From 612fb2e0626d2dbc80ac80d7621277dc408be121 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 16 Sep 2024 13:41:00 -0700 Subject: [PATCH] Set git repo ownership for nodepool dib integration testing We run nodepool-builder as root in the integration testing but /home/zuul/src repos are owned by zuul. When git tries to do local clones of these repos it fails because security concerns mean it will not talk to git repos owned by a different user. Address this by chowning /home/zuul/src and its contents to root:root. We don't use the git config method because that would require modifying the container image and that seems less ideal than making the test environment match what we need. Change-Id: Idf78c50180b7b989082befe797f5003ebb29ec5b --- .../run.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/playbooks/nodepool-functional-container-openstack/run.yaml b/playbooks/nodepool-functional-container-openstack/run.yaml index fd1a3cd3d..e5ad1aa48 100644 --- a/playbooks/nodepool-functional-container-openstack/run.yaml +++ b/playbooks/nodepool-functional-container-openstack/run.yaml @@ -92,6 +92,20 @@ dest: /etc/nodepool/docker-compose.yaml mode: 0600 + - name: Change git repo ownership + # Git doesn't want to perform actions against local git repos owned + # by a user other than the one invoking the git commands for security + # reasons. We run podman-compose below as root which should run the + # builder as root. Therefore we need to chown the git repos to root + # so that we can use them as the source of information for the builds. + file: + path: /home/zuul/src/ + state: directory + owner: 'root' + group: 'root' + recurse: true + become: yes + - name: Run podman compose pull shell: cmd: podman-compose pull