-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non root etcd #331
Non root etcd #331
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ncopa k8s conformance testing are failing with:
root@controller-0:~# tail -f /tmp/mke-server.log
time="2020-10-28 16:57:30" level=error msg="Failed to read cluster config: failed to read config file at mke.yaml: open mke.yaml: no such file or directory"
time="2020-10-28 16:57:30" level=error msg="THINGS MIGHT NOT WORK PROPERLY AS WE'RE GONNA USE DEFAULTS"
time="2020-10-28 16:57:30" level=debug msg="found local addresses: [10.0.36.130]"
2020-10-28 16:57:30.190737 I | directory "/var/lib/mke" exist, but the permission is 0751. The expected permission is 755
e2e: https://github.com/Mirantis/mke/runs/1322017556
We need to create the /var/lib/mke directory early with the correct permissions. Otherwise will the directory be created while creating the etcd datadir with the etcd data dir permissions, will make the directory unreadable by etcd user. Set the correct owner of etcd directories and files. Use mode 0751 for certificate root dir. This certificates in this directory needs to be accessible from all mke processes, but they dont need to read the contents of the directory. Fixes #219 Signed-off-by: Natanael Copa <ncopa@mirantis.com>
Signed-off-by: Natanael Copa <ncopa@mirantis.com>
Should be fixed now. The order of the directory creation needed to be adjusted. thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No description provided.