From 3023f39f83f868748266e0285b5df31ae9a7b843 Mon Sep 17 00:00:00 2001 From: Bart Wensley Date: Wed, 19 Dec 2018 13:10:38 -0600 Subject: [PATCH] Set proper permissions on docker filesystem The puppet manifests are currently setting the file permissions for the docker filesystem (/var/lib/docker) to 750. However, docker changes the permissions to 711. The result of this is that whenever the puppet manifests are applied, the permissions are changed, which has a cascading effect, causing docker to be restarted and all running pods to be stopped. In the AIO-SX, this happens when the compute manifests are applied, resulting in all pods being torn down while kubernetes is in the middle of trying to start them. This is bad. The solution is to update puppet to set the permissions for the docker filesystem to 711. That way, puppet will not change the permissions or restart docker. Change-Id: I0a7ca6f21947841afe4ca3a8ba6b4f49e58d5e8a Story: 2004520 Task: 28573 Signed-off-by: Bart Wensley --- .../src/modules/platform/manifests/filesystem.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/puppet-manifests/src/modules/platform/manifests/filesystem.pp b/puppet-manifests/src/modules/platform/manifests/filesystem.pp index e691f49218..b317994718 100644 --- a/puppet-manifests/src/modules/platform/manifests/filesystem.pp +++ b/puppet-manifests/src/modules/platform/manifests/filesystem.pp @@ -10,6 +10,7 @@ define platform::filesystem ( $fs_type, $fs_options, $fs_use_all = false, + $mode = '0750', ) { include ::platform::filesystem::params $vg_name = $::platform::filesystem::params::vg_name @@ -45,7 +46,7 @@ define platform::filesystem ( ensure => 'directory', owner => 'root', group => 'root', - mode => '0750', + mode => $mode, } -> mount { $name: @@ -186,7 +187,8 @@ class platform::filesystem::docker mountpoint => $mountpoint, fs_type => $fs_type, fs_options => $fs_options, - fs_use_all => $fs_use_all + fs_use_all => $fs_use_all, + mode => '0711', } } }