(fix) Fix crashloop on chown

- Currently the start.sh script is crashlooping because it is attempting to chown files and failing due to a read-only filesystem. Rather than mounting the files in place directly, they can be copied in the container and permissions and ownership set. Change-Id: I1da93dd7c177c027457c640a4254357f29c97a5b
2018-06-12 12:20:09 -05:00 · 2018-06-12 12:20:09 -05:00 · 8805637db5
commit 8805637db5
parent eb73ba58b5
2 changed files with 11 additions and 3 deletions
--- a/charts/maas/templates/bin/_start.sh.tpl
+++ b/charts/maas/templates/bin/_start.sh.tpl
@ -19,10 +19,18 @@ set -ex
 # show env
 env > /tmp/env

-if [[ -d ~maas/.ssh ]]
+# MAAS must be able to ssh to libvirt hypervisors
+# to control VMs
+
+if [[ -d ~maas/keys ]]
 then
+  mkdir -p ~maas/.ssh
+  cp ~maas/keys/* ~maas/.ssh/
  chown -R maas:maas ~maas/.ssh
+  chmod 700 ~maas/.ssh
+  chmod 600 ~maas/.ssh/*
 fi
+
 chsh -s /bin/bash maas

 exec /bin/systemd --system
--- a/charts/maas/templates/deployment-rack.yaml
+++ b/charts/maas/templates/deployment-rack.yaml
@ -89,10 +89,10 @@ spec:
              readOnly: true
 {{- if .Values.manifests.secret_ssh_key }}
            - name: maas-ssh
-              mountPath: /var/lib/maas/.ssh
+              mountPath: /var/lib/maas/keys
            - name: priv-key
              subPath: PRIVATE_KEY
-              mountPath: /var/lib/maas/.ssh/id_rsa
+              mountPath: /var/lib/maas/keys/id_rsa
 {{- end }}
 {{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
      volumes: