Quay fails to install on hardened instances due to umask

Question

Quay fails to install on hardened instances due to umask

BadgerOps opened this issue a year ago · 1 comments

Hello all,

I am working in a disconnected, hardened environment that has the global umask set to ~~0022~~ 0077.

When using the mirror-registry to install quay we identified a small issue. The current install-quay-service.yaml playbook does not set explicit mode for the directory, or the config.yaml.

With the global umask settings of ~~0022~~ 0077 this results in a directory and configuration file that the quay pod is unable to read. Explicitly setting mode: 0750 for the directory and configuration file allows for the install to succeed as expected.

I'll submit a PR for this shortly, but thought an issue might be helpful for conversation sake.

Thank you,

-BadgerOps

EDIT: I accidentally wrote 0022 not 0077 on the original post. Hardened umask is 0077

Answer 1 · 2023-12-13T20:16:27.000Z

Closing this as @harishsurf merged in #137 - thanks y'all!