Bug 1884812: Addressing permissions warning in ES start up logs

[ewolinetz]

Still unable to address due to ES not running as USER 1000:

[2020-09-24T20:41:22,267][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [elasticsearch-cdm-j8482ktr-1] Directory /etc/elasticsearch has insecure file permissions (should be 0700)
[2020-09-24T20:41:22,267][WARN ][c.a.o.s.OpenDistroSecurityPlugin] [elasticsearch-cdm-j8482ktr-1] Directory /etc/elasticsearch/scripts has insecure file permissions (should be 0700)

sh-4.2$ id
uid=1000580000(1000580000) gid=0(root) groups=0(root),1000580000
sh-4.2$ ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
1000580+       1       0 21 20:41 ?        00:01:01 /usr/lib/jvm/jre/bin/java -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.nega
1000580+     155       1  0 20:41 ?        00:00:00 [init.sh] <defunct>
1000580+    2090       0  0 20:44 pts/0    00:00:00 /bin/sh
1000580+    2778    2090  0 20:45 pts/0    00:00:00 ps -ef

[jcantrill]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ewolinetz, jcantrill

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ewolinetz,jcantrill]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ewolinetz]

Unable to address the /etc/elasticsearch and /etc/elasticsearch/scripts dirs due to our current SA run-as policy... we can follow that up later.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@ewolinetz: This pull request references Bugzilla bug 1884812, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.6.0) matches configured target release for branch (4.6.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1884812: Addressing permissions warning in ES start up logs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ewolinetz]

/refresh

[openshift-ci-robot]

@ewolinetz: All pull requests linked via external trackers have merged:

• openshift/origin-aggregated-logging#1991

Bugzilla bug 1884812 has been moved to the MODIFIED state.

In response to this:

Bug 1884812: Addressing permissions warning in ES start up logs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.