Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Run httpd using kolla #620

Merged
merged 1 commit into from
Sep 10, 2024

Conversation

fmount
Copy link
Contributor

@fmount fmount commented Sep 9, 2024

Instead of running the httpd -DFOREGROUND command as entry point for the -httpd sidecar container, this change moves the file copy and deployment logic to kolla.
This is a requirement to not run the container as root user, because kolla helps to apply the right permissions to the config files (and pid) used by the process.
The switch from root user to GlanceUID (already present as const) will be part of a different patch, which is already in progress (#610)

Jira: https://issues.redhat.com/browse/OSPRH-10040
Jira: https://issues.redhat.com/browse/OSPRH-10143

@fmount fmount requested a review from konan-abhi September 9, 2024 20:39
@fmount fmount requested review from abays and removed request for viroel and frenzyfriday September 9, 2024 20:39
@openshift-ci openshift-ci bot added the approved label Sep 9, 2024
@fmount
Copy link
Contributor Author

fmount commented Sep 9, 2024

@maximsava12 FYI

@fmount fmount force-pushed the scc-httpd branch 3 times, most recently from 727a145 to bb7bead Compare September 10, 2024 06:54
Copy link
Contributor

@abays abays left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know much about kolla, but so far the changes look reasonable to me

@fmount
Copy link
Contributor Author

fmount commented Sep 10, 2024

I don't know much about kolla, but so far the changes look reasonable to me

Yeah, the goal is to have flexibility in setting permissions to directories, and use the builtin scripts to copy files. The next step, after this patch lands (I'm going to fix kuttl), is to add the appropriate securityContext to the httpd sidecar and run the process as Glance user (provided by kolla) instead of root.
I'm trying to do smaller and focused changes instead of a big messy patch.

@fmount fmount force-pushed the scc-httpd branch 2 times, most recently from d28ca0a to 9e6cd1a Compare September 10, 2024 09:56
Instead of running the httpd -DFOREGROUND command as entrypoint for the
-httpd sidecar container, this change moves the file copy and deployment
logic to kolla.
This is a requirement to not run the container as root user, because
kolla helps to apply the right permissions to the config files (and pid)
used by the process.
The switch from root user to GlanceUID (already present as const) will
be part of a different patch.

Signed-off-by: Francesco Pantano <[email protected]>
Copy link
Contributor

@abays abays left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Copy link
Contributor

openshift-ci bot commented Sep 10, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abays, fmount

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 5a518ee into openstack-k8s-operators:main Sep 10, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants