From 21787448dee4029cccc1b46bd9a6203f486d72c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Wed, 22 Jan 2020 16:19:03 +0100
Subject: [PATCH] Execute healthchecks as root

Some containers doesn't have the "default" user set to root (which is
good). This lead to healthcheck_port() function to return a message
because the non-root user isn't allowed to call "ss" command as itself.

Ensuring we're running the healthchecks as root will also allow to stop
duplicating some commands, making them faster and smaller for the
system.

This was discovered and discussed on Red Hat bugzilla first, then ported
to Launchpad.

This patch is the port of I2e49d4dd5b385237f4f79929c70365424f6fa22d to
tripleo-ansible "container-manage" role.

Change-Id: I0e6883cd86157b73f18ab63f96f633a8a05e82bf
Related-Bug: 1860569
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1778881
---
 .../tripleo_container_manage/templates/systemd-healthcheck.j2   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-healthcheck.j2 b/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-healthcheck.j2
index 21330a7f9..0296179b8 100644
--- a/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-healthcheck.j2
+++ b/tripleo_ansible/roles/tripleo_container_manage/templates/systemd-healthcheck.j2
@@ -4,7 +4,7 @@ After=tripleo-container-shutdown.service tripleo_{{ container_sysd_name }}.servi
 Requisite=tripleo_{{ container_sysd_name }}.service
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/podman exec {{ container_sysd_name }} {{ container_sysd_data.healthcheck.test }}
+ExecStart=/usr/bin/podman exec --user root {{ container_sysd_name }} {{ container_sysd_data.healthcheck.test }}
 SyslogIdentifier=healthcheck_{{ container_sysd_name }}
 [Install]
 WantedBy=multi-user.target