Giter Club home page Giter Club logo

ironic-ipa-downloader's People

Contributors

derekhiggins avatar dhellmann avatar dtantsur avatar e-minguez avatar elfosardo avatar fmuyassarov avatar imain avatar juliakreger avatar kirankt avatar metal3-io-bot avatar mquhuy avatar nymanrobin avatar rozzii avatar russellb avatar stbenjam avatar tuminoid avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

imain openshift elfosardo stbenjam dhellmann hardys yrobla akraino-icn nasirkamal devopstoday11 aboroufar lorbuschris dtantsur honza nordix snehachavan50 iurygregory matthewei sathieu

ironic-ipa-downloader's Issues

reproducible builds

The way this container works is by downloading the latest/greatest ironic-python-agent from the upstream repo; this occurs any time the ironic deployment in kubernetes restarts and the init-container runs.

The effects of this are

  1. production systems are pulling/executing untrusted code from the internet at run-time without: scanning, code-reviews, etc
  2. each time new code is pulled at runtime, compatibility issues can arise.

Integration tests are not testing the changes on the PR but pulling IPA downloader image from remote registry

Currently, the integration tests in the metal3 ironic-ipa-downloader repository are not effectively testing the changes made in the pull request (PR). Instead of using the locally built and pushed image from the local registry, the tests are pulling the IPA downloader image from a remote registry.

In the metal3-dev-env repository, the 02_configure_host.sh script (located at link) runs the IPA downloader, but the ${IPA_DOWNLOADER_IMAGE} variable is set to a remote image instead of utilizing the locally built image.

Additionally, the locally built image is tagged as tested_repo:latest, which requires fixing.

Any other information:
N/A

permission denied errors in download containers

The way we download temp file to /tmp and then move to a shared volume in the downloader containers can sometimes (i'm not sure of the exact conditions) result in unreadable files in the storage volume due to the wrong selinux context being set.

e.g.

+ '[' -n http://172.22.0.1/images -a '!' -e ironic-python-agent.tar.headers ']'
+ curl --fail -O http://172.22.0.1/images/ironic-python-agent.tar.headers
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Warning: Failed to create the file ironic-python-agent.tar.headers: Permission 
Warning: 
100   267  100   267    0
curl: (23) Failed writing body (0 != 267)

[root@localhost images]# ls -ld .  * */* -Z                                                                                                                                                                        
drwxr-xr-x. 7 root root system_u:object_r:container_file_t:s0                 212 Aug 22 14:41 .
drwxr-xr-x. 2 root root system_u:object_r:container_file_t:s0:c702,c989       147 Aug 22 14:09 ironic-python-agent-1235e000-590805b540580
-rw-rw-r--. 1 core core system_u:object_r:container_file_t:s0:c702,c989 298860784 Aug 19 23:03 ironic-python-agent-1235e000-590805b540580/ironic-python-agent.initramfs
-rwxr-xr-x. 1 core core system_u:object_r:container_file_t:s0:c702,c989   6648000 Aug 19 23:03 ironic-python-agent-1235e000-590805b540580/ironic-python-agent.kernel
-rw-r--r--. 1 root root system_u:object_r:container_file_t:s0:c702,c989 305520640 Aug 22 14:09 ironic-python-agent-1235e000-590805b540580/ironic-python-agent.tar
-rw-r--r--. 1 root root system_u:object_r:container_file_t:s0:c702,c989       267 Aug 22 14:09 ironic-python-agent-1235e000-590805b540580/ironic-python-agent.tar.headers
lrwxrwxrwx. 1 root root system_u:object_r:container_file_t:s0                  72 Aug 22 14:09 ironic-python-agent.initramfs -> ironic-python-agent-1235e000-590805b540580/ironic-python-agent.initramfs
lrwxrwxrwx. 1 root root system_u:object_r:container_file_t:s0                  69 Aug 22 14:09 ironic-python-agent.kernel -> ironic-python-agent-1235e000-590805b540580/ironic-python-agent.kernel
lrwxrwxrwx. 1 root root system_u:object_r:container_file_t:s0                  74 Aug 22 14:09 ironic-python-agent.tar.headers -> ironic-python-agent-1235e000-590805b540580/ironic-python-agent.tar.headers

Using a tmpdir inside the volume should solve the problem

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.