Bug 1381456

Summary: oc cluster up creates directories as root user when provided --host-data-dir or --host-config-dir
Product: OpenShift Container Platform Reporter: Eduardo Minguez <eminguez>
Component: ocAssignee: Cesar Wong <cewong>
Status: CLOSED EOL QA Contact: Xingxing Xia <xxia>
Severity: low Docs Contact:
Priority: medium    
Version: unspecifiedCC: aos-bugs, cewong, jokerman, maszulik, mmccomas, pweil, ramon.gordillo
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-26 19:09:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Eduardo Minguez 2016-10-04 07:07:09 UTC
Description of problem:
When trying to up a test cluster with oc cluster up and store the config and/or data, it creates a few folders as the root user, so they cannot be deleted by the regular user that created the cluster

Version-Release number of selected component (if applicable):
latest

How reproducible:

Steps to Reproduce:
1. Download oc
2. mkdir -p ~/tmp/{config,data}
3. oc cluster up --host-data-dir=$HOME/tmp/data/ --host-config-dir=$HOME/tmp/config

Actual results:
$ ls -l ~/tmp/config/
total 8
drwxr-xr-x. 2 root root 4096 Oct  4 09:01 master
drwxr-xr-x. 2 root root 4096 Oct  4 09:01 node-192.168.1.113
$ ls -l ~/tmp/config/master/
total 312
-rw-r--r--. 1 root root   1119 Oct  4 09:01 admin.crt
-rw-------. 1 root root   1679 Oct  4 09:01 admin.key
-rw-------. 1 root root   5654 Oct  4 09:01 admin.kubeconfig
-rw-r--r--. 1 root root   1070 Oct  4 09:01 ca-bundle.crt
-rw-r--r--. 1 root root   1070 Oct  4 09:01 ca.crt
-rw-------. 1 root root   1675 Oct  4 09:01 ca.key
-rw-r--r--. 1 root root      2 Oct  4 09:01 ca.serial.txt
-rw-r--r--. 1 root root   2619 Oct  4 09:01 etcd.server.crt
-rw-------. 1 root root   1679 Oct  4 09:01 etcd.server.key
-rw-rw-r--. 1 root root   6042 Oct  4 09:01 master-config.yaml
-rw-r--r--. 1 root root   1078 Oct  4 09:01 master.etcd-client.crt
-rw-------. 1 root root   1679 Oct  4 09:01 master.etcd-client.key
-rw-r--r--. 1 root root   1135 Oct  4 09:01 master.kubelet-client.crt
-rw-------. 1 root root   1679 Oct  4 09:01 master.kubelet-client.key
-rw-r--r--. 1 root root   1086 Oct  4 09:01 master.proxy-client.crt
-rw-------. 1 root root   1679 Oct  4 09:01 master.proxy-client.key
-rw-r--r--. 1 root root   2619 Oct  4 09:01 master.server.crt
-rw-------. 1 root root   1679 Oct  4 09:01 master.server.key
-rw-r--r--. 1 root root   1123 Oct  4 09:01 openshift-master.crt
-rw-------. 1 root root   1675 Oct  4 09:01 openshift-master.key
-rw-------. 1 root root   5702 Oct  4 09:01 openshift-master.kubeconfig
-rw-r--r--. 1 root root   1131 Oct  4 09:01 openshift-registry.crt
-rw-------. 1 root root   1679 Oct  4 09:01 openshift-registry.key
-rw-------. 1 root root   5722 Oct  4 09:01 openshift-registry.kubeconfig
-rw-r--r--. 1 root root   1123 Oct  4 09:01 openshift-router.crt
-rw-------. 1 root root   1675 Oct  4 09:01 openshift-router.key
-rw-------. 1 root root   5702 Oct  4 09:01 openshift-router.kubeconfig
-rw-r--r--. 1 root root 168650 Oct  4 09:01 policy.json
-rw-------. 1 root root   1679 Oct  4 09:01 serviceaccounts.private.key
-rw-------. 1 root root    459 Oct  4 09:01 serviceaccounts.public.key
-rw-r--r--. 1 root root   1115 Oct  4 09:01 service-signer.crt
-rw-------. 1 root root   1679 Oct  4 09:01 service-signer.key

Expected results:
The folders created belong to the user

Additional info:

Comment 1 Cesar Wong 2016-10-25 17:33:13 UTC
Origin needs to run as root (and privileged). This is a limitation/requirement of the current state of origin. Because of this, even if we create the parent directories as the current user, child directories of those (especially in the data directory) will be created as root while origin runs, which means that the current user will not be able to delete them.

Comment 2 Ramon Gordillo 2016-12-07 10:52:46 UTC
From openshift documentation:

"For masters, the openshift start command accepts options that indicate that it should simply write the configuration files that it would have used, then terminate. For nodes, a configuration file can be written using the oadm create-node-config command"

So, it should be possible to run first origin for writting the config with a known user, then launch again with the configuration already written.