I run PuppetDB and Puppet Server in Kubernetes, with the pods being configured to start as non-root and with read-only root filesystem and mounts for configuration. Currently the PuppetDB container fails to start in this configuration:
[...]
Running /docker-entrypoint.d/20-configure-ssl.sh
Setting ownership for /opt/puppetlabs/server/data/puppetdb/certs to puppetdb:puppetdb
chown: changing ownership of '/opt/puppetlabs/server/data/puppetdb/certs': Operation not permitted
The docker-entrypoint.d/20-configure-ssl.sh script unconditionally runs:
chown -R puppetdb:puppetdb ${SSLDIR}
The simple fix for this would be to avoid trying to chown unless running as root and the directory is writeable. A PR is incoming.
I run PuppetDB and Puppet Server in Kubernetes, with the pods being configured to start as non-root and with read-only root filesystem and mounts for configuration. Currently the PuppetDB container fails to start in this configuration:
The
docker-entrypoint.d/20-configure-ssl.shscript unconditionally runs:The simple fix for this would be to avoid trying to
chownunless running asrootand the directory is writeable. A PR is incoming.