This patch add the USER directive to the memcached container.
It also removes the -u from the command line to launch
memcached, since it will already be run as that use.
Change-Id: I87d782a424df99fe1b5694debafa3c0c4a9aba27
Partially-Implements: blueprint drop-root
In kolla-mesos, ZK will be used for storing information about
actions done in bootstrap.
Change-Id: Id7067a493b457cf7b73eb007852df7b13f4363b3
Partially-Implements: blueprint zookeeper
This playbook runs on hosts before deployment to be sure we don't
have any conflicting services running and systems are in expected
state.
DocImpact
Change-Id: If5f288b7fbdf269697ca834da4eb969b61683ca0
Partially-implements: blueprint precheck-tasks
Drop root privileges for rabbitmq. Only the rabbitmq user
will be able to execute chown of /var/lib/rabbitmq.
Change-Id: I546e6b475a8462bfbc75972854e1fee64f96d9cb
Partially-Implements: blueprint drop-root
The USER operation affects all docker commands after it. This causes a
problem with our {{ include_footer }} implementation since commands in
that footer may require elevated permissions to perform.
In the current implementation I can no longer remove my proxy settings
once the USER has been changed.
Change-Id: I9b2bab5a15f595f6d52a46c64ddf59ba5608b938
Partially-Implements: blueprint drop-root
Drop root privileges for mariadb. This isn't perfect. If somemone
breaks out of the container and can run sudo within the contianer,
it would be possible to replace the root credentials of the database.
Any container that uses sudo suffers from some extra attack vector
related to the sudo command. That said, the sudo commands are
locked down to minimize harm.
Change-Id: I4b3573725d940bb8aa90d43a6235d8cf7d30fc64
Partially-Implements: blueprint drop-root
Atleast in a script, sudo can be made to only allow the script to
run from the mysql process in the future, versus all the proceesses
being able to be executed as root presently.
Change-Id: I030b57086e37e4dc8f668f98c04335d94ab9d2b0
Partially-Implements: blueprint drop-root
Drop root privileges for Horizon service. It is necesssary to set
a capability on the filesystem to allow binding to port 80 as a
non-root user. I have tested this works correctly from a registry
on both CentOS and Ubuntu.
Change-Id: I4c26f28bb28b6633784e6842f3423a2425332c27
Partially-Implements: blueprint drop-root
the openstack-heat-common package installs the Heat UID/GID.
This is necessary pre-work for drop-root for heat services.
Change-Id: I247b0209248de144d20f5245973833be5cd8f14f
Partially-Implements: blueprint drop-root
This change ensures commands run in the kolla-ansible container are done
as the 'ansible' user rather than root.
By default Ansible tries to write it's temporary files to $HOME/.ansible
on the target, which in most cases won't exist when run as the new user.
Hence we now supply the kolla-ansible container with an ansible.cfg, to
tweak the remote_dir option to /tmp.
Change-Id: I838a8c8cd0c7dc1aeca4d12e38c346f252170e7c
Partially-Implements: blueprint drop-root
Added support for Vagrant VirtualBox provider to
provision an Ubuntu VM to run kolla. A new
bootstrap-ubuntu.sh script has been created which
provisions the Ubuntu VM with all kolla depdencies
including docker 1.8.2, ansible 1.9.6 and python-tools
Also created vars in the Vagrantfile to define the cpu and memory settings of the
VM nodes used to run kolla
DocImpact
Change-Id: I4609d7f577e948b04663901afd0c5d1d154c8ac4
Implements: blueprint vagrant-ubuntu-support
Due to the length of the job name and the tox target we run into an
uncommon limitation; the virtualenv that tox launches is nested in a
path that is too long. This leads to and error on our longest named
job which prevents tox from running at all.
This limitation is the limit for the line length of the first line
in a shell script. See `man execve` for more info. A quote from that
manpage: 'A maximum line length of 127 characters is allowed for the
first line in a #! executable shell script.'
Change-Id: I43fba2a5ff1890d699045496c9eaee5e849f3e75
Backport: Liberty
Partially-Implements: blueprint multinode-gate
(apply same fix that we did for keystone, to horizon)
In some cases we're seeing httpd not cleaning up properly after itself,
which results in the horizon container failing to restart. This is
confirmed to happen on rpm based distros, but have not had any reports
on Ubuntu.
Change-Id: I8ece6da1a8a1180730d68be0d129a656ddcede07
Closes-Bug: #1515214
backport: liberty
Off by one error made the --retries option control the number of tries
rather than the number of retries.
Closes-Bug: #1514730
backport: Liberty
Change-Id: I976a8bb9e489d226f44926a6562d4d2af5de099c
We get an awful lot of questions about how to operate with a registry
on the IRC channel and the obvious way to fix that is to document it.
I don't know what to document about Ubuntu but if someone leaves the
appropriate commands in the review I'll be happy to update it to include
the correct operations to make the registry run on Ubuntu. Another option
is perhaps we can get Sam to write those docs once this hits the repo since
the structure will be mostly in place.
TrivialFix
Change-Id: Ib88abbaf9bd6bcabddae994157d9288aab8be2bf
This uses the grouping feature of sudo to limit the amount of times
the base sudo file has to be modified to only once. The container
contents always runs as the user root, except the software which is
controlled by Kolla. This software may run as root, but it has
undergone a security audit and preserves permissions of the correct
files and does not permit the glance user to write any of the
set_config.py control files.
Change-Id: Ie3cd23edcde5b408a8f66970456279a1b15028e0
Partially-Implements: blueprint drop-root
The reason we are doing drop root is so that a network exposed
software component (i.e. glance) cannot be used to affect the
immutability of the container which it runs in. I have tried
several different approaches and this is the only approach which
puts glance in PID=1 while ensuring no files may be written by
the glance process in the container image except for the log files.
Change-Id: Ifd3c8c361b78d0e4791dade3afa6435290407c41
Partially-Implements: blueprint drop-root
We need to create a directory to allow publishing of logs.
Change-Id: Ieeac5d236b698bedaccb8b5f0bb16f0de9df9386
Backport: Liberty
Partially-Implements: blueprint multinode-gate
The cinder-data container serves no purpose and is not actually used
past the bootstrap container and should be removed.
Additionally add the missing '---' header to the start.yml file.
TrivialFix
Related-Bug: #1513598
Related-Bug: #1513439
Change-Id: I22b630bbee954e12a4de5652b7fb068669f633c5
database_user_create was not correctly referenced when parsing the
variable names. This could never actually lead to a situation that
reported a false change, but it could break an operation if you were
using the --step option with ansible and skipped the database create
task.
TrivialFix
Backport: Liberty
Change-Id: Idf69fffcc3814f509448ccea11b7d175f074ccf1
