fix: Non-root cron.
This Merge request updates our version of the docker file to use a non-root version of cron rather than attempting to run cron via setuid. Apparently the container implementation no longer allows this method of elevating privileges, so instead we add a user-permissioned crontab process, supercronic.
JIRA tickets: https://tasks.opencraft.com/browse/STAR-3546
Testing instructions:
- Log in to the GitLab registry (registry.gitlab.com)
- Build the container and push it (registry.gitlab.com/opencraft/dev/suitecrm-custom)
- Roll the deployment for SuiteCRM forward in the stage or production infra environ (
kubectl rollout restart deployment/suitecrm -n suitecrm
) - Use
kubectl get pods -n suitecrm
to find the new container name - Shell into the pod with
kubectl exec -it pod-name-here -n suitecrm -- /bin/bash
- Verify that the crontab file is stored in the expected location according to the code and has the data shown in the
crontab
file (I've left a slightly different version in prod that redirects all output to /dev/null instead of letting stdout and stderr be used-- so if you see that, it didn't update) - Run
ps aux
to verify thatsupercronic
is running - Tail the logs and wait for entries from supercronic, which should look like this:
time="2024-03-26T22:05:00Z" level=info msg=starting iteration=63 job.command="cd /bitnami/suitecrm; /opt/bitnami/php/bin/php -f cron.php" job.position=0 job.schedule="* * * * *"
time="2024-03-26T22:05:00Z" level=info msg="job succeeded" iteration=63 job.command="cd /bitnami/suitecrm; /opt/bitnami/php/bin/php -f cron.php" job.position=0 job.schedule="* * * * *"
These should appear once a minute.