Skip to content

PMM-13847 Remove 'user = pmm' and update privilege management #3811

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: v3
Choose a base branch
from
Draft

PMM-13847 Remove 'user = pmm' and update privilege management #3811

wants to merge 7 commits into from

Conversation

BupycHuk
Copy link
Member

@BupycHuk BupycHuk commented Mar 20, 2025
edited
Loading

Removed 'user = pmm' from supervisord configuration files across various components to align with best practices. Updated privilege escalation mechanisms in Ansible playbooks to ensure proper user context while maintaining functionality.

PMM-13847

Link to the Feature Build: SUBMODULES-3873

If this PR adds or removes or alters one or more API endpoints, please review and add or update the relevant API documents as well:

  • API Docs updated

If this PR is related to some other PRs in this or other repositories, please provide links to those PRs:

  • Links to related pull requests (optional).

@BupycHuk
PMM-13847 Remove 'user = pmm' and update privilege management
06f68ec 
Removed 'user = pmm' from supervisord configuration files across various components to align with best practices. Updated privilege escalation mechanisms in Ansible playbooks to ensure proper user context while maintaining functionality.
@codecov Codecov
Copy link

codecov bot commented Mar 20, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.86%. Comparing base (f6f35a5) to head (4fd1d76).
Report is 4 commits behind head on v3.

Additional details and impacted files 
@@            Coverage Diff             @@
##               v3    #3811      +/-   ##
==========================================
- Coverage   43.87%   43.86%   -0.02%     
==========================================
  Files         367      367              
  Lines       44627    44620       -7     
==========================================
- Hits        19580    19571       -9     
- Misses      23363    23366       +3     
+ Partials     1684     1683       -1
Flag Coverage Δ
admin 11.51% <ø> (∅)
agent 52.50% <ø> (∅)
vmproxy 73.45% <ø> (∅)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

BupycHuk added 5 commits March 21, 2025 11:39
@BupycHuk
PMM-13847: Fix indentation in initialization task
34170fd 
Corrected indentation in the initialization playbook task to ensure proper YAML formatting. This fixes potential issues with Ansible processing the task correctly.
@BupycHuk
PMM-13847: Fix indentation in initialization task
99cd854 
Corrected indentation in the initialization playbook task to ensure proper YAML formatting. This fixes potential issues with Ansible processing the task correctly.
@BupycHuk
PMM-13847 Remove redundant tasks and add nginx temp directories
794dcc7 
Cleaned up obsolete tasks in Ansible files for build optimization, including supervisord initialization and PostgreSQL database cleanup. Configured nginx temporary directories with appropriate permissions to enhance functionality and address potential issues. These changes streamline the build process while ensuring compatibility with updated dependencies.
@BupycHuk
PMM-13847: Add ignore_errors to log check tasks
49db7a7 
Set `ignore_errors: True` for supervisord and Grafana log check tasks to prevent playbook failures when logs are unavailable or commands encounter issues. This ensures smoother execution and better fault tolerance during the ansible run.
@BupycHuk
PMM-13847: Move configuration files to /srv and adjust permissions
13f2336 
This commit transitions various configurations and directories from `/etc` to `/srv` for consistency and better organization. It also adjusts file and directory ownership and permissions, simplifying management by removing specific `owner` and `group` settings. These changes streamline directory structure and align with best practices for containerized environments.
@BupycHuk
PMM-13847 Fix entrypoint script user issues and improve Postgres setup
4fd1d76 
Ensure the script handles missing user information by adding default user entry to /etc/passwd when necessary. Also, enforce proper permissions on the PostgreSQL data directory for security and compatibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BupycHuk @ademidoff