tempo
tempo copied to clipboard
grafana
Fix local backend filesistem permissions on OpenShift
Signed-off-by: Pavol Loffay [email protected]
What this PR does:
Which issue(s) this PR fixes: Fixes #1657
Checklist
- [ ] Tests updated
- [ ] Documentation added
- [ ]
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]
so this will make /var/tempo and all subdirectories owned by the root group? will that impact existing tempo installs?
will that impact existing tempo installs?
I would assume none. They will keep using the filesystem with the permissions they had.
This PR has been automatically marked as stale because it has not had any activity in the past 60 days. The next time this stale check runs, the stale label will be removed if there is new activity. This pull request will be closed in 15 days if there is no new activity. Please apply keepalive label to exempt this Pull Request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@zalegrala could we move this PR forward? I have added a comment to the dockerfile and added more info to the PR description.
I suppose Loki doesn't have this issue because they run as non-root?
That is a good question. Some references
- https://github.com/grafana/loki/blob/main/cmd/loki/Dockerfile
- https://grafana.com/docs/loki/latest/configuration/
In which directory Loki creates the wal ?
For tempo the default is /var/tempo/wal see https://grafana.com/docs/tempo/latest/configuration/
These are the filesystem permissions for /var drwxr-xr-x 1 root root 19 Aug 9 08:58 . On OpenShift the user is 10006800 root. That user does not have write permissions to create tempo directory in /var
I'd like to see this tested on an instance with data and such
It might be less intuitive to test this. Are there any tests that execute docker image that has been built?