Run as root in order to write to the volume

OpenCHAMI · May 6, 2024 · 6bb5a2d · 6bb5a2d
1 parent f4ae513
commit 6bb5a2d
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/Dockerfile.loader b/Dockerfile.loader
@@ -1,23 +1,27 @@
 # syntax=docker/dockerfile:1.4
 FROM cgr.dev/chainguard/python:latest-dev as builder
 
+# 65532 is nonroot for chainguard
+USER root
+
 WORKDIR /app
 
 COPY requirements.txt .
 
-RUN pip install -r requirements.txt --user
+RUN pip install -r requirements.txt
 
 FROM cgr.dev/chainguard/python:latest
 
 WORKDIR /app
 
 # Make sure you update Python version in path
-COPY --from=builder /home/nonroot/.local/lib/python3.12/site-packages /home/nonroot/.local/lib/python3.12/site-packages
+COPY --from=builder /usr/lib/python3.12/site-packages /usr/lib/python3.12/site-packages
 
 COPY dnsmasq_updater.py .
 
 # Copy the rest of the application code
 COPY dnsmasq_updater.py .
 
+USER root
 # Set the command to run your Python application
-ENTRYPOINT ["python", "/app/dnsmasq_updater.py"]
+CMD ["/app/dnsmasq_updater.py"]
diff --git a/dnsmasq_updater.py b/dnsmasq_updater.py
@@ -45,7 +45,17 @@ def template_file(base_url, access_token, hostsfilename, optsfilename):
     ei_data = getSMD(f'{base_url}/hsm/v2/Inventory/EthernetInterfaces',access_token)
     component_data = getSMD(f"{base_url}/hsm/v2/State/Components", access_token)['Components']
     logging.warning(f"Retrieved {len(ei_data)} EthernetInterfaces and {len(component_data)} Components from {base_url}")
-    hostsfile = open(hostsfilename, "w+")
+    try:
+        if os.path.exists(hostsfilename):
+            os.remove(hostsfilename)
+        hostsfile = open(hostsfilename, "a+")
+    except:
+        logging.error(f"Error opening {hostsfilename}")
+        # Log the user we're running as and the details of the exception if it is a PermissionError
+        logging.error(f"Running as user {os.getuid()}")
+        logging.error(f"Effectively Running as user {os.geteuid()}")
+        logging.error(f"Exception: {sys.exc_info()}")
+        sys.exit(1)
     #this for loop writes host entries
     for i in ei_data:
         if i['Type'] != 'NodeBMC':
@@ -64,7 +74,7 @@ def template_file(base_url, access_token, hostsfilename, optsfilename):
     #for r in rf_data['RedfishEndpoints']:
     #    print(r['ID'] + ' ' + r['IPAddress'])
     #optsfile = tempfile.TemporaryFile(mode = "r+")
-    optsfile = open(optsfilename, "w+")
+    optsfile = open(optsfilename, "a+")
     #this for loop writes option entries, we wouldn't need it if the BSS wasn't MAC specific
     for i in ei_data:
       if 'bmc' not in i['Description']: