Browse Source

Execute healthchecks as root

Some containers doesn't have the "default" user set to root (which is
good). This lead to healthcheck_port() function to return a message
because the non-root user isn't allowed to call "ss" command as itself.

Ensuring we're running the healthchecks as root will also allow to stop
duplicating some commands, making them faster and smaller for the
system.

This was discovered and discussed on Red Hat bugzilla first, then ported
to Launchpad.

Change-Id: I2e49d4dd5b385237f4f79929c70365424f6fa22d
Closes-Bug: 1860569
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1778881
(cherry picked from commit 3012fe75aa)
(cherry picked from commit 592dab7a84)
changes/00/707400/1
Cédric Jeanneret Cédric Jeanneret (Tengu) 1 month ago
parent
commit
754c7885f4
2 changed files with 3 additions and 3 deletions
  1. +2
    -2
      paunch/tests/test_utils_systemd.py
  2. +1
    -1
      paunch/utils/systemd.py

+ 2
- 2
paunch/tests/test_utils_systemd.py View File

@@ -122,7 +122,7 @@ class TestUtilsSystemd(base.TestCase):
unit = open(sysd_unit_f, 'rt').read()

self.assertIn('Requisite=tripleo_my_app.service', unit)
self.assertIn('ExecStart=/usr/bin/podman exec my_app '
self.assertIn('ExecStart=/usr/bin/podman exec --user root my_app '
'/openstack/healthcheck', unit)
mock_chmod.assert_has_calls([mock.call(sysd_unit_f, 420)])

@@ -137,7 +137,7 @@ class TestUtilsSystemd(base.TestCase):

systemd.healthcheck_create(container, tempdir, test=check)
unit = open(sysd_unit_f, 'rt').read()
self.assertIn('ExecStart=/usr/bin/podman exec my_app '
self.assertIn('ExecStart=/usr/bin/podman exec --user root my_app '
'/foo/bar baz', unit)

@mock.patch('subprocess.check_call', autospec=True)


+ 1
- 1
paunch/utils/systemd.py View File

@@ -193,7 +193,7 @@ After=paunch-container-shutdown.service %(service)s.service
Requisite=%(service)s.service
[Service]
Type=oneshot
ExecStart=/usr/bin/podman exec %(name)s %(test)s
ExecStart=/usr/bin/podman exec --user root %(name)s %(test)s
SyslogIdentifier=healthcheck_%(name)s
[Install]
WantedBy=multi-user.target


Loading…
Cancel
Save