Set proper permissions on docker filesystem

The puppet manifests are currently setting the file permissions for the docker filesystem (/var/lib/docker) to 750. However, docker changes the permissions to 711. The result of this is that whenever the puppet manifests are applied, the permissions are changed, which has a cascading effect, causing docker to be restarted and all running pods to be stopped. In the AIO-SX, this happens when the compute manifests are applied, resulting in all pods being torn down while kubernetes is in the middle of trying to start them. This is bad. The solution is to update puppet to set the permissions for the docker filesystem to 711. That way, puppet will not change the permissions or restart docker. Change-Id: I0a7ca6f21947841afe4ca3a8ba6b4f49e58d5e8a Story: 2004520 Task: 28573 Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
2018-12-19 13:10:38 -06:00 · 2018-12-19 13:10:38 -06:00 · 3023f39f83
parent bdba2e955e
commit 3023f39f83
1 changed files with 4 additions and 2 deletions
--- a/puppet-manifests/src/modules/platform/manifests/filesystem.pp
+++ b/puppet-manifests/src/modules/platform/manifests/filesystem.pp
@ -10,6 +10,7 @@ define platform::filesystem (
  $fs_type,
  $fs_options,
  $fs_use_all = false,
+  $mode = '0750',
 ) {
  include ::platform::filesystem::params
  $vg_name = $::platform::filesystem::params::vg_name
@ -45,7 +46,7 @@ define platform::filesystem (
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
-    mode    => '0750',
+    mode    => $mode,
  } ->

  mount { $name:
@ -186,7 +187,8 @@ class platform::filesystem::docker
      mountpoint => $mountpoint,
      fs_type => $fs_type,
      fs_options => $fs_options,
-      fs_use_all => $fs_use_all
+      fs_use_all => $fs_use_all,
+      mode => '0711',
    }
  }
 }