git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Matthew Oliver <moliver@suse.com>
	Tue, 5 May 2020 06:17:06 +0000 (16:17 +1000)
committer	Matthew Oliver <moliver@suse.com>
	Tue, 5 May 2020 06:17:06 +0000 (16:17 +1000)
commit	9b7dcb894c370570bf1e16982508eadb8b0c6f32
tree	b33b3b0ea382956e3ab6074f77cb6ea544bd6f3f	tree \| snapshot
parent	d80e566c9e23c4216166c475f8b3c5e160e5314a	commit \| diff

cephadm: give ceph-iscsi permissions to configfs

The cephadm container mounts the configfs and then bind mounts (-v) it
into the container. Currently the container is not a priviliaged
container which leads to 2 problems:

1. The container can't insert the iscsi_target_mod kernel module; and
2. The container can't write to the configfs as that's only writeable
by root.

We _can_ get around 1, by preloading the kernel module. I.E add it the
systemd unit file. But that doesn't help with 2.

I've tried mounting the configfs with uid and gid options, but configfs
doesn't use them.

If we make the container a priviliged container then magically both 1
and 2 are solved. We don't need to preload the module so that's one less
workaround. But more importantly, configfs can be written to so we can
create ISCSI targets etc.

So that's what this patch does, it makes iscsi containers privileged
containers by setting the CephContainer --priviliged while creating it.

Fixes: https://tracker.ceph.com/issues/45252
Signed-off-by: Matthew Oliver <moliver@suse.com>