openstack
/
devstack-plugin-container
Code Issues Proposed changes

Fix docker group name 

devstack-plugin-container wrongfully assumes that the stack user name
is also the name of the group under which install the docker daemon.
This can cause devstack to install docker in such a way that the stack
user does not have permissions to access the docker socket, as seen in
[3].

[1] https://opendev.org/openstack/devstack-plugin-container
[2] https://github.com/openstack/devstack-plugin-container/blob/f09c5c9/devstack/lib/docker#L27
[3] https://github.com/gophercloud/gophercloud/pull/2380#issuecomment-1094295137

Closes-Bug: 1970129
Change-Id: Id5f1fa24ebb09db10f0d56e4d6b111be66869b5a
This commit is contained in:
Martin André 2022-04-24 21:38:37 +02:00
parent b323f5b71a
commit b648421624
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
devstack/lib/docker
View File

@ -24,7 +24,8 @@ set +o xtrace
DOCKER_ENGINE_SOCKET_FILE=${DOCKER_ENGINE_SOCKET_FILE:-/var/run/docker.sock}
DOCKER_ENGINE_PORT=${DOCKER_ENGINE_PORT:-2375}
DOCKER_CLUSTER_STORE=${DOCKER_CLUSTER_STORE:-}
DOCKER_GROUP=${DOCKER_GROUP:-$STACK_USER}
STACK_GROUP="$( id --group --name "$STACK_USER" )"
DOCKER_GROUP=${DOCKER_GROUP:-$STACK_GROUP}
DOCKER_CGROUP_DRIVER=${DOCKER_CGROUP_DRIVER:-}
# TODO(hongbin): deprecate and remove clear container
ENABLE_CLEAR_CONTAINER=$(trueorfalse False ENABLE_CLEAR_CONTAINER)