New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup correct permissions for etcd config dir, fixes #10289 #10291
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: morsik If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @morsik. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Can one of the admins verify this patch?
|
@@ -145,6 +145,8 @@ | |||
unarchive: | |||
src: "/tmp/{{ inventory_hostname }}/{{ etcd_generated_certs_dir }}/{{ etcd_cert_subdir }}.tgz" | |||
dest: "{{ etcd_cert_config_dir }}" | |||
owner: etcd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it necessary? Tarball should preserve permissions set on etcd_ca_host
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You tell me ;)
Without this it restores file owner/group with root:root
which makes etcd fail to read it's configuration.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does etcd_ca_host
has these set with root:root
? What's you config - standalone etcd or static pods?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vrutkovs: I tried manually set etcd:etcd
(using chown -R etcd:etcd /etc/etcd
) but Ansible later sets it to root:root
anyway with this task. I tried also reinstalling etcd.
This is fresh cluster installed yestarday, and yestarday I issued redeploy_certificates
which broke whole cluster cause of this problem.
Master branch is closed! A major refactor is ongoing in devel-40. Changes for 3.x should be made directly to the latest release branch they're relevant to and backported from there. |
See #10289
Putting this into
master
branch. Will need to backport that torelease-3.11
andrelease-3.10
too.After changing this and rerunning
redeploy_certificates
my cluster is back again.