Page MenuHomeDevCentral
Differential D2668

Change default Docker group for nasqueron-dev-docker
ClosedPublic
Actions

Authored by DorianWinty on Apr 14 2022, 22:34.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 17, 21:44
Unknown Object (File)
Sun, Nov 17, 21:26
Unknown Object (File)
Thu, Nov 14, 20:47
Unknown Object (File)
Fri, Nov 8, 17:32
Unknown Object (File)
Thu, Nov 7, 23:46
Unknown Object (File)
Tue, Nov 5, 23:45
Unknown Object (File)
Tue, Nov 5, 19:46
Unknown Object (File)
Sat, Nov 2, 22:50
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1724: Split Docker engines between production (docker-001) and dev (dwellers)
Commits
rOPS271340880cd2: Change default Docker group for nasqueron-dev-docker
Summary

As we provision a group nasqueron-dev-docker for Docker devserver,
we can use it for Docker too instead of the default docker one.

Security implication: members of the nasqueron-dev-docker group
has now root access on the Docker engines hosts.

Ref T1724

Test Plan

salt dwellers state.sls roles/paas-docker/docker/config has correctly
provisioned /etc/docker/daemon.json with expected configuration.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

DorianWinty requested review of this revision.Apr 14 2022, 22:34
DorianWinty created this revision.
Harbormaster completed remote builds in B4185: Diff 6743.Apr 14 2022, 22:34
dereckson edited the summary of this revision. (Show Details)Apr 15 2022, 12:52
dereckson edited the summary of this revision. (Show Details)
dereckson added a task: T1724: Split Docker engines between production (docker-001) and dev (dwellers).
dereckson added a comment.Apr 15 2022, 13:13

Looks good to me:

P304 Docker D2668 and D2669 test run
1$ salt dwellers state.sls roles/core/users test=True
2[...]
3----------
4 ID: dorianwinty
5 Function: user.present
6 Result: None
7 Comment: User dorianwinty set to be added
8 Started: 13:10:22.882113
9 Duration: 4.353 ms
10 Changes:
11[...]
12----------
13 ID: group_nasqueron-dev-docker
14 Function: group.present
15 Name: nasqueron-dev-docker
16 Result: None
17 Comment: Group nasqueron-dev-docker set to be added
18 Started: 13:10:22.899044
19 Duration: 3.884 ms
20 Changes:
21
22$ salt dwellers state.sls roles/core/users
23
24----------
25 ID: dorianwinty
26 Function: user.present
27 Result: True
28 Comment: New user dorianwinty created
29 Started: 13:11:50.644692
30 Duration: 1018.402 ms
31 Changes:
32[...]
33----------
34 ID: group_nasqueron-dev-docker
35 Function: group.present
36 Name: nasqueron-dev-docker
37 Result: True
38 Comment: New group nasqueron-dev-docker created
39 Started: 13:11:51.679170
40 Duration: 640.928 ms
41 Changes:
42 ----------
43 gid:
44 842
45 members:
46 - dereckson
47 - dorianwinty
48 - sandlayth
49 name:
50 nasqueron-dev-docker
51 passwd:
52 x
53
54# Note: it also removed self local key for /home/sandlayth/.ssh/authorized_keys

dereckson mentioned this in D2670: Update Docker socket ownership.Apr 15 2022, 17:36
dereckson edited the summary of this revision. (Show Details)Apr 15 2022, 17:55
dereckson edited the test plan for this revision. (Show Details)
dereckson accepted this revision.Apr 15 2022, 17:59
This revision is now accepted and ready to land.Apr 15 2022, 17:59
Closed by commit rOPS271340880cd2: Change default Docker group for nasqueron-dev-docker (authored by DorianWinty, committed by dereckson). · Explain WhyApr 15 2022, 19:50
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPS271340880cd2: Change default Docker group for nasqueron-dev-docker.
DorianWinty mentioned this in rOPS1abc93e26ee5: Update Docker socket ownership.Apr 19 2022, 20:37

Revision Contents
Changeset List

PathSize
pillar/
paas/
3 lines

Diff 6752

View Options

pillar/paas/docker.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator