From: Sebastian Wagner <sewagner@redhat.com>
Date: Tue, 20 Jul 2021 14:09:57 +0000 (+0200)
Subject: cephadm: haproxy 2.4 defaults to a different container user.
X-Git-Tag: v16.2.6~54^2~38
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=00f7df9bada9ad839c0bd99f64bfd55238e34fa5;p=ceph.git

cephadm: haproxy 2.4 defaults to a different container user.

Another alternative would be to investigage a different setup
leverageing `--sysctl net.ipv4.ip_unprivileged_port_start=0`,
but that would be a larger PR.

Fixes: https://tracker.ceph.com/issues/51355

Signed-off-by: Sebastian Wagner <sewagner@redhat.com>
(cherry picked from commit 250064bdcbe778b3cc245df843d14dd19cbb8772)
---

diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index f4c3e756109e..90fa552eb6c2 100755
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -2468,6 +2468,7 @@ def get_container(ctx: CephadmContext,
         envs.extend(NFSGanesha.get_container_envs())
     elif daemon_type == HAproxy.daemon_type:
         name = '%s.%s' % (daemon_type, daemon_id)
+        container_args.extend(['--user=root'])  # haproxy 2.4 defaults to a different user
     elif daemon_type == Keepalived.daemon_type:
         name = '%s.%s' % (daemon_type, daemon_id)
         envs.extend(Keepalived.get_container_envs())