Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't run epicli as root in container #624

Closed
lukurde opened this issue Oct 18, 2019 · 0 comments
Closed

don't run epicli as root in container #624

lukurde opened this issue Oct 18, 2019 · 0 comments
Assignees
@seriva
Labels
area/security type/bug
Projects
Bugs All Work

Comments

@lukurde
Copy link
Contributor

lukurde commented Oct 18, 2019

By default docker image 0.4.1 runs root user for epicli. There shouldn't be need for that, and this raises issue with ansible:

{"asctime": "14:01:38", "levelname": "INFO", "name": "cli.engine.ansible.AnsibleCommand", "message": "fatal: [master]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.100.136' (ECDSA) to the list of known hosts.\r\nControl socket connect(/root/.ansible/cp/774fde95b3): Connection refused\r\nFailed to connect to new control master", "unreachable": true}"}

Ansible on some configurations doesn't have permissions to write sockets to /root/.ansible/cp

Workaround:

    mkdir /root/.ansible
    ln -s /dev/shm /root/.ansible/cp
@lukurde lukurde changed the title Control socket connect(/root/.ansible/cp/774fde95b3): Connection refused don't run as root in a container Oct 18, 2019
@lukurde lukurde added this to Needs triage in Bugs Oct 21, 2019
@to-bar to-bar changed the title don't run as root in a container don't run epicli as root in container Oct 22, 2019
@toszo toszo moved this from Needs triage to Low priority in Bugs Jan 20, 2020
@seriva seriva mentioned this issue Mar 16, 2020
Merged
@seriva seriva self-assigned this Mar 16, 2020
@seriva seriva added this to To do in All Work via automation Mar 16, 2020
@seriva seriva moved this from To do to Needs review in All Work Mar 16, 2020
seriva added a commit that referenced this issue Mar 17, 2020
@seriva
Merge pull request #1025 from seriva/fix/epicli-user
bf4fe49 
- Added user to Epicli to fix security issues, reported externally and by Lukasz a while back (#624)
- Bumped version to 0.6.0
@seriva seriva moved this from Needs review to Reviewer approved in All Work Mar 19, 2020
@seriva seriva closed this as completed Mar 24, 2020
All Work automation moved this from Reviewer approved to Done Mar 24, 2020
Bugs automation moved this from Low priority to Closed Mar 24, 2020
@seriva seriva mentioned this issue Mar 25, 2020
Merged
to-bar pushed a commit to to-bar/epiphany that referenced this issue May 6, 2020
@seriva
Merge pull request hitachienergy#1025 from seriva/fix/epicli-user
c92cc3a 
- Added user to Epicli to fix security issues, reported externally and by Lukasz a while back (hitachienergy#624)
- Bumped version to 0.6.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seriva seriva

Labels
area/security type/bug
Projects
No open projects
All Work
  
Done
Bugs
  
Closed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seriva @lukurde @alkaja