🐛 Disable hub chown init container by default and always exit 0

[jmontleon]

This init container was originally used to fix permissions when upgrading from an older version that ran as root and probably isn't need most of the time anymore. Allowing it to be enabled still allows for the situation to be corrected if someone is upgrading from a very old version, but otherwise should no longer incur an ohterwise needless wait when the hub is starts.

Also added ||: to ensure the container exits gracefully even if it can't change permissions on read only subdirectories, which may be outside the users control to adjust. This prevents the init container from crashing and preventing the hub from starting. NetApp .snapshot directory is an example of this.

Summary by CodeRabbit

• New Features
  • Added a new configuration option to optionally enable automated file ownership management for database and bucket volumes during container initialization. Disabled by default.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new Ansible configuration flag enable_chown_init_container is added to control an optional init container in the Hub deployment. When enabled, the init container performs file ownership changes on database and bucket volumes using a chown operation.

Changes

Cohort / File(s)	Summary
Configuration Flag Addition roles/tackle/defaults/main.yml	Added new boolean variable enable_chown_init_container with default value false to control init container behavior.
Init Container Template roles/tackle/templates/deployment-hub.yml.j2	Added conditional initContainers block that runs chown operation on database and bucket volumes when the feature flag is enabled; restructured template with explicit condition boundary.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A little flag hops in with care,
To chown the volumes here and there,
When enabled, the init containers play,
Setting permissions the proper way!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: disabling the chown init container by default and ensuring it exits with code 0, matching the core objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

roles/tackle/templates/deployment-hub.yml.j2 (1)

242-244: Use /bin/sh instead of bash for better portability.

The init container uses an external hub image that may not include bash. Line 242 should use /bin/sh (POSIX standard, available everywhere) instead of bash (optional in minimal containers). The chown command requires only POSIX features.

Suggested diff

-            - bash
+            - /bin/sh
             - -c
             - 'chown -R {{ hub_uid }}:root {{ hub_database_volume_path }} {{ hub_bucket_volume_path }} ||:'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@roles/tackle/templates/deployment-hub.yml.j2` around lines 242 - 244, Replace
the shell invocation in the init container command to use POSIX /bin/sh instead
of bash: update the command entries that currently specify "bash" and the
associated "-c" invocation (the init container command that runs 'chown -R {{
hub_uid }}:root {{ hub_database_volume_path }} {{ hub_bucket_volume_path }}
||:') so the first element is "/bin/sh" (keeping "-c" and the chown string
unchanged) to ensure the container works in minimal images without bash.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@roles/tackle/templates/deployment-hub.yml.j2`:
- Around line 242-244: Replace the shell invocation in the init container
command to use POSIX /bin/sh instead of bash: update the command entries that
currently specify "bash" and the associated "-c" invocation (the init container
command that runs 'chown -R {{ hub_uid }}:root {{ hub_database_volume_path }} {{
hub_bucket_volume_path }} ||:') so the first element is "/bin/sh" (keeping "-c"
and the chown string unchanged) to ensure the container works in minimal images
without bash.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe9f99a and 01736cb.

📒 Files selected for processing (2)

• roles/tackle/defaults/main.yml
• roles/tackle/templates/deployment-hub.yml.j2

[konveyor-ci-bot]

PR cherry-picked to branch release-0.9. Backport PR: #541