevent mistakes and error fixing at the wrong end. Of course for me at home with a notebook and 2 desktops, I'm godfather with all rights you can think of.Docker is claimed to replace VMware.This is only correct if after installation you have the same privileges. If I build my image, I have all access rights.But with no access to root or similar, I feel cheated.Sorry, it's like a car without a steering wheel.
go to post Robert Cemper · Apr 18, 2021 Dear @Dmitry Maslennikov !Thanks for the compliment "bad idea" !All my life was driven by cross thinking, away from old tracks, doing the undoable, unchain my mind.And it was 99% success. My ISC colleagues in and outside US can confirm this.@Evgeny Shvarov knows much more details about me that would break the frame here. BUT I'm a little bit disappointed. You didn't read the disclaiming note on top:It is for developers, supporters, system managers. And in addition my examples are never meant for production use,but for training and learning. I don't make money with my software.Just 1 minor detail:Though multiple requests I never got a root password for any IRIS container.You might have access to this information as you have also access to other no-public info.So I had to set one for myself. x-thinking!All about the reasoning and other details are in my reply to @Evgeny ShvarovSince he placed the more important question: WHY?
