Update on 22.5.2020: cannot reproduce anymore on vSphere with OCP 4.2 of version:
oc version
Client Version: openshift-clients-4.2.24-202003130432
Server Version: 4.2.33
Kubernetes Version: v1.14.6-152-g117ba1f
Cri-o on OCP 4.2 does not respect HOME
environment directory set on image. It creates /etc/passwd
in a container with /
as HOME directory for the running user.
Reproduce:
oc new-project homedirissue
oc adm policy add-scc-to-user anyuid -z default
oc new-app -f https://gist.githubusercontent.com/miminar/f9bd5c00be946026bd178ff1f816d6e2/raw/8eb7ed5c65382ec9eaf251977486b6da21a372d8/homedirtmpl.yaml
oc rollout status -w dc/homedirissue
Check out the output of:
oc rsh dc/homedirissue /bin/sh -c 'set -x; whoami; id; eval '"'"'echo "$HOME"'"'"'; pwd; grep '^1000:' /etc/passwd'
As of
oc version
Client Version: openshift-clients-4.2.2-201910250432
Server Version: 4.2.21
Kubernetes Version: v1.14.6+06eeef5
the output is:
oc rsh dc/homedirissue /bin/sh -c 'set -x; whoami; id; eval '"'"'echo "$HOME"'"'"'; pwd; grep '^1000:' /etc/passwd'
+ whoami
1000
+ id
uid=1000(1000) gid=0(root) groups=0(root)
+ eval echo "$HOME"
+ echo /home/1000
/home/1000
+ pwd
/home/1000/homedirissue-img
+ grep ^1000: /etc/passwd
1000:x:1000:0:1000 user:/:/sbin/nologin
The expected last line is:
1000:x:1000:0:1000 user:/home/1000:/sbin/nologin
OCP Version:
oc version
oc v3.11.187
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://lu0531v0.wdf.sap.corp:8443
openshift v3.11.153
kubernetes v1.11.0+d4cacc0
Docker version:
ansible -m shell -i hosts nodes -b -a 'docker version'
lu0531v2.wdf.sap.corp | CHANGED | rc=0 >>
Client:
Version: 1.13.1
API version: 1.26
Package version: docker-1.13.1-103.git7f2769b.el7.x86_64
Go version: go1.10.8
Git commit: 7f2769b/1.13.1
Built: Fri Aug 2 10:19:53 2019
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Package version: docker-1.13.1-103.git7f2769b.el7.x86_64
Go version: go1.10.8
Git commit: 7f2769b/1.13.1
Built: Fri Aug 2 10:19:53 2019
OS/Arch: linux/amd64
Experimental: false
...
Output of the debug command:
oc rsh dc/homedirissue /bin/sh -c 'set -x; whoami; id; eval '"'"'echo "$HOME"'"'"'; pwd; grep '^1000:' /etc/passwd'
+ whoami
whoami: cannot find name for user ID 1000
+ id
uid=1000 gid=0(root) groups=0(root)
+ eval echo "$HOME"
+ echo /home/1000
/home/1000
+ pwd
/home/1000/homedirissue-img
+ grep ^1000: /etc/passwd
command terminated with exit code 1