)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":14826,"name":"Mark Goddard","email":"markgoddard86@gmail.com","username":"mgoddard"},"change_message_id":"b98fff5fa475ca48b21e9546af9b7b156423d62b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"f691abb0_eba6c189","updated":"2022-08-31 10:46:39.000000000","message":"Have you checked that nobody has permission to access all of the necessary files?","commit_id":"f1d27f7ddbe897f08ca506e18e9f9cdffbf9bc59"},{"author":{"_account_id":27339,"name":"Michal Arbet","email":"michal.arbet@ultimum.io","username":"michalarbet"},"change_message_id":"3e85f1a5df3635e0166607b022e0f1a7bb2c69f0","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"63249ff0_ff9e0075","updated":"2022-08-30 18:08:32.000000000","message":"If it is tested and working, let\u0027s merge this.","commit_id":"f1d27f7ddbe897f08ca506e18e9f9cdffbf9bc59"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"04a00e830780a8fd5fee89f7df0fbc4a57420293","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"a4b7a711_5ef809e4","in_reply_to":"f691abb0_eba6c189","updated":"2022-08-31 10:50:18.000000000","message":"Yup, they are all world-readable. I could not find different perms. The other deployment projects default to nobody as well.","commit_id":"f1d27f7ddbe897f08ca506e18e9f9cdffbf9bc59"}],"ansible/roles/ironic/templates/ironic-tftp.json.j2":[{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"e836e5e8a27a66ac4b5be3d974b268087f85027f","unresolved":true,"context_lines":[{"line_number":2,"context_line":"{% set pxe_cfg \u003d \u0027grub.cfg\u0027 if enable_ironic_pxe_uefi | bool else \u0027default\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/in.tftpd --verbose --foreground --user nobody --address 0.0.0.0:69 --map-file /map-file /var/lib/ironic/tftpboot\","},{"line_number":6,"context_line":"    \"config_files\": ["},{"line_number":7,"context_line":"{% if not ironic_dnsmasq_serve_ipxe | bool and groups[\u0027ironic-inspector\u0027] | length \u003e 0 %}"},{"line_number":8,"context_line":"{% if not enable_ironic_pxe_uefi | bool %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"e40d1d24_26baf9b9","line":5,"updated":"2022-08-30 10:25:55.000000000","message":"Is this tested somewhere? Usually only root should be able to listen on ports \u003c 1024. I don\u0027t see an ironic-tftp container running in the ironic job.","commit_id":"f1d27f7ddbe897f08ca506e18e9f9cdffbf9bc59"},{"author":{"_account_id":13252,"name":"Dr. Jens Harbott","display_name":"Jens Harbott (frickler)","email":"frickler@offenerstapel.de","username":"jrosenboom"},"change_message_id":"a5621820dd44fd063d49ef05a9a99f7437510f00","unresolved":true,"context_lines":[{"line_number":2,"context_line":"{% set pxe_cfg \u003d \u0027grub.cfg\u0027 if enable_ironic_pxe_uefi | bool else \u0027default\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/in.tftpd --verbose --foreground --user nobody --address 0.0.0.0:69 --map-file /map-file /var/lib/ironic/tftpboot\","},{"line_number":6,"context_line":"    \"config_files\": ["},{"line_number":7,"context_line":"{% if not ironic_dnsmasq_serve_ipxe | bool and groups[\u0027ironic-inspector\u0027] | length \u003e 0 %}"},{"line_number":8,"context_line":"{% if not enable_ironic_pxe_uefi | bool %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"c46a3a2d_94d2c166","line":5,"in_reply_to":"951d83c4_151ed6b8","updated":"2022-08-30 12:15:53.000000000","message":"Ok, thx for confirming.","commit_id":"f1d27f7ddbe897f08ca506e18e9f9cdffbf9bc59"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"e122cdb0011571964be567e910076a33f99bb3f4","unresolved":false,"context_lines":[{"line_number":2,"context_line":"{% set pxe_cfg \u003d \u0027grub.cfg\u0027 if enable_ironic_pxe_uefi | bool else \u0027default\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/in.tftpd --verbose --foreground --user nobody --address 0.0.0.0:69 --map-file /map-file /var/lib/ironic/tftpboot\","},{"line_number":6,"context_line":"    \"config_files\": ["},{"line_number":7,"context_line":"{% if not ironic_dnsmasq_serve_ipxe | bool and groups[\u0027ironic-inspector\u0027] | length \u003e 0 %}"},{"line_number":8,"context_line":"{% if not enable_ironic_pxe_uefi | bool %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"b0f60db9_858d078e","line":5,"in_reply_to":"c46a3a2d_94d2c166","updated":"2022-08-30 12:50:44.000000000","message":"Ack","commit_id":"f1d27f7ddbe897f08ca506e18e9f9cdffbf9bc59"},{"author":{"_account_id":30491,"name":"Radosław Piliszek","display_name":"Radek","email":"radek@piliszek.it","username":"yoctozepto","status":"self-employed techologist, collaborating mostly with 7bulls.com"},"change_message_id":"9a0c315a255954bec08418911bc0650a97cd9527","unresolved":true,"context_lines":[{"line_number":2,"context_line":"{% set pxe_cfg \u003d \u0027grub.cfg\u0027 if enable_ironic_pxe_uefi | bool else \u0027default\u0027 %}"},{"line_number":3,"context_line":""},{"line_number":4,"context_line":"{"},{"line_number":5,"context_line":"    \"command\": \"/usr/sbin/in.tftpd --verbose --foreground --user nobody --address 0.0.0.0:69 --map-file /map-file /var/lib/ironic/tftpboot\","},{"line_number":6,"context_line":"    \"config_files\": ["},{"line_number":7,"context_line":"{% if not ironic_dnsmasq_serve_ipxe | bool and groups[\u0027ironic-inspector\u0027] | length \u003e 0 %}"},{"line_number":8,"context_line":"{% if not enable_ironic_pxe_uefi | bool %}"}],"source_content_type":"text/x-jinja2","patch_set":1,"id":"951d83c4_151ed6b8","line":5,"in_reply_to":"e40d1d24_26baf9b9","updated":"2022-08-30 10:31:51.000000000","message":"Yes, I tested it. It is also tested in the CI. It starts as root and then drops to nobody (that\u0027s why it takes this parameter in the first place).","commit_id":"f1d27f7ddbe897f08ca506e18e9f9cdffbf9bc59"}]}