Skip to content

Commit

Permalink
fix: chmod etcd PKI path to fix virtual IP for upgrades with persistence
Browse files Browse the repository at this point in the history 
On upgrade with persistenct, etcd PKI path retains old mode 0600 which
breaks networkd bind mount for etcd certs.

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
  • Loading branch information
@smira @talos-bot
smira authored and talos-bot committed Mar 3, 2021
1 parent ec72ae8 commit 044fb77
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions internal/app/machined/pkg/system/services/networkd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,11 @@ func (n *Networkd) Runner(r runtime.Runtime) (runner.Runner, error) {
return nil, err
}

// Fix up permissions, as after upgrade with preserve EtcdPKIPath might retain old 0o644 permissions
if err := os.Chmod(constants.EtcdPKIPath, 0o700); err != nil {
return nil, err
}

mounts = append(mounts,
specs.Mount{Type: "bind", Destination: constants.EtcdPKIPath, Source: constants.EtcdPKIPath, Options: []string{"rbind", "ro"}},
)
Expand Down

0 comments on commit 044fb77

Please sign in to comment.