summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoranthony.bellino <ab2434@att.com>2019-01-07 20:32:48 +0000
committeranthony.bellino <ab2434@att.com>2019-01-10 17:39:32 +0000
commitf4c8228ff62bfecf5d2df977f7abc5db3e693e4d (patch)
treefbe798cc680134b849e958765c0ca528cea797b4
parent606cf35bdad637427b8e2632a0d1c21d05dd550e (diff)
Add rerun support for perm module
- Adds the ability to rerun divingbell-perm at specified interval. - Adds the ability to specify a rerun policy of 'always', 'never', 'once_successfully'. Default value is 'always'. Demo: https://asciinema.org/a/220289 Change-Id: I3909b4d92f8e2bdb0d826ca1cfbd62f937c2532d
Notes
Notes (review): Code-Review+1: Smruti Soumitra Khuntia <sk698p@att.com> Code-Review+2: Scott Hussey <sthussey@att.com> Code-Review+1: Nishant Kumar <nishant.e.kumar@ericsson.com> Code-Review+2: Mark Burnett <mark.m.burnett@gmail.com> Workflow+1: Mark Burnett <mark.m.burnett@gmail.com> Code-Review+1: Michael Beaver <michaelbeaver64@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 11 Jan 2019 15:51:51 +0000 Reviewed-on: https://review.openstack.org/629045 Project: openstack/airship-divingbell Branch: refs/heads/master
-rw-r--r--divingbell/templates/bin/_perm.sh.tpl143
-rw-r--r--divingbell/values.yaml4
-rwxr-xr-xtools/gate/scripts/020-test-divingbell.sh45
3 files changed, 158 insertions, 34 deletions
diff --git a/divingbell/templates/bin/_perm.sh.tpl b/divingbell/templates/bin/_perm.sh.tpl
index 6aac03e..58b87af 100644
--- a/divingbell/templates/bin/_perm.sh.tpl
+++ b/divingbell/templates/bin/_perm.sh.tpl
@@ -16,6 +16,8 @@
16# limitations under the License. 16# limitations under the License.
17*/}} 17*/}}
18 18
19{{- $perm_loop_sleep_interval := 60 }}
20
19set -e 21set -e
20 22
21cat <<'EOF' > {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh 23cat <<'EOF' > {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
@@ -82,54 +84,127 @@ add_single_perm(){
82 84
83} 85}
84 86
85{{- range $perm := .Values.conf.perm }} 87revert_perm(){
86add_perm {{ $perm.path | squote }} {{ $perm.owner | squote }} {{ $perm.group | squote }} {{ $perm.permissions | squote }} 88# Revert
89 prev_files="$(find "${backup_path}" -type f ! -name last_run_timestamp)"
90 if [ -n "${prev_files}" ]; then
91 basename -a ${prev_files} | sort > /tmp/prev_perm
92 echo "${applied_perm}" | sort > /tmp/curr_perm
93 log.DEBUG /tmp/prev_perm
94 log.DEBUG /tmp/curr_perm
95 revert_list="$(comm -23 /tmp/prev_perm /tmp/curr_perm)"
96 IFS=$'\n'
97 for o_perm in ${revert_list}; do
98 first=1
99 while IFS=' ' read -r a1 a2; do
100 if [ "$first" -eq 1 ]; then
101 $(chmod $a1 $a2)
102 first=0
103 else
104 $(chown $a1 $a2)
105 fi
106 done < "${backup_path}/${o_perm}"
107
108 rm "${backup_path}/${o_perm}"
109 log.INFO "Reverted permissions and owner: ${backup_path}/${o_perm}"
110 done
111 fi
112}
113
114{{- $_ := set $.Values "__rerun_policy" "always" }}
115{{- if hasKey .Values.conf "perm" }}
116{{- if hasKey .Values.conf.perm "rerun_policy" }}
117 {{- if and (not (eq .Values.conf.perm.rerun_policy "always")) (not (eq .Values.conf.perm.rerun_policy "never")) (not (eq .Values.conf.perm.rerun_policy "once_successfully")) }}
118 {{- fail (print "BAD 'rerun_policy' Got '" .Values.conf.perm.rerun_policy "', but expected 'always', 'never', or 'once_successfully'.") }}
119 {{- end }}
120 {{- $_ := set $.Values "__rerun_policy" .Values.conf.perm.rerun_policy }}
87{{- end }} 121{{- end }}
88 122
89log.INFO "Applied: ${applied_perm}" 123{{- $_ := set $.Values "__rerun_interval" "infinite" }}
124{{- if hasKey .Values.conf.perm "rerun_interval" }}
125{{- $_ := set $.Values "__rerun_interval" .Values.conf.perm.rerun_interval }}
126
127 {{- if not (eq (.Values.conf.perm.rerun_interval | toString) "infinity") }}
128 {{- if lt (.Values.conf.perm.rerun_interval | int) $perm_loop_sleep_interval }}
129 {{- fail (print "BAD 'rerun_interval' Got '" $.Values.__rerun_interval "', but expected >= '" $perm_loop_sleep_interval "'.") }}
130 {{- end }}
131 {{- if not (eq $.Values.__rerun_policy "always") }}
132 {{- fail (print "BAD COMBINATION: Must use 'rerun_policy' of 'always' when defining a finite 'retry_interval'. Got 'rerun_policy' of '" $.Values.__rerun_policy "' and 'retry_interval' of '" $.Values.__rerun_interval "'.") }}
133 {{- end }}
134 {{- end }}
135 {{- $_ := set $.Values "__rerun_interval" .Values.conf.perm.rerun_interval }}
136{{- end }}
90 137
91# Revert 138{{- if hasKey .Values.conf.perm "rerun_policy" }}
92prev_files="$(find "${backup_path}" -type f)" 139 {{- if and (not (eq $.Values.__rerun_policy "always")) (not (eq $.Values.__rerun_policy "never")) (not (eq $.Values.__rerun_policy "once_successfully")) }}
93if [ -n "${prev_files}" ]; then 140 {{- fail (print "BAD 'rerun_policy' : Got '" $.Values.__rerun_policy "', but expected 'always', 'never', or 'once_successfully'.") }}
94 basename -a ${prev_files} | sort > /tmp/prev_perm 141 {{- end }}
95 echo "${applied_perm}" | sort > /tmp/curr_perm 142{{- end }}
96 log.DEBUG /tmp/prev_perm 143
97 log.DEBUG /tmp/curr_perm 144cd "${backup_path}"
98 revert_list="$(comm -23 /tmp/prev_perm /tmp/curr_perm)" 145
99 IFS=$'\n' 146{{- $_ := set $.Values "__values_hash" list }}
100 for o_perm in ${revert_list}; do 147{{- $hash := $.Values.__values_hash | toString | sha256sum }}
101 first=1 148
102 while IFS=' ' read -r a1 a2; do 149hash={{ $hash | squote }}
103 if [ "$first" -eq 1 ]; then 150if [ ! -d "${hash}" ]; then
104 $(chmod $a1 $a2) 151 mkdir -p "${hash}"
105 first=0 152fi
106 else 153
107 $(chown $a1 $a2) 154# check rerun policy
108 fi 155hash_check=fail
109 done < "${backup_path}/${o_perm}" 156if [[ {{ $.Values.__rerun_policy }} = always ]] || \
110 157 [[ ! -f ${hash}/exit_code ]] || \
111 rm "${backup_path}/${o_perm}" 158 ([[ {{ $.Values.__rerun_policy }} = once_successfully ]] && \
112 log.INFO "Reverted permissions and owner: ${backup_path}/${o_perm}" 159 [[ $(cat ${hash}/exit_code) != 0 ]]); then
113 done 160 hash_check=pass
161fi
162# check rerun interval
163interval_check=fail
164if [[ ! -f ${hash}/last_run_timestamp ]] || [[ ! -f ${hash}/exit_code ]]; then
165 interval_check=pass
166elif [[ $(cat ${hash}/exit_code) = 0 ]]; then
167 if [[ {{ $.Values.__rerun_interval }} = infinite ]]; then
168 interval_check=pass
169 elif [[ $(date +"%s") -ge $(($(cat ${hash}/last_run_timestamp) + {{ $.Values.__rerun_interval }})) ]]; then
170 interval_check=pass
171 fi
114fi 172fi
173if [[ $hash_check = pass ]] && [[ $interval_check = pass ]]; then
174 if [[ -f ${hash}/exit_code ]]; then
175 # remove previous run record, in case this run is interrupted
176 rm ${hash}/exit_code
177 fi
178 # write timestamp at beginning of execution
179 log.INFO 'All permissions successfully applied on this node.'
180 echo $(date +"%s") > "${hash}/last_run_timestamp"
181
182 {{- range $perm := .Values.conf.perm.paths }}
183 add_perm {{ $perm.path | squote }} {{ $perm.owner | squote }} {{ $perm.group | squote }} {{ $perm.permissions | squote }}
184 {{- end }}
185 log.INFO "Applied: ${applied_perm}"
115 186
116if [ -n "${curr_settings}" ]; then 187 revert_perm
188
189 if [ -n "${curr_settings}" ]; then
117 log.INFO 'All permissions successfully applied on this node.' 190 log.INFO 'All permissions successfully applied on this node.'
118else 191 else
119 log.WARN 'No permissions overrides defined for this node.' 192 log.WARN 'No permissions overrides defined for this node.'
193 fi
120fi 194fi
121 195
196echo 0 > "${hash}/exit_code"
122exit 0 197exit 0
198{{- end}}
123EOF 199EOF
124 200
125chmod 755 {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh 201chmod 755 {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
126chroot {{ .Values.conf.chroot_mnt_path | quote }} /tmp/perm_host.sh
127
128sleep 1
129echo 'INFO Putting the daemon to sleep.'
130 202
131while [ 1 ]; do 203while true; do
132 sleep 300 204 chroot {{ .Values.conf.chroot_mnt_path | quote }} /tmp/perm_host.sh
205 sleep 2
206 echo 'INFO Putting the daemon to sleep.'
207 sleep {{ $perm_loop_sleep_interval }}
133done 208done
134 209
135exit 0 210exit 0
diff --git a/divingbell/values.yaml b/divingbell/values.yaml
index 84fb1e9..931fc6b 100644
--- a/divingbell/values.yaml
+++ b/divingbell/values.yaml
@@ -32,6 +32,10 @@ conf:
32 - nis 32 - nis
33 - ntpdate 33 - ntpdate
34# perm: 34# perm:
35# rerun_policy: always
36# 86400 = 1 day
37# rerun_interval: 86400
38# paths:
35# - 39# -
36# path: '/boot/System.map-*' 40# path: '/boot/System.map-*'
37# owner: 'root' 41# owner: 'root'
diff --git a/tools/gate/scripts/020-test-divingbell.sh b/tools/gate/scripts/020-test-divingbell.sh
index 136c18d..c8e593d 100755
--- a/tools/gate/scripts/020-test-divingbell.sh
+++ b/tools/gate/scripts/020-test-divingbell.sh
@@ -435,6 +435,7 @@ test_perm(){
435 local overrides_yaml=${LOGS_SUBDIR}/${FUNCNAME}.yaml 435 local overrides_yaml=${LOGS_SUBDIR}/${FUNCNAME}.yaml
436 echo "conf: 436 echo "conf:
437 perm: 437 perm:
438 paths:
438 - 439 -
439 path: ${p_test_file1} 440 path: ${p_test_file1}
440 owner: 'root' 441 owner: 'root'
@@ -452,6 +453,7 @@ test_perm(){
452 echo "[SUCCESS] Positive test for perm passed successfully" >> "${TEST_RESULTS}" 453 echo "[SUCCESS] Positive test for perm passed successfully" >> "${TEST_RESULTS}"
453 echo "conf: 454 echo "conf:
454 perm: 455 perm:
456 paths:
455 - 457 -
456 path: ${p_test_file1} 458 path: ${p_test_file1}
457 owner: 'root' 459 owner: 'root'
@@ -462,6 +464,49 @@ test_perm(){
462 _test_perm_value ${p_test_file1} root shadow 640 464 _test_perm_value ${p_test_file1} root shadow 640
463 _test_perm_value ${p_test_file2} ${p_test_file2##*.} ${p_test_file2##*.} 777 465 _test_perm_value ${p_test_file2} ${p_test_file2##*.} ${p_test_file2##*.} 777
464 echo "[SUCCESS] Backup test for perm passed successfully" >> "${TEST_RESULTS}" 466 echo "[SUCCESS] Backup test for perm passed successfully" >> "${TEST_RESULTS}"
467 # Test invalid rerun_interval (too short)
468 echo "conf:
469 perm:
470 rerun_interval: 30
471 paths:
472 -
473 path: ${p_test_file1}
474 owner: 'root'
475 group: 'shadow'
476 permissions: '0640'" > "${overrides_yaml}"
477 install_base "--values=${overrides_yaml}" 2>&1 | grep 'BAD .rerun_interval. Got' || \
478 (echo "[FAIL] perm test invalid rerun_interval value did not receive expected 'BAD .rerun_interval. Got' error" && exit 1)
479 echo '[SUCCESS] perm test invalid rerun_interval passed successfully' >> "${TEST_RESULTS}"
480 # Test invalid rerun_interval combination
481 echo "conf:
482 perm:
483 rerun_interval: 60
484 rerun_policy: once_successfully
485 paths:
486 -
487 path: ${p_test_file1}
488 owner: 'root'
489 group: 'shadow'
490 permissions: '0640'" > "${overrides_yaml}"
491 install_base "--values=${overrides_yaml}" 2>&1 | grep 'BAD COMBINATION' || \
492 (echo "[FAIL] perm invalid rerun_interval combination did not receive expected 'BAD COMBINATION' error" && exit 1)
493 echo '[SUCCESS] perm invalid rerun_interval combination passed successfully' >> "${TEST_RESULTS}"
494 # test rerun_interval
495 echo "conf:
496 perm:
497 rerun_interval: 60
498 paths:
499 -
500 path: ${p_test_file1}
501 owner: 'root'
502 group: 'shadow'
503 permissions: '0640'" > "${overrides_yaml}"
504 install_base "--values=${overrides_yaml}"
505 get_container_status perm
506 sleep 72
507 get_container_status perm
508 _test_perm_value ${p_test_file1} root shadow 640
509 echo '[SUCCESS] perm rerun_interval passed successfully' >> "${TEST_RESULTS}"
465 _perm_teardown 510 _perm_teardown
466} 511}
467 512