From 953edb870ee67d9f8f39307e5cb401ef8bd0348c Mon Sep 17 00:00:00 2001 From: "ya.wang" Date: Mon, 20 Apr 2020 10:36:59 +0800 Subject: [PATCH] Fix that cyborg agent failed to start privsep daemon. Add privileged capability to cyborg agent. Change-Id: Id237df1acb1b44c4e6442b39838058be1a95fcc6 Closes-bug: #1873715 --- ansible/roles/cyborg/defaults/main.yml | 1 + ansible/roles/cyborg/handlers/main.yml | 3 +++ ansible/roles/cyborg/tasks/check-containers.yml | 1 + ...vileged-capability-to-cyborg-agent-14db36a5818847d1.yaml | 6 ++++++ 4 files changed, 11 insertions(+) create mode 100644 releasenotes/notes/add-privileged-capability-to-cyborg-agent-14db36a5818847d1.yaml diff --git a/ansible/roles/cyborg/defaults/main.yml b/ansible/roles/cyborg/defaults/main.yml index fb47ede602..8123db3339 100644 --- a/ansible/roles/cyborg/defaults/main.yml +++ b/ansible/roles/cyborg/defaults/main.yml @@ -13,6 +13,7 @@ cyborg_services: container_name: cyborg_agent group: cyborg-agent enabled: true + privileged: true image: "{{ cyborg_agent_image_full }}" volumes: "{{ cyborg_agent_default_volumes + cyborg_agent_extra_volumes }}" dimensions: "{{ cyborg_agent_dimensions }}" diff --git a/ansible/roles/cyborg/handlers/main.yml b/ansible/roles/cyborg/handlers/main.yml index a888384be2..2fb5083357 100644 --- a/ansible/roles/cyborg/handlers/main.yml +++ b/ansible/roles/cyborg/handlers/main.yml @@ -9,6 +9,7 @@ common_options: "{{ docker_common_options }}" name: "{{ service.container_name }}" image: "{{ service.image }}" + privileged: "{{ service.privileged | default(False) }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" when: @@ -24,6 +25,7 @@ common_options: "{{ docker_common_options }}" name: "{{ service.container_name }}" image: "{{ service.image }}" + privileged: "{{ service.privileged | default(False) }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" when: @@ -39,6 +41,7 @@ common_options: "{{ docker_common_options }}" name: "{{ service.container_name }}" image: "{{ service.image }}" + privileged: "{{ service.privileged | default(False) }}" volumes: "{{ service.volumes }}" dimensions: "{{ service.dimensions }}" when: diff --git a/ansible/roles/cyborg/tasks/check-containers.yml b/ansible/roles/cyborg/tasks/check-containers.yml index 1bfae3f685..bd3b48714c 100644 --- a/ansible/roles/cyborg/tasks/check-containers.yml +++ b/ansible/roles/cyborg/tasks/check-containers.yml @@ -6,6 +6,7 @@ common_options: "{{ docker_common_options }}" name: "{{ item.value.container_name }}" image: "{{ item.value.image }}" + privileged: "{{ item.value.privileged | default(False) }}" volumes: "{{ item.value.volumes }}" dimensions: "{{ item.value.dimensions }}" when: diff --git a/releasenotes/notes/add-privileged-capability-to-cyborg-agent-14db36a5818847d1.yaml b/releasenotes/notes/add-privileged-capability-to-cyborg-agent-14db36a5818847d1.yaml new file mode 100644 index 0000000000..b1988e53b4 --- /dev/null +++ b/releasenotes/notes/add-privileged-capability-to-cyborg-agent-14db36a5818847d1.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fix that cyborg agent failed to start privsep daemon. Add privileged + capability for cyborg agent. See `bug 1873715 + `__.