Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Non root etcd #331

Merged
merged 2 commits into from
Oct 29, 2020
Merged

Non root etcd #331

merged 2 commits into from
Oct 29, 2020

Conversation

ncopa
Copy link
Collaborator

@ncopa ncopa commented Oct 26, 2020

No description provided.

@ncopa ncopa requested review from trawler and jnummelin October 26, 2020 14:48
@ncopa ncopa marked this pull request as draft October 27, 2020 15:03
@ncopa ncopa changed the title Non root etcd [WIP] Non root etcd Oct 27, 2020
@ncopa ncopa changed the title [WIP] Non root etcd Non root etcd Oct 28, 2020
@ncopa ncopa marked this pull request as ready for review October 28, 2020 14:52
@ncopa ncopa requested a review from a team as a code owner October 28, 2020 14:52
@trawler trawler removed the request for review from a team October 28, 2020 17:02
Copy link
Contributor

@trawler trawler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ncopa k8s conformance testing are failing with:

root@controller-0:~# tail -f /tmp/mke-server.log 
time="2020-10-28 16:57:30" level=error msg="Failed to read cluster config: failed to read config file at mke.yaml: open mke.yaml: no such file or directory"
time="2020-10-28 16:57:30" level=error msg="THINGS MIGHT NOT WORK PROPERLY AS WE'RE GONNA USE DEFAULTS"
time="2020-10-28 16:57:30" level=debug msg="found local addresses: [10.0.36.130]"
2020-10-28 16:57:30.190737 I | directory "/var/lib/mke" exist, but the permission is 0751. The expected permission is 755

e2e: https://github.com/Mirantis/mke/runs/1322017556

ncopa added 2 commits October 29, 2020 17:08
We need to create the /var/lib/mke directory early with the correct
permissions. Otherwise will the directory be created while creating the
etcd datadir with the etcd data dir permissions, will make the directory
unreadable by etcd user.

Set the correct owner of etcd directories and files.

Use mode 0751 for certificate root dir. This certificates in this
directory needs to be accessible from all mke processes, but they dont
need to read the contents of the directory.

Fixes #219

Signed-off-by: Natanael Copa <ncopa@mirantis.com>
Signed-off-by: Natanael Copa <ncopa@mirantis.com>
@ncopa
Copy link
Collaborator Author

ncopa commented Oct 29, 2020

@ncopa k8s conformance testing are failing with:

Should be fixed now. The order of the directory creation needed to be adjusted. thanks!

Copy link
Contributor

@trawler trawler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ncopa ncopa merged commit 653176f into main Oct 29, 2020
@ncopa ncopa deleted the non-root-etcd branch October 29, 2020 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants