From 469dbff21b390efee7310e52e2d4d389f29e6ee9 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 26 Oct 2024 11:33:48 -0700
Subject: [PATCH] mirrormanager: try adding ftpsync as supplementary group

Right now mirrormanage isn't able to update mirrorlists because we have
a pre bitflip release thats not open to it. It gets a perm denied and
just crashes.

We use this pattern already in coreos where they have to deal with
ftpsync owned content (although it's writing there, not reading).

See: https://github.com/fedora-infra/mirrormanager2/issues/407

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../openshift-apps/mirrormanager/templates/deploymentconfig.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/openshift-apps/mirrormanager/templates/deploymentconfig.yml b/roles/openshift-apps/mirrormanager/templates/deploymentconfig.yml
index e5a6c83bab..8b98e5e32d 100644
--- a/roles/openshift-apps/mirrormanager/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/mirrormanager/templates/deploymentconfig.yml
@@ -59,6 +59,8 @@ spec:
             - name: secrets
               mountPath: "/etc/mirrormanager-secrets"
               readOnly: true
+      securityContext:
+        supplementalGroups: [263]
 
       volumes:
         {{ common_volumes() }}