Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: updating tini init command in direct mount toolbox #9423

Merged
merged 2 commits into from Dec 14, 2021
Merged

build: updating tini init command in direct mount toolbox #9423

merged 2 commits into from Dec 14, 2021

Conversation

parth-gr
Copy link
Member

the tini have been removed but was still present at direct mount
used the bin/bash shell in place of tini

Closes: #9382
Signed-off-by: parth-gr paarora@redhat.com

Description of your changes:

Which issue is resolved by this Pull Request:
Resolves #

Checklist:

  • Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide.
  • Skip Tests for Docs: Add the flag for skipping the build if this is only a documentation change. See here for the flag.
  • Skip Unrelated Tests: Add a flag to run tests for a specific storage provider. See test options.
  • Reviewed the developer guide on Submitting a Pull Request
  • Documentation has been updated, if necessary.
  • Unit tests have been added, if necessary.
  • Integration tests have been added, if necessary.
  • Pending release notes updated with breaking and/or notable changes, if necessary.
  • Upgrade from previous release is tested and upgrade user guide is updated, if necessary.
  • Code generation (make codegen) has been run to update object specifications, if necessary.

@parth-gr parth-gr added the WIP Work in Progress label Dec 14, 2021
leseb
leseb requested changes Dec 14, 2021
View reviewed changes
Copy link
Member

@leseb leseb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a TTY like https://github.com/rook/rook/blob/master/deploy/examples/toolbox.yaml#L25

@parth-gr
build: updating tini init command in direct mount toolbox
bd3e558 
the tini have been removed but was still present at direct mount
used the bin/bash shell in place of tini

Closes: rook#9382
Signed-off-by: parth-gr <paarora@redhat.com>
@leseb leseb added the skip-ci label Dec 14, 2021
@leseb
Copy link
Member

leseb commented Dec 14, 2021

Is it still WIP?

@parth-gr parth-gr removed the WIP Work in Progress label Dec 14, 2021
@parth-gr
Copy link
Member Author

parth-gr commented Dec 14, 2021
edited

Is it still WIP?

was just testing it locally

subhamkrai
subhamkrai reviewed Dec 14, 2021
View reviewed changes
Copy link
Contributor

@subhamkrai subhamkrai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need manual BP to 1.8 right?
@leseb do we need to update securityContext ...may as separate PR?

@leseb
Copy link
Member

leseb commented Dec 14, 2021

We need manual BP to 1.8 right?

Why manual?

@leseb do we need to update securityContext ...may as separate PR?

Actually yes, we just need to force runAsUser: 0 and keep it privileged.

@parth-gr ^

leseb
leseb requested changes Dec 14, 2021
View reviewed changes
Copy link
Member

@leseb leseb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#9423 (comment)

@subhamkrai
Copy link
Contributor

We need manual BP to 1.8 right?

Why manual?

actually, manual BP is not required I got confused when I saw master

@parth-gr
build: update the securityContext of direct mount container
bc355c6 
update securityContext to runAsUser: 0
so container can run as a root user

Signed-off-by: parth-gr <paarora@redhat.com>
@parth-gr
Copy link
Member Author

parth-gr commented Dec 14, 2021
edited

I am able to see the direct-mount pod locally, the deployment is created.
rook-direct-mount 0/1 0 0 9m10s

PS: -> sorry not able

@parth-gr
Copy link
Member Author

parth-gr commented Dec 14, 2021
edited

some errors from replicaSet:

Error creating: pods "rook-direct-mount-585754d4cb-" is forbidden: unable to validate against any security context constraint: [provider restricted: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.runAsUser: Invalid value: 0: must be in the ranges: [1000620000, 1000629999] spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used provider rook-ceph: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used]

@leseb
Copy link
Member

leseb commented Dec 14, 2021

some errors from replicaSet:

Error creating: pods "rook-direct-mount-585754d4cb-" is forbidden: unable to validate against any security context constraint: [provider restricted: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.volumes[0]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[1]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.volumes[2]: Invalid value: "hostPath": hostPath volumes are not allowed to be used spec.containers[0].securityContext.runAsUser: Invalid value: 0: must be in the ranges: [1000620000, 1000629999] spec.containers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used provider rook-ceph: .spec.securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used spec.containers[0].securityContext.hostNetwork: Invalid value: true: Host network is not allowed to be used]

OCP?

@parth-gr
Copy link
Member Author

parth-gr commented Dec 14, 2021
edited

OCP?

yes

should I try it on minikube?

@leseb
Copy link
Member

leseb commented Dec 14, 2021

OCP?

yes

OCP?

yes

should I try it on minikube?

It's because the SCC used does not have allowHostNetwork: true. Just edit it.

@parth-gr
Copy link
Member Author

parth-gr commented Dec 14, 2021
edited

It's because the SCC used does not have allowHostNetwork: true. Just edit it.

@leseb it works now thanks, I can see the rook-direct-mount-84dc6bddfc-xk6m7 running healthy.
will be good for merging :)

@travisn travisn merged commit 8c4a239 into rook:master Dec 14, 2021
@mergify mergify bot mentioned this pull request Dec 14, 2021
Merged
mergify bot added a commit that referenced this pull request Dec 14, 2021
@mergify
Merge pull request #9425 from rook/mergify/bp/release-1.8/pr-9423
54f3008 
build: updating tini init command in direct mount toolbox (backport #9423)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leseb leseb leseb approved these changes

@subhamkrai subhamkrai subhamkrai approved these changes

Assignees
No one assigned
Labels
skip-ci
Projects
None yet
Milestone
No milestone
4 participants
@parth-gr @leseb @subhamkrai @travisn