Avoid "volumeMounts" with "configMap" fixed permissions

To access to the container without using a password, the jumphost
RSA public key is copied to each container, using "volumeMounts"
defined as "configMap", to /root/.ssh/authorized_keys.

To work properly, the following permissions must be set:
  - /root/.ssh: 700
  - /root/.ssh/authorized_keys: 600

Because of [1][2], the mounted folders have fixed permissions and
cannot be modified.

[1]https://groups.google.com/forum/#!topic/kubernetes-dev/eTnfMJSqmaM
[2]https://github.com/kubernetes/kubernetes/issues/28317

JIRA: YARDSTICK-1149

Change-Id: I821064da56699c5b4f509d233c33e55af119fd56
Signed-off-by: Rodolfo Alonso Hernandez <rodolfo.alonso.hernandez@intel.com>

diff --git a/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml b/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml
index 0da2962..5fe9024 100644 (file)
--- a/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml
+++ b/tests/opnfv/test_cases/opnfv_yardstick_tc080.yaml
@@ -40,8 +40,12 @@ context:
     host:
       image: openretriever/yardstick
       command: /bin/bash
-      args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done']
+      args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.;
+                    chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;
+                    while true ; do sleep 10000; done']
     target:
       image: openretriever/yardstick
       command: /bin/bash
-      args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done']
+      args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.;
+                    chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;
+                    while true ; do sleep 10000; done']

diff --git a/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml b/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml
index fc7eb00..fc6496b 100644 (file)
--- a/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml
+++ b/tests/opnfv/test_cases/opnfv_yardstick_tc081.yaml
@@ -42,7 +42,9 @@ contexts:
     host:
       image: openretriever/yardstick
       command: /bin/bash
-      args: ['-c', 'chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;while true ; do sleep 10000; done']
+      args: ['-c', 'mkdir /root/.ssh; cp /tmp/.ssh/authorized_keys ~/.ssh/.;
+                    chmod 700 ~/.ssh; chmod 600 ~/.ssh/*; service ssh restart;
+                    while true ; do sleep 10000; done']
 -
   type: Heat
   name: openstack

diff --git a/yardstick/orchestrator/kubernetes.py b/yardstick/orchestrator/kubernetes.py
index 198eeac..ac3a09e 100644 (file)
--- a/yardstick/orchestrator/kubernetes.py
+++ b/yardstick/orchestrator/kubernetes.py
@@ -74,7 +74,7 @@ class KubernetesObject(object):
 
     def _add_container(self):
         container_name = '{}-container'.format(self.name)
-        ssh_key_mount_path = "/root/.ssh/"
+        ssh_key_mount_path = '/tmp/.ssh/'
 
         container = {
             "args": self.args,

diff --git a/yardstick/tests/unit/orchestrator/test_kubernetes.py b/yardstick/tests/unit/orchestrator/test_kubernetes.py
index f2bc5b0..58971f5 100644 (file)
--- a/yardstick/tests/unit/orchestrator/test_kubernetes.py
+++ b/yardstick/tests/unit/orchestrator/test_kubernetes.py
@@ -47,7 +47,7 @@ service ssh restart;while true ; do sleep 10000; done"
                                 "name": "host-k8s-86096c30-container",
                                 "volumeMounts": [
                                     {
-                                        "mountPath": "/root/.ssh/",
+                                        "mountPath": "/tmp/.ssh/",
                                         "name": "k8s-86096c30-key"
                                     }
                                 ]