Bug 1316216
| Summary: | Logging is not restricted to to current owner/group of a namespace | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Wesley Hearn <whearn> |
| Component: | Logging | Assignee: | ewolinet |
| Status: | CLOSED ERRATA | QA Contact: | chunchen <chunchen> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.1.0 | CC: | agrimm, aos-bugs, chunchen, ewolinet, qitang, rmeggins, tdawson, wsun, xiazhao |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-05-11 08:25:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1303130, 1316267 | ||
|
Description
Wesley Hearn
2016-03-09 17:10:35 UTC
Just a note, I linked the CVE bug for this here and made 1303130 depend on the CVE bug as well so you can easily track this. Tried to run the Deployer with 3.1.1.10, get this error: # docker run brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/logging-deployment:3.1.1-10 -i -t /bin/bash exec: "./run.sh": permission denied Error response from daemon: Cannot start container d4cc231345784c5abe12597aa59b777209cc5b9c8fafd62afac0c7d65d75a350: [8] System error: exec: "./run.sh": permission denied This issue repro with deployer image 3.1.1-9, and 3.1.1-8 image is good: #docker run brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/logging-deployment:3.1.1-8 -i -t /bin/bash + dir=/etc/deploy + image_prefix=openshift/ + image_version=latest + hostname=kibana.example.com + ops_hostname=kibana-ops.example.com ... Filed new issue https://bugzilla.redhat.com/show_bug.cgi?id=1321258. I will continue working on this after it is resolved. Encountered a new blocker https://bugzilla.redhat.com/show_bug.cgi?id=1321855 when verifying this with the latest logging images.Have to continue the work here after this got addressed. Today I turned back to work with brew images on OSE 3.1, and reopened https://bugzilla.redhat.com/show_bug.cgi?id=1322245. This issue is currently blocked by here. The bug id=1324357 is not a blocker now, tried with below latest logging images,the issue is fixed, so mark it as verified: logging-deployment 3.1.1-12 1889baecfc21 logging-fluentd 3.1.1-9 6a4bfd80f3eb logging-elasticsearch 3.1.1-9 c0901c52554b logging-kibana 3.1.1-7 3ce38d905617 logging-auth-proxy latest 3d6792a3aeed *** Bug 1326574 has been marked as a duplicate of this bug. *** We needed to rebuild logging-deployment, logging-fluentd, and logging-elasticsearch for security updates and they weren't originally built with signed packages. Can you please retest these images openshift3/logging-deployment:3.1.1-16 openshift3/logging-elasticsearch:3.1.1-10 openshift3/logging-fluentd:3.1.1-10 You should be able to use "latest" for everything else. Logs got shown on Kibana UI now and passed issue verification. Set to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1023 |