-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Agent owns its directories #3084
Conversation
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
Pinging @elastic/elastic-agent (Team:Elastic-Agent) |
This pull request does not have a backport label. Could you fix it @michalpristas? 🙏
NOTE: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
RUN groupadd --gid 1000 {{ .BeatName }} && \ | ||
useradd -M --uid 1000 --gid 1000 --groups 0 --home {{ $beatHome }} {{ .user }} && \ | ||
chown -R {{ .user }}:{{ .user }} {{ $beatHome }} && \ | ||
true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you need a && true
at the end ? 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
convention & readability, easier to add other commands later without messing with && \
at the end
easier to combine with if statements used in a template
🌐 Coverage report
|
/test |
buildkite test it |
/test |
@michalpristas
|
first one is needed because beats have a check to see that only root can change the config, some security measure. second one is needed because without it npm install and check for synthetics fails. i tried to work around it but i was not successful. there's an npm install command with || option to check |
/package |
@michalpristas |
This reverts commit c79ee5f.
)" This reverts commit 1bf9027.
What this change is introducing on top of bringing back work introduced in #3084 is change of ordrer for some operations. Changing owner of a file, discards capabilities set. This becomes a problem with heartbeat as it needs setuid and netraw capabilities to perform properly. So setting capabilities was moved after chown.
What this change is introducing on top of bringing back work introduced in #3084 is change of ordrer for some operations. Changing owner of a file, discards capabilities set. This becomes a problem with heartbeat as it needs setuid and netraw capabilities to perform properly. So setting capabilities was moved after chown. (cherry picked from commit fa357a8)
…#3614) What this change is introducing on top of bringing back work introduced in #3084 is change of ordrer for some operations. Changing owner of a file, discards capabilities set. This becomes a problem with heartbeat as it needs setuid and netraw capabilities to perform properly. So setting capabilities was moved after chown. (cherry picked from commit fa357a8) Co-authored-by: Michal Pristas <[email protected]>
What does this PR do?
This changes owner of agent directories. Tested locally and on azure container instances, seems to work.
Why is it important?
Containers running on Azure Container Instances refuse to read config.
Checklist
./changelog/fragments
using the changelog toolHow to test
Closes: #82