Execute healthchecks as root

Some containers doesn't have the "default" user set to root (which is good). This lead to healthcheck_port() function to return a message because the non-root user isn't allowed to call "ss" command as itself. Ensuring we're running the healthchecks as root will also allow to stop duplicating some commands, making them faster and smaller for the system. This was discovered and discussed on Red Hat bugzilla first, then ported to Launchpad. This patch is the port of I2e49d4dd5b385237f4f79929c70365424f6fa22d to tripleo-ansible "container-manage" role. Change-Id: I0e6883cd86157b73f18ab63f96f633a8a05e82bf Related-Bug: 1860569 Related: https://bugzilla.redhat.com/show_bug.cgi?id=1778881
2020-01-22 16:19:03 +01:00 · 2020-01-22 16:19:03 +01:00 · 21787448de
commit 21787448de
parent fca9072421
1 changed files with 1 additions and 1 deletions
--- a/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-healthcheck.j2
+++ b/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-healthcheck.j2
@ -4,7 +4,7 @@ After=tripleo-container-shutdown.service tripleo_{{ container_sysd_name }}.servi
 Requisite=tripleo_{{ container_sysd_name }}.service
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/podman exec {{ container_sysd_name }} {{ container_sysd_data.healthcheck.test }}
+ExecStart=/usr/bin/podman exec --user root {{ container_sysd_name }} {{ container_sysd_data.healthcheck.test }}
 SyslogIdentifier=healthcheck_{{ container_sysd_name }}
 [Install]
 WantedBy=multi-user.target