Execute healthchecks as root
Some containers doesn't have the "default" user set to root (which is
good). This lead to healthcheck_port() function to return a message
because the non-root user isn't allowed to call "ss" command as itself.
Ensuring we're running the healthchecks as root will also allow to stop
duplicating some commands, making them faster and smaller for the
system.
This was discovered and discussed on Red Hat bugzilla first, then ported
to Launchpad.
Change-Id: I2e49d4dd5b385237f4f79929c70365424f6fa22d
Closes-Bug: 1860569
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1778881
(cherry picked from commit 3012fe75aa
)
This commit is contained in:
parent
dda8521aa1
commit
592dab7a84
|
@ -122,7 +122,7 @@ class TestUtilsSystemd(base.TestCase):
|
|||
unit = open(sysd_unit_f, 'rt').read()
|
||||
|
||||
self.assertIn('Requisite=tripleo_my_app.service', unit)
|
||||
self.assertIn('ExecStart=/usr/bin/podman exec my_app '
|
||||
self.assertIn('ExecStart=/usr/bin/podman exec --user root my_app '
|
||||
'/openstack/healthcheck', unit)
|
||||
mock_chmod.assert_has_calls([mock.call(sysd_unit_f, 420)])
|
||||
|
||||
|
@ -137,7 +137,7 @@ class TestUtilsSystemd(base.TestCase):
|
|||
|
||||
systemd.healthcheck_create(container, tempdir, test=check)
|
||||
unit = open(sysd_unit_f, 'rt').read()
|
||||
self.assertIn('ExecStart=/usr/bin/podman exec my_app '
|
||||
self.assertIn('ExecStart=/usr/bin/podman exec --user root my_app '
|
||||
'/foo/bar baz', unit)
|
||||
|
||||
@mock.patch('subprocess.check_call', autospec=True)
|
||||
|
|
|
@ -193,7 +193,7 @@ After=paunch-container-shutdown.service %(service)s.service
|
|||
Requisite=%(service)s.service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/podman exec %(name)s %(test)s
|
||||
ExecStart=/usr/bin/podman exec --user root %(name)s %(test)s
|
||||
SyslogIdentifier=healthcheck_%(name)s
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
Loading…
Reference in New Issue