-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch all active CI Docker Images to use ci-runner
username for 1000 uid
#4191
Comments
All this looks reasonable, I would just expect the home directory of a user that is not owning a service and can basically run arbitrary commands to be in While on this and for further unification, the future you may be happier if you give room for more "work UIDs" after the |
That is a solid callout and I think /home is definitely great in this case. I am happy to just use /home/ci-runner for all the new images that I am cooking up now. Thanks. |
All image sync has been completed with new images built in both DockerHub and ECR. Thanks. |
As of now, all opensearch build images are using
opensearch
user on/usr/share/opensearch
, and opensearch-dashboards build images are usingopensearch-dashboards
user on/usr/share/opensearch-dashboards
home.In this two issues a problem has been exposed with this approach:
Both user on
1000
on separate images have clashed the home dir with deb/rpm installation directories. With @smortex PR to tighten the permissions on deb/rpm, it breaks all the integTest workflows.The temp solution at the time in #4050 is to introduce a
test-user
. Now we should change all the CI images to a unified userci-runner
in1000
uid on/usr/share/ci-runner
so images are not having different username for uid1000
, and it is easier to manage and maintain over time, while avoiding above conflicts from the start.Thanks.
The text was updated successfully, but these errors were encountered: