Bug 1264699 - kubernetes do not respect tpmfiles.d policy
kubernetes do not respect tpmfiles.d policy
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: kubernetes (Show other bugs)
22
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Chaloupka
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-20 17:02 EDT by M. Scherer
Modified: 2016-07-13 20:24 EDT (History)
7 users (show)

See Also:
Fixed In Version: kubernetes-1.2.0-0.24.git4a3f9c5.fc24 kubernetes-1.2.0-0.24.git4a3f9c5.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-10 01:57:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Add /run ownership in the specfile (1.12 KB, patch)
2015-09-20 17:03 EDT, M. Scherer
no flags Details | Diff

  None (edit)
Description M. Scherer 2015-09-20 17:02:28 EDT
Description of problem:
/run/kubernetes is listed as unowned. 

]
That's against policy:
https://fedoraproject.org/wiki/Packaging:Tmpfiles.d

Version-Release number of selected component (if applicable):
kubernetes-1.1.0-0.5.gite44c8e6.fc22.x86_64


How reproducible:
each time

Steps to Reproduce:
1. install kubernetes
2. verify with rpm -qf 


Actual results:
# rpm -qf /run/kubernetes/
file /run/kubernetes is not owned by any package


Expected results:
file is owned, and with the right permission.

Additional info:

This also mean that something create /run/kubernetes/ owned as root:root, which prevent kubernetes-apiserver from starting:

Sep 20 14:01:15 gluster2 kube-apiserver[17759]: E0920 14:01:15.230961   17759 server.go:485] Unable to listen for secure (open /var/run/kubernetes/apiserver.crt: no such file or directory); will try again.


And likely linked to http://ask.projectatomic.io/en/question/199/missing-apiservercrt-unable-to-listen-for-secure/

Here is a trivial patch to add that.
Comment 1 M. Scherer 2015-09-20 17:03 EDT
Created attachment 1075354 [details]
Add /run ownership in the specfile
Comment 2 Jan Chaloupka 2015-09-23 04:13:25 EDT
Thanks for that.
Comment 3 Jan Chaloupka 2016-06-28 09:08:27 EDT
Installing the latest kubernetes built in rawhide I can see only files generated by kubelet:

ls /run/kubernetes/
kubelet.crt  kubelet.key
Comment 4 Jan Chaloupka 2016-06-28 09:28:41 EDT
kube-apiserver needs the directory as well (--cert-dir="/var/run/kubernetes") [1].

As kube-apiserver service is run under kube user and kubelet can be installed on the same host, the owner of the directory must be kube. Contrib is already covering that [2]. So, only the ownership of the directory is really missing.

[1] http://kubernetes.io/docs/admin/kube-apiserver/
[2] https://github.com/kubernetes/contrib/blob/master/init/systemd/tmpfiles.d/kubernetes.conf
Comment 5 Fedora Update System 2016-06-28 11:29:53 EDT
kubernetes-1.2.0-0.23.git4a3f9c5.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-34357c1671
Comment 6 Fedora Update System 2016-06-28 11:30:41 EDT
kubernetes-1.2.0-0.23.git4a3f9c5.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-38a8c6915d
Comment 7 Fedora Update System 2016-06-29 06:45:23 EDT
kubernetes-1.2.0-0.24.git4a3f9c5.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f612484f9e
Comment 8 Fedora Update System 2016-06-29 06:45:53 EDT
kubernetes-1.2.0-0.24.git4a3f9c5.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-223c8e5da7
Comment 9 Fedora Update System 2016-06-30 18:27:09 EDT
kubernetes-1.2.0-0.24.git4a3f9c5.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-223c8e5da7
Comment 10 Fedora Update System 2016-06-30 18:54:42 EDT
kubernetes-1.2.0-0.24.git4a3f9c5.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f612484f9e
Comment 11 Fedora Update System 2016-07-10 01:57:16 EDT
kubernetes-1.2.0-0.24.git4a3f9c5.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2016-07-13 20:24:47 EDT
kubernetes-1.2.0-0.24.git4a3f9c5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.