-
-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow replacing stanley with an alternate user #208
Comments
👍 |
Shall I add this to #206? |
I think it's better to keep them separated for the better history and faster iteration. Eg merging #206 first. |
Once |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In my environment, the security team has strict requirements about the naming of service user accounts, so I can't us stanley.
In the
st2.config
value, I can change that user, and the ssh key as shown in https://github.com/StackStorm/st2/blob/master/conf/st2.conf.sample#L317-L321Then, I can use a custom
st2actionrunner
image that adds thenotstanley
account and home directory.But, the name
stanley
is hard-coded in a couple of places. This is for thest2actionrunner
pod, but the same applies to thest2client
pod as well.https://github.com/StackStorm/stackstorm-ha/blob/aabf3dcb201a86d5ddf6717cffc9dd76267181b5/templates/deployments.yaml#L1033-L1035
https://github.com/StackStorm/stackstorm-ha/blob/aabf3dcb201a86d5ddf6717cffc9dd76267181b5/templates/deployments.yaml#L1070-L1073
I think I would add new options in values:
Then, in st2-config configmap (in
st2.docker.conf
), add:With similar changes to
templates/deployments.yaml
for the ssh key mount paths.I'm working on fixing the ssh key file permissions in #203 (to fix #84) so it would be easy to include this change in there, or I can wait till after that (or similar) is merged and add the configuration on top of it in a separate PR.
The text was updated successfully, but these errors were encountered: