On Tue, Oct 08, 2019 at 05:57:45PM +0200, Adrian Reber wrote:
On Tue, Oct 08, 2019 at 08:38:18AM -0700, Kevin Fenzi wrote:
> On Tue, Oct 08, 2019 at 08:42:13AM +0200, Adrian Reber wrote:
> > After the Fedora 31 freeze I would like to introduce this new mirrorlist
> > server implementation on the proxies. I already verified that I can run
> > this mirrorlist container rootless. This new container can be a drop-in
> > replacement for the current container and no infrastructure around it
> > needs to be changed.
> > The main changes to get it into production is to change mirrorlist1.service
> > and mirrorlist2.service to include a line "User=mirrormanager" and
> > replace the current container name with new container.
> How about we get this deployed in stg soonish so we can test it out
I was not aware, that the mirrorlist containers are also running in stg,
but they are, good.
Yeah, it should be all setup anyhow...
Assuming we want to run the containers rootless as the mirrormanager
user I would need the necessary entries in /etc/subuid and /etc/subgid.
Grepping through the ansible repository this does not seem to be used
yet. If someone can setup subuid and subgid I can do everything else.
Currently we have been running them as root (by of course the httpd in
the container as apache, etc).
So, if you just want to pick those and get it working non root, that
would be great.