JettyRolePropertyFileLoginModule Hotreload not working with docker

[Ookami-Git]

Describe the bug
JettyRolePropertyFileLoginModule Hotreload not working with docker

My Rundeck detail

• Rundeck version: 4.7.0
• install type: docker
• OS Name/version: ubuntu 20.04
• DB Type/version: postgres

To Reproduce
Add this jaas-loginmodule.conf to the remco template

rundeck {  org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient
      file="/path/mount/realm.properties";

    com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule required
      ignoreRoles="true"
      storePass="true"
      contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
      providerUrl="ldaps://LDAPSERVER:636"
      bindDn="..."
      bindPassword="..."

      authenticationMethod="simple"
      forceBindingLogin="true"
      userBaseDn="..."
      userRdnAttribute="sAMAccountName"
      userIdAttribute="sAMAccountName"
      userPasswordAttribute="unicodePw"
      userObjectClass="user"
      userLastNameAttribute="sn"
      userFirstNameAttribute="givenName"
      userEmailAttribute="mail"

      cacheDurationMillis="300000"

      reportStatistics="true"
      timeoutRead="10000"
      timeoutConnect="20000"
      nestedGroups="false"

      clearPass="true"
      useFirstPass="false"
      tryFirstPass="false";

    org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
      // Enables the ability to modify the user list specified by file without having to restart Rundeck.
      // The refresh interval for checking the file is 5 seconds. This is not configurable.
      hotReload="true"
      useFirstPass="true"
      file="/path/mount/realm.role.properties";
};

Create locally 2 files realm.properties and realm.ldap.properties and bind it in container.
docker-compose.yml :

version: '3.7'

services:
    rundeck_test:
        build: .
        tty: true
        environment:
            RUNDECK_GRAILS_URL: http://servername:4440/rundeck
            RUNDECK_SERVER_CONTEXTPATH: /rundeck
            TZ: Europe/Paris
        volumes:
          - /local/path/rundeck/realm.role.properties:/path/mount/realm.ldap.properties:consistent
          - /local/path/rundeck/realm.properties:/path/mount/realm.properties:consistent

        ports:
          - 4440:4440

Now when you modify /local/path/rundeck/realm.properties or /local/path/rundeck/realm.role.properties the modifications appear in the container.
When you modify realm.properties the changes are apply without restarting the container. The issue is with realm.role.properties file, you need restart the container for apply the change.

The same configuration in war launcher or tomcat servlet work fine.

Expected behavior
Hotreload role for LDAP users with JettyRolePropertyFileLoginModule in the container with local file.

[williamhargrove]

I have also just run into this issue, exactly as described. Required a restart of the container to resolve.

Can we give this a poke as the issue is still present in version 4.10.0

[Laboltus]

You should not mount such files into docker container. Docker mount works with inodes, not with file path, read this. As a workaround, you can place those files to a separate dir and mount the dir into the container.