Skip to content
This repository has been archived by the owner on Feb 24, 2020. It is now read-only.

rkt, config: Add loading configuration from user directory #1981

Merged
merged 4 commits into from
Jan 21, 2016
Merged

rkt, config: Add loading configuration from user directory #1981

merged 4 commits into from
Jan 21, 2016

Conversation

krnowak
Copy link
Collaborator

@krnowak krnowak commented Jan 15, 2016

Fixes #1568.

This is rather a complete fix code-wise, though untested. Still need to update the documentation where necessary and probably add some functional tests.

@alban
Copy link
Member

alban commented Jan 15, 2016

  • tests
  • documentation
  • changelog

Do we have a test that fetch images from several different users? E.g. 1 image fetched by 1 user, and deleted by another user, etc.

@krnowak
Copy link
Collaborator Author

krnowak commented Jan 18, 2016

The local configuration directory path is passed down to stage1. Should user config be passed there as well? This would allow us to override networking configuration. Not sure about the overriding semantics, that would be up to the stage1 implementation to decide I guess.

@krnowak krnowak force-pushed the krnowak/user-config branch from 12d4ae8 to 3b597fa Compare January 18, 2016 15:11
@alban alban added this to the v0.16.0 milestone Jan 18, 2016
@alban
Copy link
Member

alban commented Jan 18, 2016

Non-root users can run rkt fetch but not rkt run so they cannot do anything with stage1. So I don't think stage1 needs to have access to user config.

@jonboulle
Copy link
Contributor

So I don't think stage1 needs to have access to user config.

hmm? what about for the aforementioned network example?

@krnowak
Copy link
Collaborator Author

krnowak commented Jan 19, 2016

Non-root users can run rkt fetch but not rkt run so they cannot do anything with stage1. So I don't think stage1 needs to have access to user config.

I think that the problem here is that you think of --user-config's value as a config provided by non-root user, which is not a point. It is just a name (I'd like to hear suggestions for better names, though, that would convey that it is going to override local config, like local config is overriding system config). You could use --user-config flag as a root like sudo rkt --user-config=${HOME}/test-cfg run coreos.com/etcd:v2.0.10.

@jonboulle
Copy link
Contributor

Right. We need this for #1992

@krnowak
Copy link
Collaborator Author

krnowak commented Jan 19, 2016

ping @robszumski about possible better name for the --user-config flag.

alban
alban reviewed Jan 19, 2016
View reviewed changes
CHANGELOG.md
@@ -5,6 +5,7 @@
- Explicitly allow http connections via a new 'http' option to `--insecure-options` ([#1945](https://github.com/coreos/rkt/pull/1945)). Any data and credentials will be sent in the clear.
- When using `bash`, `rkt` commands can be auto-completed ([#1955](https://github.com/coreos/rkt/pull/1955)).
- The executables given on the command line via the `--exec` parameters don't need to be absolute paths anymore ([#1953](https://github.com/coreos/rkt/pull/1953)). This change reflects an update in the appc spec since [v0.7.2](https://github.com/appc/spec/releases/tag/v0.7.2). See rkt's [rkt run --exec](https://github.com/coreos/rkt/blob/master/Documentation/subcommands/run.md#overriding-executable-to-launch) documentation.
- There is a new global flag for specifying the user configuration directory, --user-config. It overrides whatever is configured in system and local configuration directories.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • back quotes around --user-config
  • link to the pull request
  • link to the doc. "See rkt's Global Options documentation.
  • why is it useful from a user perspective? E.g. fetching as user while keeping credentials in the user directory. Or using networking plugins installed in a different directory. (Is it correct?)

@robszumski
Copy link
Contributor

--user-config sounds ok because it matches the existing flags. Ideally it would indicate that it was a directory, so something like --user-config-dir, but its fine as is.

@alban alban mentioned this pull request Jan 20, 2016
Merged
@krnowak
Copy link
Collaborator Author

krnowak commented Jan 21, 2016

Do we have a test that fetch images from several different users? E.g. 1 image fetched by 1 user, and deleted by another user, etc.

How about this test - https://github.com/coreos/rkt/blob/master/tests/rkt_non_root_test.go#L91 Is root there somehow special or can be treated as any other users in this case?

@alban
Copy link
Member

alban commented Jan 21, 2016

@krnowak ok. So the test already exists :)

@krnowak krnowak force-pushed the krnowak/user-config branch from e8f2b17 to e5a86c8 Compare January 21, 2016 11:58
@krnowak
Copy link
Collaborator Author

krnowak commented Jan 21, 2016

Updated, for now I decided not to forward the user config path to stage1. This needs a bit more work.

iaguis
iaguis reviewed Jan 21, 2016
View reviewed changes
CHANGELOG.md
@@ -6,6 +6,7 @@
- When using `bash`, `rkt` commands can be auto-completed ([#1955](https://github.com/coreos/rkt/pull/1955)).
- The executables given on the command line via the `--exec` parameters don't need to be absolute paths anymore ([#1953](https://github.com/coreos/rkt/pull/1953)). This change reflects an update in the appc spec since [v0.7.2](https://github.com/appc/spec/releases/tag/v0.7.2). See rkt's [rkt run --exec](https://github.com/coreos/rkt/blob/master/Documentation/subcommands/run.md#overriding-executable-to-launch) documentation.
- Add a `--full` flag to rkt fetch so it returns full hash of the image. ([#1976](https://github.com/coreos/rkt/pull/1976))
- There is a new global flag for specifying the user configuration directory, `--user-config`. It overrides whatever is configured in system and local configuration directories. Can be useful for specifying different credentials for fetching images without putting them in the globally visible directory like `/etc/rkt`. See rkt's [Global Options](https://github.com/coreos/rkt/blob/master/Documentation/commands.md#global-options) documentation. ([#1981](https://github.com/coreos/rkt/pull/1981))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/Can be useful/It can be useful/

s/in the globally/in a globally/

@iaguis
Copy link
Member

iaguis commented Jan 21, 2016

LGTM after the nits

@krnowak krnowak force-pushed the krnowak/user-config branch from e5a86c8 to 766743f Compare January 21, 2016 12:28
@krnowak
Copy link
Collaborator Author

krnowak commented Jan 21, 2016

About config for stage1 - #2013.

iaguis added a commit that referenced this pull request Jan 21, 2016
@iaguis
Merge pull request #1981 from kinvolk/krnowak/user-config
2808525 
rkt, config: Add loading configuration from user directory
@iaguis iaguis merged commit 2808525 into rkt:master Jan 21, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
area/configuration needs/some-changes priority/P2
Projects
None yet
Milestone
v0.16.0
Development

Successfully merging this pull request may close these issues.

Be able to provide the image pulling credentials per run
6 participants
@krnowak @alban @jonboulle @robszumski @iaguis @blixtra