Set explicit volume mount permissions#375
Open
ehelms wants to merge 1 commit intotheforeman:masterfrom
Open
Conversation
ehelms
force-pushed
the
set-volume-mounts
branch
from
5845390 to
7eb30ae
Compare
pablomh
reviewed
Mar 5, 2026
| sdnotify: healthy | ||
| network: host | ||
| volumes: | ||
| - "{{ postgresql_data_dir }}:/var/lib/pgsql/data:Z" |
pablomh
added a commit
to pablomh/foremanctl
that referenced
this pull request
Apr 18, 2026
Two changes: 1. PostgreSQL socket: mount host socket dir at /tmp inside the container instead of /tmp/socket. The sclorg default unix_socket_directories already includes /tmp, so no config override is needed — eliminates the ALTER SYSTEM cycle and the socket-conf secret entirely. The sclorg entrypoint chown issue only affects /var/run/postgresql, not /tmp. 2. Per PR theforeman#375: add explicit :rw permission to data volume mounts (postgresql data, redis data, candlepin logs, pulp storage, foreman run volume). Makes read-write intent explicit rather than relying on Podman's default. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
pablomh
added a commit
to pablomh/foremanctl
that referenced
this pull request
Apr 18, 2026
Two changes: 1. PostgreSQL socket: mount host socket dir at /tmp inside the container instead of /tmp/socket. The sclorg default unix_socket_directories already includes /tmp, so no config override is needed — eliminates the ALTER SYSTEM cycle and the socket-conf secret entirely. The sclorg entrypoint chown issue only affects /var/run/postgresql, not /tmp. 2. Per PR theforeman#375: add explicit :rw permission to data volume mounts (postgresql data, redis data, candlepin logs, pulp storage, foreman run volume). Makes read-write intent explicit rather than relying on Podman's default. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
pablomh
added a commit
to pablomh/foremanctl
that referenced
this pull request
Apr 18, 2026
Two changes: 1. PostgreSQL socket: mount host socket dir at /tmp inside the container instead of /tmp/socket. The sclorg default unix_socket_directories already includes /tmp, so no config override is needed — eliminates the ALTER SYSTEM cycle and the socket-conf secret entirely. The sclorg entrypoint chown issue only affects /var/run/postgresql, not /tmp. 2. Per PR theforeman#375: add explicit :rw permission to data volume mounts (postgresql data, redis data, candlepin logs, pulp storage, foreman run volume). Makes read-write intent explicit rather than relying on Podman's default. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Adds an Ansible lint rule to help ensure any future volume mounts that are added follow this rule.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds an Ansible lint rule to help ensure any future volume mounts that are added follow this rule.