aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRodolfo Alonso Hernandez <rodolfo.alonso.hernandez@intel.com>2018-05-04 08:44:56 +0100
committerRodolfo Alonso Hernandez <rodolfo.alonso.hernandez@intel.com>2018-05-09 17:47:18 +0100
commit88ae51b812da8547a6be0a67b31f72c230f5b9fe (patch)
treed83fe7486f63bcd1da481c092070e303ad50475c
parent6458b5ec9ea5bdac5b60f2edde8decefae16422f (diff)
Avoid "volumeMounts" with "configMap" fixed permissions
To access to the container without using a password, the jumphost RSA public key is copied to each container, using "volumeMounts" defined as "configMap", to /root/.ssh/authorized_keys. To work properly, the following permissions must be set: - /root/.ssh: 700 - /root/.ssh/authorized_keys: 600 Because of [1][2], the mounted folders have fixed permissions and cannot be modified. [1]https://groups.google.com/forum/#!topic/kubernetes-dev/eTnfMJSqmaM [2]https://github.com/kubernetes/kubernetes/issues/28317 JIRA: YARDSTICK-1149 Change-Id: I821064da56699c5b4f509d233c33e55af119fd56 Signed-off-by: Rodolfo Alonso Hernandez <rodolfo.alonso.hernandez@intel.com>
-rw-r--r--tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml8
-rw-r--r--tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml4
-rw-r--r--yardstick/orchestrator/kubernetes.py2
-rw-r--r--yardstick/tests/unit/orchestrator/test_kubernetes.py2
4 files changed, 11 insertions, 5 deletions
diff --git a/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml b/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml
index 0da296297..5fe902419 100644
--- a/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml
+++ b/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml
@@ -40,8 +40,12 @@ context:
host:
image: openretriever/yardstick
command: /bin/bash
- args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done']
+ args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.;
+ chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;
+ while true ; do sleep 10000; done']
target:
image: openretriever/yardstick
command: /bin/bash
- args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done']
+ args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.;
+ chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;
+ while true ; do sleep 10000; done']
diff --git a/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml b/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml
index fc7eb006c..fc6496bad 100644
--- a/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml
+++ b/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml
@@ -42,7 +42,9 @@ contexts:
host:
image: openretriever/yardstick
command: /bin/bash
- args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done']
+ args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.;
+ chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;
+ while true ; do sleep 10000; done']
-
type: Heat
name: openstack
diff --git a/yardstick/orchestrator/kubernetes.py b/yardstick/orchestrator/kubernetes.py
index 198eeac6d..ac3a09ed1 100644
--- a/yardstick/orchestrator/kubernetes.py
+++ b/yardstick/orchestrator/kubernetes.py
@@ -74,7 +74,7 @@ class KubernetesObject(object):
def _add_container(self):
container_name = '{}-container'.format(self.name)
- ssh_key_mount_path = "/root/.ssh/"
+ ssh_key_mount_path = '/tmp/.ssh/'
container = {
"args": self.args,
diff --git a/yardstick/tests/unit/orchestrator/test_kubernetes.py b/yardstick/tests/unit/orchestrator/test_kubernetes.py
index f2bc5b0f4..58971f515 100644
--- a/yardstick/tests/unit/orchestrator/test_kubernetes.py
+++ b/yardstick/tests/unit/orchestrator/test_kubernetes.py
@@ -47,7 +47,7 @@ service ssh restart;while true ; do sleep 10000; done"
"name": "host-k8s-86096c30-container",
"volumeMounts": [
{
- "mountPath": "/root/.ssh/",
+ "mountPath": "/tmp/.ssh/",
"name": "k8s-86096c30-key"
}
]