Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OpenShift] Modifications to the shell scripts that bootstrap the servers #4472

Merged
merged 1 commit into from
Mar 20, 2017
Merged

[OpenShift] Modifications to the shell scripts that bootstrap the servers #4472

merged 1 commit into from
Mar 20, 2017

Conversation

l0rd
Copy link
Contributor

@l0rd l0rd commented Mar 17, 2017
edited by JamesDrummond
Loading

What does this PR do?

  • Remove RunAs instruction when starting a workspace. Container will run as an arbitrary user (usually with a UID that doesn't match any host UID) and with security constraint restricted (that's the most secure scc in OpenShift).
  • Modify the scripts that bootstrap the servers (wsagent, terminal etc...) to avoid usage of sudo when the container is run as an arbitrary user. That works only if some modified Docker images are used.
  • Change stacks.json to point to these modified Docker images
  • Disable SSH

Changelog

Modifications to the shell scripts that bootstrap the servers

@codenvy-ci
Copy link

Can one of the admins verify this patch?

@l0rd l0rd mentioned this pull request Mar 17, 2017
Merged
@l0rd l0rd requested review from ibuziuk and amisevsk March 17, 2017 23:25
@mlabuda mlabuda mentioned this pull request Mar 20, 2017
Merged
@l0rd l0rd force-pushed the get-rid-of-anyuid branch from b3da37a to fa60ea5 Compare March 20, 2017 10:26
@ibuziuk
Copy link
Member

ibuziuk commented Mar 20, 2017

@l0rd for now this change is supposed to work only with vertx & ubuntu_jdk8 patched versions of stacks, right ?

@ibuziuk
Copy link
Member

ibuziuk commented Mar 20, 2017
edited
Loading

@l0rd For me PR worked just fine against rhche/ubuntu_jdk8 stack but for rhche/vertx I got permission denied:

[dev-machine] [STDOUT] Terminal Agent will be downloaded from Workspace Master
[dev-machine] [STDERR] mkdir: cannot create directory '//che': Permission denied
[dev-machine] [STDERR] 
[dev-machine] [STDERR] gzip: stdin: unexpected end of file
[dev-machine] [STDERR] tar: Child returned status 1
[dev-machine] [STDERR] tar: Error is not recoverable: exiting now
[dev-machine] [STDERR] /bin/sh: line 177: //che/terminal/che-websocket-terminal: No such file or directory

I guess, this is weird because ssh agent has been removed from vertx stack

@l0rd
Copy link
Contributor Author

l0rd commented Mar 20, 2017 via email

@ibuziuk
Copy link
Member

ibuziuk commented Mar 20, 2017

@l0rd than everything is expected I suppose

@l0rd l0rd merged commit 54c1b89 into eclipse-che:openshift-connector Mar 20, 2017
@JamesDrummond JamesDrummond added this to the 5.6.0 milestone Mar 30, 2017
@JamesDrummond JamesDrummond mentioned this pull request Apr 2, 2017
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibuziuk ibuziuk ibuziuk approved these changes

@amisevsk amisevsk Awaiting requested review from amisevsk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.6.0
Development

Successfully merging this pull request may close these issues.
4 participants
@l0rd @codenvy-ci @ibuziuk @JamesDrummond