search

fusor / apb-examples

A repository of example ansible-playbook bundles. THIS REPO IS DEPRECATED. Please look at https://github.com/ansibleplaybookbundle/ For updated examples.
13 stars 26 forks source link

Use a writable destination to store the temporary credentials file #78

Closed codificat closed 7 years ago

codificat commented 7 years ago

When running under an arbitrary UID (e.g. under the default restricted OpenShift SCC) we can't write to /etc/apb, so we get failures like:

TASK [rhscl-postgresql-apb-openshift : copy] ***********************************
fatal: [localhost]: FAILED! => {"changed": false, "checksum": "e3a28f79922c1e4525d97519c2e7209584d45e29", "failed": true, "msg": "Destination /etc/apb not writable"}

A suggestion is to use /var/tmp instead of /etc/apb as a place to store the temporary credentials file.

Alternatively we could [ab]use the group ID and make /etc/apb writable, but /var/tmp sounds like a better place for temporary data anyway and doesn't need special tweaks.

codificat commented 7 years ago

@rthallisey @fabianvf @eriknelson this is related to the chat we had yesterday. Does that sound reasonable?

jmrodri commented 7 years ago

This came up in review. Will require broker change. But this is more appropriate for writ temporary files.

codificat commented 7 years ago

About requiring a broker change: isn't the broker unaware of the location of the temporary credentials file? If I understood correctly, the broker just execs into the container and runs broker-bind-creds, no?