upgle commented on a change in pull request #5045:
URL: https://github.com/apache/openwhisk/pull/5045#discussion_r556387551
##########
File path: common/scala/copyJMXFiles.sh
##########
@@ -18,6 +18,11 @@
if [[ $( ls /conf/jmxremote.* 2> /dev/null ) ]]
then
- mv /conf/jmxremote.* /home/owuser
+ # JMX auth files would be mounted as a symbolic link (read-only mode)
+ # with `root` privileges by the k8s secret.
+ cp -rL /conf/jmxremote.* /home/owuser
+ rm -f /conf/jmxremote.* 2>/dev/null || true
Review comment:
Note. The files can not be removed in the k8s because it's read-only
mounted, so I hide the message and returns true. But in the default
(Bare-metal, VM..) environment, the file can be removed.
```
bash-4.4$ rm -f jmxremote.*
rm: can't remove 'jmxremote.access': Resource busy
rm: can't remove 'jmxremote.password': Resource busy
```
##########
File path: common/scala/copyJMXFiles.sh
##########
@@ -18,6 +18,11 @@
if [[ $( ls /conf/jmxremote.* 2> /dev/null ) ]]
then
- mv /conf/jmxremote.* /home/owuser
+ # JMX auth files would be mounted as a symbolic link (read-only mode)
+ # with `root` privileges by the k8s secret.
+ cp -rL /conf/jmxremote.* /home/owuser
+ rm -f /conf/jmxremote.* 2>/dev/null || true
+
+ # The owner must be `owuser` and the file only have read permission.
chmod 600 /home/owuser/jmxremote.*
Review comment:
Note. The mounted files (`/conf/jmxremote.*`) cannot be used directly,
it's limitation of JMX.
If the auth file has permissions other than `read`, the following error
occurs:
"Password file read access must be restricted"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
