Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: 🐛 Fix permissions for /certs/ca directory #508

Closed
wants to merge 1 commit into from
Closed

WIP: 🐛 Fix permissions for /certs/ca directory #508

wants to merge 1 commit into from

Conversation

MahnoorAsghar
Copy link
Contributor

The metal3-ironic-inspector pod is not able to create the /certs/ca directory and fails with the following error while executing /bin/tls-common.sh. This PR fixes this issue.

++ mkdir -p /certs/ca/ironic
mkdir: cannot create directory '/certs/ca/ironic': Permission denied

@metal3-io-bot metal3-io-bot requested a review from tuminoid May 13, 2024 16:15
@metal3-io-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign elfosardo for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot requested a review from zaneb May 13, 2024 16:15
@metal3-io-bot metal3-io-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 13, 2024
tuminoid
tuminoid reviewed May 13, 2024
View reviewed changes
Copy link
Member

@tuminoid tuminoid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label May 13, 2024
@tuminoid
Copy link
Member

Please fix the DCO.

@MahnoorAsghar
Fix permissions for /certs/ca directory
4e8b0f1 
Signed-off-by: Mahnoor Asghar <masghar@redhat.com>
@metal3-io-bot metal3-io-bot removed the lgtm Indicates that a PR is ready to be merged. label May 13, 2024
@metal3-io-bot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

tuminoid
tuminoid reviewed May 14, 2024
View reviewed changes
configure-nonroot.sh
@@ -23,7 +23,7 @@ chown "${IRONIC_USER}":"${IRONIC_GROUP}" /shared
# that need to have correct ownership as the entire ironic in BMO
# deployment shares a single fsGroup in manifest's securityContext
mkdir -p /certs/ca
chown "${IRONIC_USER}":"${IRONIC_GROUP}" /certs{,/ca}
chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /certs{,/ca}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On an another look, the original syntax does expand to cover both directories anyways, so it should be possible to create /certs/ca/ironic. Have you tested this actually fixes your issue?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am trying to build an OpenShift ironic-image to test this locally, will mark the PR as a WIP

@tuminoid
Copy link
Member

/test metal3-centos-e2e-integration-test-main metal3-ubuntu-e2e-integration-test-main

@metal3-io-bot
Copy link
Contributor

@MahnoorAsghar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
metal3-centos-e2e-integration-test-main 4e8b0f1 link true /test metal3-centos-e2e-integration-test-main

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@MahnoorAsghar MahnoorAsghar changed the title 🐛 Fix permissions for /certs/ca directory WIP: 🐛 Fix permissions for /certs/ca directory May 14, 2024
@metal3-io-bot metal3-io-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 14, 2024
@MahnoorAsghar
Copy link
Contributor Author

The issue was resolved downstream, and an upstream fix is not needed.

elfosardo pushed a commit to elfosardo/ironic-image that referenced this pull request Jun 10, 2024
@openshift-merge-bot
Merge pull request metal3-io#508 from rhjanders/OCPBUGS-34534-4.17
48328f2 
Bug OCPBUGS-34534: Disable installation of .pyc files through pip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tuminoid tuminoid tuminoid left review comments

@zaneb zaneb Awaiting requested review from zaneb

Assignees
No one assigned
Labels
do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MahnoorAsghar @metal3-io-bot @tuminoid