Closed tkatsoulas closed 1 year ago
luisj1983
commented
1 year ago @tkatsoulas
tkatsoulas
commented
1 year ago Why is this described as "unsecure"? Is that a reference to the use of cgroups etc. in the molecule.yml?
There is nothing "wrong" with your code, Sorry for labeling it as not secure, I was just hoping I could find a way to run the molecule test without having a molecule test executing privileged code in any user/host system. AFA testing via GH actions (per PR) we could run them even now.
What does it mean to say that the molecule tests are hanging? I've run them on all the platforms with no issues.
At the moment, I was referring to the "after this merge"
luisj1983
commented
1 year ago @tkatsoulas Thank you very much for clarifying :-) I agree that it is much more preferable to run this container as unprivileged. I just am not sure if that's possible if one wants systemd to work in the container (at least based on what I've read so far). I haven't tested it yet, but assuming that Netdata can install on, for example, Ubuntu without systemd then that could work; but I worry that it then wouldn't represent the typical installation and environment.
Connected, but perhaps slightly tangentially, I have been playing with whether we ought to be using the one-liner installer method in the playbooks. If that turns out to be a smart idea then a lot will turn on how that installer handles the absence of systemd on Ubuntu.
I'll be in touch directly to discuss this some more and see what magic you can bring to solving this!
I rushed my previous code inspection. This code shouldn't be on the master no matter how it makes our lifes easy. At the moment molecule tests are hanging, I will take a look first thing tomorrow to find a workaround