get_ci_vm : allow running without sudo #2326
Conversation
More complicated than one would think. The first problem is that, on certain (but not all) Fedora systems, podman cannot mount volumes read-only (issue containers#2312). This is baffling, and since it's not easily reproducible it's likely that the dev team will not spend much effort on it. Workaround: instead of bind- mounting /tmp read-only, bind-mount a *tempdir* (subdirectory) read-write. This is actually cleaner in some ways but it leads to complications with the paths we use and with cleanup. Next, allow overriding the default image and allow asking for no sudo: export GCLOUD_IMAGE=quay.io/edsantiago/gcloud_centos:latest export GCLOUD_SUDO= (yes, that's an equal-sign and EOL. Just an empty string). The third part, unfortunately, requires a custom image because the as_dollar_user.sh script (the one that runs gcloud in a container) is hardwired in a cevich image and needs tweaks in order to detect rootless and avoid sudo. Signed-off-by: Ed Santiago <santiago@redhat.com>
|
Hi @edsantiago. Thanks for your PR. I'm waiting for a containers member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
needs-ok-to-test
|
@cevich at your convenience could you please test in your default setup? I've confirmed that this works on mine, without sudo. TIA. |
|
Thanks @edsantiago /lgtm |
|
/approve |
|
/ok-to-test |
openshift-ci-robot
added
ok-to-test
and removed
needs-ok-to-test
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cevich, edsantiago, mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
github-actions
bot
added
the
locked - please file new issue/PR
More complicated than one would think. The first problem is that,
on certain (but not all) Fedora systems, podman cannot mount
volumes read-only (issue #2312). This is baffling, and since
it's not easily reproducible it's likely that the dev team
will not spend much effort on it. Workaround: instead of bind-
mounting /tmp read-only, bind-mount a tempdir (subdirectory)
read-write. This is actually cleaner in some ways but it
leads to complications with the paths we use and with cleanup.
Next, allow overriding the default image and allow asking
for no sudo:
(yes, that's an equal-sign and EOL. Just an empty string).
The third part, unfortunately, requires a custom image because
the as_dollar_user.sh script (the one that runs gcloud in a
container) is hardwired in a cevich image and needs tweaks
in order to detect rootless and avoid sudo.
Signed-off-by: Ed Santiago santiago@redhat.com