search

tinkerbell / actions

Suite of Tinkerbell Actions for use in Tinkerbell Workflows
Apache License 2.0
28 stars 43 forks source link

bump go version, fix /dev/null permission after RW mount of /dev and add /dev/pts mount #105

Closed Cajga closed 8 months ago

Cajga commented 8 months ago

Description

This PR fixes the following problem: https://github.com/tinkerbell/hook/issues/142

When this merged, one can run apt update with cexec on Ubuntu 22.04 with the following CMD_LINE:

CMD_LINE: echo 'nameserver IPOFYOURNAMESERVER' > /etc/resolv.conf && export NEEDRESTART_SUSPEND=true && apt -y update && apt install -y nfs-common open-iscsi....

Why is this needed

Currently, due to the 0660 /dev/null, apt update cannot run. See details of the issue in the linked ticket.

Fixes: https://github.com/tinkerbell/hook/issues/142

How Has This Been Tested?

I've built a cexec container and successfully installed several packages into an Ubuntu 22.04 in EKS Anywhere bare metal(using tinkerbell).

How are existing users impacted? What migration steps/scripts do we need?

While this may not be the most elegant solution (we possibly should fix hook's kernel to have proper /dev/null permission on devtmpfs mount) it allows tinkerbell/cexec users to run apt (and any other commands that needs user writable /dev/null) in a backwards compatible way (it does not break anything).

Checklist:

I have:

jacobweinstock commented 8 months ago

Hey @Cajga , thanks for this but I would prefer if we don't fix Hook issues in individual actions. I've created https://github.com/tinkerbell/hook/pull/200 that should address this the /dev/null permissions issue. Once that one lands, would you mind testing Hook?

Cajga commented 8 months ago

Hi @jacobweinstock, I fully agree with you. I used this as a quick workaround for us and thought to drop it as a PR. Sure, I can test hook but we are using EKS Anywhere so I will need to test with that. As far as I remember there are some documentation how to do that... I will look it up. (Note, I am in CET so, may take a while)

jacobweinstock commented 8 months ago

Hi @jacobweinstock, I fully agree with you. I used this as a quick workaround for us and thought to drop it as a PR. Sure, I can test hook but we are using EKS Anywhere so I will need to test with that. As far as I remember there are some documentation how to do that... I will look it up. (Note, I am in CET so, may take a while)

For sure. Thanks. FYI: https://anywhere.eks.amazonaws.com/docs/getting-started/baremetal/bare-spec/#example-tinkerbelldatacenterconfigspec

Cajga commented 8 months ago

Hi @jacobweinstock, I fully agree with you. I used this as a quick workaround for us and thought to drop it as a PR. Sure, I can test hook but we are using EKS Anywhere so I will need to test with that. As far as I remember there are some documentation how to do that... I will look it up. (Note, I am in CET so, may take a while)

For sure. Thanks. FYI: https://anywhere.eks.amazonaws.com/docs/getting-started/baremetal/bare-spec/#example-tinkerbelldatacenterconfigspec

Thanks for the link. Tomorrow, I will test it and get back to the original ticket with the results.