Execute healthchecks as root

Some containers doesn't have the "default" user set to root (which is
good). This lead to healthcheck_port() function to return a message
because the non-root user isn't allowed to call "ss" command as itself.

Ensuring we're running the healthchecks as root will also allow to stop
duplicating some commands, making them faster and smaller for the
system.

This was discovered and discussed on Red Hat bugzilla first, then ported
to Launchpad.

This patch is the port of I2e49d4dd5b385237f4f79929c70365424f6fa22d to
tripleo-ansible "container-manage" role.

Change-Id: I0e6883cd86157b73f18ab63f96f633a8a05e82bf
Related-Bug: 1860569
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1778881
changes/18/703818/2
Cédric Jeanneret 3 years ago
parent fca9072421
commit 21787448de
  1. 2
      tripleo_ansible/roles/tripleo_container_manage/templates/systemd-healthcheck.j2

@ -4,7 +4,7 @@ After=tripleo-container-shutdown.service tripleo_{{ container_sysd_name }}.servi
Requisite=tripleo_{{ container_sysd_name }}.service
[Service]
Type=oneshot
ExecStart=/usr/bin/podman exec {{ container_sysd_name }} {{ container_sysd_data.healthcheck.test }}
ExecStart=/usr/bin/podman exec --user root {{ container_sysd_name }} {{ container_sysd_data.healthcheck.test }}
SyslogIdentifier=healthcheck_{{ container_sysd_name }}
[Install]
WantedBy=multi-user.target

Loading…
Cancel
Save