github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 18:18:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add missing permissions to the Linstor plunger. (#693)

Browse Source 
The Linstor satellite creates problems with admin privileges, so the
plunger needs the same privileges to fix those problems.

Also, use the native `losetup`. The Linstor image has a wrapper with an
additional function that we do not need here.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Refactor**
- Improved the management of unused loop devices with clearer feedback
and refined error handling.
  
- **New Features**
- Enhanced container configuration by adding elevated system
permissions, allowing the container to perform higher-level operations.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
xy2
2025-03-12 17:28:04 +03:00
committed by GitHub
parent 0e10f95293
commit 423514b338
2 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
packages/system/linstor/hack/plunger/plunger-satellite.sh
View File

@@ -21,16 +21,16 @@ while true; do
# Detect orphaned loop devices and detach them
# the `/` path could not be a backing file for a loop device, so it's a good indicator of a stuck loop device
# TODO describe the issue in more detail
losetup --json \
| jq -r '.[][]
| select(."back-file" == "/ (deleted)")
| "echo Detaching stuck loop device \(.name);
set -x;
losetup --detach \(.name)"' \
| sh
# Using the direct /usr/sbin/losetup as the linstor-satellite image has own wrapper in /usr/local
stale_loopbacks=$(/usr/sbin/losetup --json | jq -r '.[][] | select(."back-file" == "/ (deleted)").name')
for stale_device in $stale_loopbacks; do (
echo "Detaching stuck loop device ${stale_device}"
set -x
/usr/sbin/losetup --detach "${stale_device}"
); done
# Detect secondary volumes that lost connection and can be simply reconnected
disconnected_secondaries=$(drbdadm status | awk '/pvc-.*role:Secondary.*force-io-failures:yes/ {print $1}')
disconnected_secondaries=$(drbdadm status 2>/dev/null | awk '/pvc-.*role:Secondary.*force-io-failures:yes/ {print $1}')
for secondary in $disconnected_secondaries; do (
echo "Trying to reconnect secondary volume ${secondary}"
set -x

4
packages/system/linstor/templates/satellites-plunger.yaml
View File

@@ -16,8 +16,12 @@ spec:
- "/scripts/plunger-satellite.sh"
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_ADMIN
drop:
- ALL
privileged: true
# make some room for live debugging
readOnlyRootFilesystem: false
volumeMounts: