cameleer/cameleer-server
1
0
Fork 0
Code Issues 45 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(runtime): redirect agent diagram output to tenant tmpfs
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 3m13s
Details
CI / docker (push) Successful in 3m26s
Details
CI / deploy (push) Successful in 1m7s
Details
CI / deploy-feature (push) Has been skipped
Details

Browse Source 
The cameleer agent extracts route diagrams at startup and writes them
to ./cameleer-diagrams (default `cameleer.agent.diagram.outputdir`,
documented in AGENT-REFERENCE.md §3). With CWD /app and the orchestrator's
readonly rootfs, the directory create fails:

    RouteModelExtractor - Cameleer: Failed to create diagram output directory: ./cameleer-diagrams
    java.nio.file.FileSystemException: /app/./cameleer-diagrams: Read-only file system

The agent has no "send-to-server-but-skip-disk" knob today
(`diagram.enabled=false` would also disable the HTTP export), so the
documented mechanism is the outputdir property. Set
`CAMELEER_AGENT_DIAGRAM_OUTPUTDIR=/tmp/cameleer-diagrams` on tenant
containers — /tmp is the per-container tmpfs (writable inside the
hardening contract, ephemeral, vanishes with the container). The
diagram feature continues to work via the HTTP POST to /api/v1/data/diagrams;
the on-disk copy lands in ephemeral storage that doesn't persist.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-28 09:38:26 +02:00
parent 7e7bd06bca
commit c03b5b80a1
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cameleer-server-app/src/main/java/com/cameleer/server/app/runtime/DeploymentExecutor.java
View File

@@ -593,6 +593,14 @@ public class DeploymentExecutor {
envVars.put("CAMELEER_AGENT_REPLAY_ENABLED", String.valueOf(config.replayEnabled()));
envVars.put("CAMELEER_AGENT_HEALTH_ENABLED", "true");
envVars.put("CAMELEER_AGENT_HEALTH_PORT", String.valueOf(agentHealthPort));
// Tenant rootfs is readonly; the agent's default ./cameleer-diagrams
// (resolved against CWD /app) hits "Read-only file system" at startup
// and the agent logs the error every restart. Redirect to the
// per-container tmpfs — diagrams continue to flow to the server via
// HTTP, the on-disk copy goes to ephemeral storage that vanishes with
// the container, and no persistent artifact is written to the host.
// See AGENT-REFERENCE.md §3 "Metrics & Diagrams" for the property.
envVars.put("CAMELEER_AGENT_DIAGRAM_OUTPUTDIR", "/tmp/cameleer-diagrams");
if (bootstrapToken != null && !bootstrapToken.isBlank()) {
envVars.put("CAMELEER_AGENT_AUTH_TOKEN", bootstrapToken);
}