External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-10 02:47:38 -02:30
Code Issues Packages Projects Releases Wiki Activity

Revert "Drop linux capabilities and rework users/groups"

Browse Source
This commit is contained in:
Matthew Mosesohn
2017-02-06 15:58:54 +03:00
committed by GitHub
parent b7bf502e02
commit fd30131dc2
48 changed files with 81 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/etcd/templates/etcd-docker.service.j2
View File

@@ -14,12 +14,8 @@ ExecStart={{ docker_bin_dir }}/docker run --restart=on-failure:5 \
-v /etc/ssl/certs:/etc/ssl/certs:ro \
-v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
-v /var/lib/etcd:/var/lib/etcd:rw \
{% for c in etcd_drop_cap %}
--cap-drop={{ c }} \
{% endfor %}
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
--name={{ etcd_member_name | default("etcd") }} \
-u {{ etcd_user_id }}:{{ etcd_group_id }} --group-add {{ etcd_cert_group_id }} \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
{% if etcd_after_v3 %}
{{ etcd_container_bin_dir }}etcd

8
roles/etcd/templates/etcd-rkt.service.j2
View File

@@ -8,9 +8,6 @@ Restart=on-failure
RestartSec=10s
TimeoutStartSec=0
LimitNOFILE=40000
User=root
Group={{ etcd_group_id }}
SupplementaryGroups={{ etcd_cert_group_id }}
ExecStart=/usr/bin/rkt run \
--uuid-file-save=/var/run/etcd.uuid \
@@ -23,11 +20,6 @@ ExecStart=/usr/bin/rkt run \
--set-env-file=/etc/etcd.env \
--stage1-from-dir=stage1-fly.aci \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
{% for c in etcd_drop_cap %}
--caps-remove=CAP_{{ c.upper() }} \
{% endfor %}
--memory={{ etcd_memory_limit }} --cpu={{ etcd_cpu_limit }} \
--user={{ etcd_user_id }} --group={{ etcd_group_id }} \
--name={{ etcd_member_name | default("etcd") }}
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/etcd.uuid