Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

specify required permissions on quay configuration files (PROJQUAY-6517) #137

Merged
merged 1 commit into from
Dec 13, 2023
Merged

specify required permissions on quay configuration files (PROJQUAY-6517) #137

merged 1 commit into from
Dec 13, 2023

Conversation

BadgerOps
Copy link
Contributor

@BadgerOps BadgerOps commented Nov 4, 2023
edited
Loading

As mentioned in #136 with a hardened RHEL 8 instance with global umask of 0077 the mirror-registry fails to install, due to the quay pod not being able to access the {{ quay_root }}/quay-config directory.

This PR adds explicit mode for the directory and config.yaml to allow a successful offline quay install with mirror-registry on a hardened environment.

@BadgerOps
Copy link
Contributor Author

Any thoughts @HammerMeetNail or @jonathankingfc ?

Sorry to tag y'all directly, but with no contributing.md I'm not sure if I'm missing any steps, and would love to get either this merged, or a better path forward for ourselves & others affected by this issue. (#136)

@HammerMeetNail HammerMeetNail added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Dec 1, 2023
@HammerMeetNail
Copy link
Contributor

@BadgerOps Thanks for the PR, I just triggered CI. When you get a moment, can you rebase the branch?

@HammerMeetNail
Copy link
Contributor

Actually, ignore that request, I was able to do it without any conflicts.

@HammerMeetNail HammerMeetNail added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Dec 1, 2023
@BadgerOps
Copy link
Contributor Author

Thanks for jumping on this @HammerMeetNail ! Happy to help the next person who's working in a fun environment 🤣

@HammerMeetNail
Copy link
Contributor

Hey, yeah, we talked about this today. I believe @harishsurf will be picking this up and reviewing.

harishsurf
harishsurf approved these changes Dec 12, 2023
View reviewed changes
Copy link
Contributor

@harishsurf harishsurf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@harishsurf harishsurf changed the title specify required permissions on quay configuration files specify required permissions on quay configuration files (PROJQUAY-6517) Dec 12, 2023
@harishsurf
Copy link
Contributor

/retest

@harishsurf harishsurf added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Dec 13, 2023
@harishsurf harishsurf merged commit d8e5bb8 into quay:main Dec 13, 2023
8 checks passed
@BadgerOps BadgerOps mentioned this pull request Dec 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harishsurf harishsurf harishsurf approved these changes

Assignees
No one assigned
Labels
ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@BadgerOps @HammerMeetNail @harishsurf