From 88ae51b812da8547a6be0a67b31f72c230f5b9fe Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Fri, 4 May 2018 08:44:56 +0100 Subject: Avoid "volumeMounts" with "configMap" fixed permissions To access to the container without using a password, the jumphost RSA public key is copied to each container, using "volumeMounts" defined as "configMap", to /root/.ssh/authorized_keys. To work properly, the following permissions must be set: - /root/.ssh: 700 - /root/.ssh/authorized_keys: 600 Because of [1][2], the mounted folders have fixed permissions and cannot be modified. [1]https://groups.google.com/forum/#!topic/kubernetes-dev/eTnfMJSqmaM [2]https://github.com/kubernetes/kubernetes/issues/28317 JIRA: YARDSTICK-1149 Change-Id: I821064da56699c5b4f509d233c33e55af119fd56 Signed-off-by: Rodolfo Alonso Hernandez --- tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml | 8 ++++++-- tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml | 4 +++- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'tests/opnfv/test_cases') diff --git a/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml b/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml index 0da296297..5fe902419 100644 --- a/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml +++ b/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml @@ -40,8 +40,12 @@ context: host: image: openretriever/yardstick command: /bin/bash - args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done'] + args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.; + chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart; + while true ; do sleep 10000; done'] target: image: openretriever/yardstick command: /bin/bash - args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done'] + args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.; + chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart; + while true ; do sleep 10000; done'] diff --git a/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml b/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml index fc7eb006c..fc6496bad 100644 --- a/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml +++ b/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml @@ -42,7 +42,9 @@ contexts: host: image: openretriever/yardstick command: /bin/bash - args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done'] + args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.; + chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart; + while true ; do sleep 10000; done'] - type: Heat name: openstack -- cgit 1.2.3-korg