-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove sudo requirement (PROJQUAY-4630) #103
Conversation
485b092
to
9f92916
Compare
9f92916
to
f2d46e6
Compare
f2d46e6
to
4a8ae45
Compare
4a8ae45
to
83f7ad7
Compare
83f7ad7
to
6844c3a
Compare
6844c3a
to
9fca5b1
Compare
9fca5b1
to
4c9bf01
Compare
4c9bf01
to
0532a72
Compare
CI will fail because we don't allow changes to CI from open PRs. Probably going to require a follow up PR or two to sort out CI. |
ad582d7
to
12d816f
Compare
@@ -10,7 +10,7 @@ TimeoutStartSec=5m | |||
ExecStartPre=-/bin/rm -f %t/%n-pid %t/%n-cid | |||
ExecStart=/usr/bin/podman run \ | |||
--name quay-postgres \ | |||
-v {{ quay_root }}/pg-data:/var/lib/pgsql/data:Z \ | |||
-v quay-postgres-data:/var/lib/pgsql/data:Z \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we still keep the named volume somewhere inside quay_root
? I think we should keep the ability that a user can specify their pg mount path especially since it can get quite large over time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was running into permissions errors as a non-root user when using bind mounts with the postgres container. The postgres user is different than the non-root user and I was having trouble writing to quay_root
. Tried a couple different things, but couldn't get it working. Not sure if it's an selinux thing, but dropping in a named volume worked so I went with it. Maybe you know how I can work around user permissions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SELinux forces you to set special permissions on a directory before being able to mount it. That is the reason for these steps in each of the service setup tasks. https://github.com/quay/mirror-registry/blob/main/ansible-runner/context/app/project/roles/mirror_appliance/tasks/install-postgres-service.yaml#L7 Maybe we have to update the user there?
a8c0a8b
to
3a09278
Compare
Signed-off-by: Dave O'Connor <doconnor@redhat.com>
3a09278
to
13f049a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
root
quay-install
location to be in a user writeable directory,$HOME/quay-install
--quayRoot
,--quayStorage
andpgStorage
flags to change install location, but previous root requirement is needed.*Example:
$ ./mirror-registry install -v --quayRoot /home/doconnor/quay-install --quayStorage /home/doconnor/quay-install/quay-storage --pgStorage /home/doconnor/quay-install/pg-data
quay-postgres-data
/etc/hosts
to be updated/etc/hosts
, this is incompatible with a rootless installmirror-registry
tov1.3.0
and includes Quay 3.8.0 for IPv6 support