Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

non-root broke openshift

Description

see later comments in: https://github.com/OpenNMS/opennms/pull/3558

my current thought is to create a script that is sudoers-capable that can fix the passwd/group stuff for the user, so we don't have to do any weird root-hybrid stuff, but can make things "match" the user openshift sets at runtime

Acceptance / Success Criteria

Acceptance

  • When run in a Docker-compatible container under OpenShift (either an OKD 4.x environment or Red Hat-hosted OpenShift), Horizon runs entirely under the user ID that the system passes to it on startup, to include:

    • All new files and directories created are owned by the provided user ID with GID 0

    • All utility scripts that do any chown or chgrp operations, such as fix-permissions.sh, run under the provided user ID with GID 0, and use that same UID / GID combination for any changes they make to the ownership of files and directories

    • All config file overlays provided via container mounts have their ownership changed before startup to match the provided user ID with GID 0

  • When run in a Docker-compatible container under any environment that mimics OpenShift's user ID-passing mechanism, Horizon runs entirely under the provided user ID, including the sub-items above

  • Documentation updated to call out OpenShift's unique user-ID-assigning behavior as a thing to be aware of when running Horizon in an OpenShift environment

Lucidchart Diagrams

Activity

Show:

Jesse White October 23, 2022 at 5:38 PM

Fixed

Details

Assignee

Reporter

Labels

HB Backlog Status

Docs Needed

Yes

Sprint

Fix versions

Affects versions

Priority

Parent

PagerDuty

Created September 14, 2021 at 6:24 PM
Updated January 21, 2023 at 6:02 PM
Resolved November 3, 2022 at 1:44 PM