bootstrap: Work around systemd-journal-gateway DynamicUser=yes

In RHEL8 journald switched to `DynamicUser=yes`, we can't reference the user at Ignition time. Let's hack around this by adding a fixed version of the user and doing the chown.
openshift · Mar 20, 2019 · c351b9a · c351b9a
1 parent 43127da
commit c351b9a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/data/data/bootstrap/systemd/units/systemd-journal-gatewayd.service.d/certs.conf b/data/data/bootstrap/systemd/units/systemd-journal-gatewayd.service.d/certs.conf
@@ -1,4 +1,8 @@
 [Service]
+# In RHEL8 the service uses DynamicUser=yes; we need to work both ways, so hence
+# we hack this by adding the user if it doesn't exist and chown the file, rather
+# than doing it in Ignition.
+ExecStartPre=/bin/sh -c "if ! getent passwd systemd-journal-gateway &>/dev/null; then useradd -r systemd-journal-gateway; fi && chown systemd-journal-gateway: /opt/openshift/tls/journal-gatewayd.key"
 ExecStart=
 ExecStart=/usr/lib/systemd/systemd-journal-gatewayd \
   --key=/opt/openshift/tls/journal-gatewayd.key \

diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go
@@ -425,7 +425,7 @@ func (a *Bootstrap) addParentFiles(dependencies asset.Parents) {
 
 	journal := &tls.JournalCertKey{}
 	dependencies.Get(journal)
-	a.Config.Storage.Files = append(a.Config.Storage.Files, ignition.FilesFromAsset(rootDir, "systemd-journal-gateway", 0600, journal)...)
+	a.Config.Storage.Files = append(a.Config.Storage.Files, ignition.FilesFromAsset(rootDir, "root", 0600, journal)...)
 }
 
 func applyTemplateData(template *template.Template, templateData interface{}) string {