rpms / sos

Clone
Source Code
GIT

Blame SOURCES/sos-bz2130922-collect-ocp412.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c9 c9-beta
  1.   3917fd9444bdddda56c7ad047f3c14ad28f5ee85
  2.   SOURCES
  3.   sos-bz2130922-collect-ocp412.patch
Blob History Raw
3917fd 
From 765f5f283bdb4747b0069f2f5d3381134b4b9a95 Mon Sep 17 00:00:00 2001
3917fd 
From: Jake Hunsaker <jhunsake@redhat.com>
3917fd 
Date: Thu, 15 Sep 2022 12:36:42 -0400
3917fd 
Subject: [PATCH] [ocp] Add newly required labels to temp OCP namespace
3917fd
3917fd 
Newer OCP versions have a more restrictive default deployment
3917fd 
configuration. As such, add the required labels to the temporary
3917fd 
namespace/project we use for collections.
3917fd
3917fd 
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
3917fd 
---
3917fd 
 sos/collector/clusters/ocp.py | 23 ++++++++++++++++++++++-
3917fd 
 1 file changed, 22 insertions(+), 1 deletion(-)
3917fd
3917fd 
diff --git a/sos/collector/clusters/ocp.py b/sos/collector/clusters/ocp.py
3917fd 
index 06301536f..92c4e04a2 100644
3917fd 
--- a/sos/collector/clusters/ocp.py
3917fd 
+++ b/sos/collector/clusters/ocp.py
3917fd 
@@ -142,12 +142,32 @@ def setup(self):
3917fd 
             self.fmt_oc_cmd("new-project %s" % self.project)
3917fd 
         )
3917fd 
         if ret['status'] == 0:
3917fd 
+            self._label_sos_project()
3917fd 
             return True
3917fd
3917fd 
         self.log_debug("Failed to create project: %s" % ret['output'])
3917fd 
         raise Exception("Failed to create temporary project for collection. "
3917fd 
                         "\nAborting...")
3917fd
3917fd 
+    def _label_sos_project(self):
3917fd 
+        """Add pertinent labels to the temporary project we've created so that
3917fd 
+        our privileged containers can properly run.
3917fd 
+        """
3917fd 
+        labels = [
3917fd 
+            "security.openshift.io/scc.podSecurityLabelSync=false",
3917fd 
+            "pod-security.kubernetes.io/enforce=privileged"
3917fd 
+        ]
3917fd 
+        for label in labels:
3917fd 
+            ret = self.exec_primary_cmd(
3917fd 
+                self.fmt_oc_cmd(
3917fd 
+                    f"label namespace {self.project} {label} --overwrite"
3917fd 
+                )
3917fd 
+            )
3917fd 
+            if not ret['status'] == 0:
3917fd 
+                raise Exception(
3917fd 
+                    f"Error applying namespace labels: {ret['output']}"
3917fd 
+                )
3917fd 
+
3917fd 
     def cleanup(self):
3917fd 
         """Remove the project we created to execute within
3917fd 
         """
3917fd 
@@ -231,8 +251,9 @@ def get_nodes(self):
3917fd 
             for node_name, node in self.node_dict.items():
3917fd 
                 if roles:
3917fd 
                     for role in roles:
3917fd 
-                        if role == node['roles']:
3917fd 
+                        if role in node['roles']:
3917fd 
                             nodes.append(node_name)
3917fd 
+                            break
3917fd 
                 else:
3917fd 
                     nodes.append(node_name)
3917fd 
         else:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation