Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Copy JMX related files instead of moving to support jmx on k8s #5045

Merged
merged 1 commit into from
Jan 13, 2021
Merged

Copy JMX related files instead of moving to support jmx on k8s #5045

merged 1 commit into from
Jan 13, 2021

Conversation

upgle
Copy link
Member

@upgle upgle commented Jan 13, 2021

Description

JMX related auth files are mounted as a read-only mode by k8s secret.
(configMap and secrets volumeMount are always read-only by k8s.)

So, It can't use the mv command in the copyJMXFiles.sh script.

I'll open a new subsequent PR at the apache/openwhisk-deploy-kube repository for supporting JMX on the k8s environment

Related issue and scope

No issues

My changes affect the following components

  • Deployment

Types of changes

  • Enhancement or new feature (adds new functionality).

Checklist:

  • I signed an Apache CLA.
  • I reviewed the style guides and followed the recommendations (Travis CI will check :).
  • I added tests to cover my changes.
  • My changes require further changes to the documentation.
  • I updated the documentation where necessary.

upgle
upgle commented Jan 13, 2021
View reviewed changes
common/scala/copyJMXFiles.sh
# JMX auth files would be mounted as a symbolic link (read-only mode)
# with `root` privileges by the k8s secret.
cp -rL /conf/jmxremote.* /home/owuser
rm -f /conf/jmxremote.* 2>/dev/null || true
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note. The files can not be removed in the k8s because it's read-only mounted, so I hide the message and returns true. But in the default (Bare-metal, VM..) environment, the file can be removed.

bash-4.4$ rm -f jmxremote.*
rm: can't remove 'jmxremote.access': Resource busy
rm: can't remove 'jmxremote.password': Resource busy

common/scala/copyJMXFiles.sh
cp -rL /conf/jmxremote.* /home/owuser
rm -f /conf/jmxremote.* 2>/dev/null || true

# The owner must be `owuser` and the file only have read permission.
chmod 600 /home/owuser/jmxremote.*
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note. The mounted files (/conf/jmxremote.*) cannot be used directly, it's limitation of JMX.

If the auth file has permissions other than read, the following error occurs:
"Password file read access must be restricted"

@rabbah rabbah merged commit 6254477 into apache:master Jan 13, 2021
@upgle upgle mentioned this pull request Jan 14, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rabbah rabbah rabbah approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@upgle @rabbah