I added a second copy of the INSSL appliance in my application and it caused the application to return the following error during startup:

Building application...
error: main.in_www(system.INSSL): volume 'key' refers to a volume ID that is already
used in main.in_admin(system.INSSL) as 'key'.
Offending volume ID is: ModelScope.user.certs
Failed to build application 'ModelScope' - see log for details.

Why is this happening? Since the key volume is mounted as readonly, I should be able to mount it from more than one appliance, right? I think it would be ridiculous to have to branch the INSSL appliance just to add a second SSL gateway.

bkonia,

Under no circumstances you will need to branch INSSL to make this work.

I checked the 'key' volume in the INSSL class definition -- it is defined as read-only but not shared. I'll check with the developers whether this was intentional (e.g., if two INSSL must have different ssh keys) or a bug (in which case we'll open a defect on this).

The solution is to have a second volume with the key for the second INSSL. Does this help?

Regards,
-- Peter

Yeah, I understand what you're saying about creating a second volume. However, it seems ridiculous to have to create an entire volume just to store a single SSL key. Please let me know if this can be fixed so that the volume can be shared.

bkonia,


However, it seems ridiculous to have to create an entire volume just to store a single SSL key.

SSL private keys are highly sensitive data. The reason we have created INSSL with its own local volume for the key is so that the key cannot be accessed by any other appliance.


Please let me know if this can be fixed so that the volume can be shared.

If the standard INSSL appliance does not provide the convenience or function you need, you can customize it. Based on your message, I can suggest two options:

make the volume shared (it is already read-only), OR
remove the 'key' volume altogether and add a 'fs' output terminal for accessing the key on, let say, a NAS appliance. Note that this will require slight changes to the /etc/fstab file inside the appliance and may be less secure than having a separate volume (on the benefits side, it would be possible to replace the key during the operation of the application)


Regards,
-- Peter