Skip to content

Commit

Permalink
drop hardcoded openvswitch user/group definitions
Browse files Browse the repository at this point in the history
The RPM is now using systemd-sysusers fragments [1] so we can drop the
hardcoded definitions. One problem here, though, is that the hugetlbfs
group never gets added to the openswitch user [2] so let's add a
workaround for that for now.

One side effect of this is that it does change the previously defined
UID/GIDs from 800/801 to different values (dynamically generated at build
time). I assume this is OK because of some of the discussion in [1].

[1] openshift#1274 (comment)
[2] openshift#1274 (comment)
  • Loading branch information
dustymabe committed Jun 17, 2023
1 parent 1f2c0eb commit 9baecec
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 3 deletions.
2 changes: 0 additions & 2 deletions group
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,3 @@ nfsnobody:x:65534:
kube:x:994:
sshd:x:74:
chrony:x:992:
openvswitch:x:800:
hugetlbfs:x:801:
11 changes: 11 additions & 0 deletions manifest-rhel-9.2.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,17 @@ postprocess:
---
EOF
# Add the hugetlbfs group to the openvswitch user if the openvswitch-hugetlbfs.conf
# sysusers fragment exists. This is a workaround for a bug somewhere in the stack
# that we need to investigate further.
# https://github.com/openshift/os/issues/1274#issuecomment-1595860275
- |
#!/usr/bin/env bash
set -xeo pipefail
if [ -f /usr/lib/sysusers.d/openvswitch-hugetlbfs.conf ]; then
usermod -a -G hugetlbfs openvswitch
fi
# Packages that are only in RHCOS and not in SCOS or that have special
# constraints that do not apply to SCOS
packages:
Expand Down
1 change: 0 additions & 1 deletion passwd
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,3 @@ nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
kube:x:996:994:Kubernetes user:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
chrony:x:994:992::/var/lib/chrony:/sbin/nologin
openvswitch:x:800:800::/:/sbin/nologin

0 comments on commit 9baecec

Please sign in to comment.