Merge "Make sure sensubility has proper permission" into stable/wallaby
This commit is contained in:
Zuul
Gerrit Code Review
commit
2ab74ea065
@ -15,6 +15,7 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import json
|
import json
|
||||||
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
@ -30,6 +31,14 @@ SKIP_LIST = ['_bootstrap', 'container-puppet-', '_db_sync',
|
|||||||
|
|
||||||
def execute(cmd, workdir: str = None,
|
def execute(cmd, workdir: str = None,
|
||||||
prev_proc: subprocess.Popen = None) -> subprocess.Popen:
|
prev_proc: subprocess.Popen = None) -> subprocess.Popen:
|
||||||
|
# Note(mmagr): When this script is executed by collectd-sensubility started
|
||||||
|
# via collectd the script has non-root permission but inherits
|
||||||
|
# environment from collectd with root permission. We need
|
||||||
|
# to avoid sensubility access /root when using podman-remote.
|
||||||
|
# See https://bugzilla.redhat.com/show_bug.cgi?id=2091076 for
|
||||||
|
# more info.
|
||||||
|
proc_env = os.environ.copy()
|
||||||
|
proc_env["HOME"] = "/tmp"
|
||||||
if type(cmd[0]) is list: # multiple piped commands
|
if type(cmd[0]) is list: # multiple piped commands
|
||||||
last = prev_proc
|
last = prev_proc
|
||||||
for c in cmd:
|
for c in cmd:
|
||||||
@ -37,7 +46,7 @@ def execute(cmd, workdir: str = None,
|
|||||||
return last
|
return last
|
||||||
else: # single command
|
else: # single command
|
||||||
inpipe = prev_proc.stdout if prev_proc is not None else None
|
inpipe = prev_proc.stdout if prev_proc is not None else None
|
||||||
proc = subprocess.Popen(cmd, cwd=workdir, stdin=inpipe,
|
proc = subprocess.Popen(cmd, cwd=workdir, env=proc_env, stdin=inpipe,
|
||||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||||
if prev_proc is not None:
|
if prev_proc is not None:
|
||||||
prev_proc.stdout.close()
|
prev_proc.stdout.close()
|
||||||
|
|||||||
@ -573,7 +573,7 @@ outputs:
|
|||||||
mode: "0755"
|
mode: "0755"
|
||||||
content: { get_file: ../../container_config_scripts/monitoring/collectd_check_health.py }
|
content: { get_file: ../../container_config_scripts/monitoring/collectd_check_health.py }
|
||||||
docker_config:
|
docker_config:
|
||||||
step_5:
|
step_3:
|
||||||
collectd:
|
collectd:
|
||||||
image: {get_param: ContainerCollectdImage}
|
image: {get_param: ContainerCollectdImage}
|
||||||
net: host
|
net: host
|
||||||
@ -638,6 +638,11 @@ outputs:
|
|||||||
service:
|
service:
|
||||||
name: rsyslog
|
name: rsyslog
|
||||||
state: restarted
|
state: restarted
|
||||||
|
- name: add access to podman to collectd user
|
||||||
|
ansible.builtin.shell: sudo podman exec -it collectd setfacl -R -m u:collectd:rwx /run/podman
|
||||||
|
when:
|
||||||
|
- enable_sensubility
|
||||||
|
- step|int == 4
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
- name: create persistent directories
|
- name: create persistent directories
|
||||||
file:
|
file:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user