Browse Source

Add rerun support for perm module

- Adds the ability to rerun divingbell-perm at specified interval.

- Adds the ability to specify a rerun policy of
  'always', 'never', 'once_successfully'. Default value is 'always'.

Demo: https://asciinema.org/a/220289

Change-Id: I3909b4d92f8e2bdb0d826ca1cfbd62f937c2532d
anthony.bellino 3 months ago
parent
commit
f4c8228ff6

+ 109
- 34
divingbell/templates/bin/_perm.sh.tpl View File

@@ -16,6 +16,8 @@
16 16
 # limitations under the License.
17 17
 */}}
18 18
 
19
+{{- $perm_loop_sleep_interval := 60 }}
20
+
19 21
 set -e
20 22
 
21 23
 cat <<'EOF' > {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
@@ -82,54 +84,127 @@ add_single_perm(){
82 84
 
83 85
 }
84 86
 
85
-{{- range $perm := .Values.conf.perm }}
86
-add_perm {{ $perm.path | squote }} {{ $perm.owner | squote }} {{ $perm.group | squote }} {{ $perm.permissions | squote }}
87
+revert_perm(){
88
+# Revert
89
+  prev_files="$(find "${backup_path}" -type f ! -name last_run_timestamp)"
90
+  if [ -n "${prev_files}" ]; then
91
+    basename -a ${prev_files} | sort > /tmp/prev_perm
92
+    echo "${applied_perm}" | sort > /tmp/curr_perm
93
+    log.DEBUG /tmp/prev_perm
94
+    log.DEBUG /tmp/curr_perm
95
+    revert_list="$(comm -23 /tmp/prev_perm /tmp/curr_perm)"
96
+    IFS=$'\n'
97
+    for o_perm in ${revert_list}; do
98
+      first=1
99
+      while IFS=' ' read -r a1 a2; do
100
+        if [ "$first" -eq 1 ]; then
101
+          $(chmod $a1 $a2)
102
+          first=0
103
+        else
104
+          $(chown $a1 $a2)
105
+        fi
106
+      done < "${backup_path}/${o_perm}"
107
+
108
+      rm "${backup_path}/${o_perm}"
109
+      log.INFO "Reverted permissions and owner: ${backup_path}/${o_perm}"
110
+    done
111
+  fi
112
+}
113
+
114
+{{- $_ := set $.Values "__rerun_policy" "always" }}
115
+{{- if hasKey .Values.conf "perm" }}
116
+{{- if hasKey .Values.conf.perm "rerun_policy" }}
117
+  {{- if and (not (eq .Values.conf.perm.rerun_policy "always")) (not (eq .Values.conf.perm.rerun_policy "never")) (not (eq .Values.conf.perm.rerun_policy "once_successfully")) }}
118
+    {{- fail (print "BAD 'rerun_policy' Got '" .Values.conf.perm.rerun_policy "', but expected 'always', 'never', or 'once_successfully'.") }}
119
+  {{- end }}
120
+  {{- $_ := set $.Values "__rerun_policy" .Values.conf.perm.rerun_policy }}
87 121
 {{- end }}
88 122
 
89
-log.INFO "Applied: ${applied_perm}"
123
+{{- $_ := set $.Values "__rerun_interval" "infinite" }}
124
+{{- if hasKey .Values.conf.perm "rerun_interval" }}
125
+{{- $_ := set $.Values "__rerun_interval" .Values.conf.perm.rerun_interval }}
126
+
127
+  {{- if not (eq (.Values.conf.perm.rerun_interval | toString) "infinity") }}
128
+    {{- if lt (.Values.conf.perm.rerun_interval | int) $perm_loop_sleep_interval }}
129
+      {{- fail (print "BAD 'rerun_interval' Got '" $.Values.__rerun_interval "', but expected >= '" $perm_loop_sleep_interval "'.") }}
130
+    {{- end }}
131
+    {{- if not (eq $.Values.__rerun_policy "always") }}
132
+      {{- fail (print "BAD COMBINATION: Must use 'rerun_policy' of 'always' when defining a finite 'retry_interval'. Got 'rerun_policy' of '" $.Values.__rerun_policy "' and 'retry_interval' of '" $.Values.__rerun_interval "'.") }}
133
+    {{- end }}
134
+  {{- end }}
135
+  {{- $_ := set $.Values "__rerun_interval" .Values.conf.perm.rerun_interval }}
136
+{{- end }}
90 137
 
91
-# Revert
92
-prev_files="$(find "${backup_path}" -type f)"
93
-if [ -n "${prev_files}" ]; then
94
-  basename -a ${prev_files} | sort > /tmp/prev_perm
95
-  echo "${applied_perm}" | sort > /tmp/curr_perm
96
-  log.DEBUG /tmp/prev_perm
97
-  log.DEBUG /tmp/curr_perm
98
-  revert_list="$(comm -23 /tmp/prev_perm /tmp/curr_perm)"
99
-  IFS=$'\n'
100
-  for o_perm in ${revert_list}; do
101
-    first=1
102
-    while IFS=' ' read -r a1 a2; do
103
-      if [ "$first" -eq 1 ]; then
104
-        $(chmod $a1 $a2)
105
-        first=0
106
-      else
107
-        $(chown $a1 $a2)
108
-      fi
109
-    done < "${backup_path}/${o_perm}"
110
-
111
-    rm "${backup_path}/${o_perm}"
112
-    log.INFO "Reverted permissions and owner: ${backup_path}/${o_perm}"
113
-  done
138
+{{- if hasKey .Values.conf.perm "rerun_policy" }}
139
+      {{- if and (not (eq $.Values.__rerun_policy "always")) (not (eq $.Values.__rerun_policy "never")) (not (eq $.Values.__rerun_policy "once_successfully")) }}
140
+        {{- fail (print "BAD 'rerun_policy' : Got '" $.Values.__rerun_policy "', but expected 'always', 'never', or 'once_successfully'.") }}
141
+      {{- end }}
142
+{{- end }}
143
+
144
+cd "${backup_path}"
145
+
146
+{{- $_ := set $.Values "__values_hash" list }}
147
+{{- $hash := $.Values.__values_hash | toString | sha256sum }}
148
+
149
+hash={{ $hash | squote }}
150
+if [ ! -d "${hash}" ]; then
151
+  mkdir -p "${hash}"
152
+fi
153
+
154
+# check rerun policy
155
+hash_check=fail
156
+if  [[ {{ $.Values.__rerun_policy }} = always ]] || \
157
+    [[ ! -f ${hash}/exit_code ]] || \
158
+   ([[ {{ $.Values.__rerun_policy }} = once_successfully ]] && \
159
+    [[ $(cat ${hash}/exit_code) != 0 ]]); then
160
+  hash_check=pass
161
+fi
162
+# check rerun interval
163
+interval_check=fail
164
+if  [[ ! -f ${hash}/last_run_timestamp ]] || [[ ! -f ${hash}/exit_code ]]; then
165
+  interval_check=pass
166
+elif [[ $(cat ${hash}/exit_code) = 0 ]]; then
167
+  if [[ {{ $.Values.__rerun_interval }} = infinite ]]; then
168
+    interval_check=pass
169
+  elif [[ $(date +"%s") -ge $(($(cat ${hash}/last_run_timestamp) + {{ $.Values.__rerun_interval }})) ]]; then
170
+    interval_check=pass
171
+  fi
114 172
 fi
173
+if [[ $hash_check = pass ]] && [[ $interval_check = pass ]]; then
174
+  if [[ -f ${hash}/exit_code ]]; then
175
+    # remove previous run record, in case this run is interrupted
176
+    rm ${hash}/exit_code
177
+  fi
178
+ # write timestamp at beginning of execution
179
+ log.INFO 'All permissions successfully applied on this node.'
180
+ echo $(date +"%s") > "${hash}/last_run_timestamp"
181
+
182
+ {{- range $perm := .Values.conf.perm.paths }}
183
+ add_perm {{ $perm.path | squote }} {{ $perm.owner | squote }} {{ $perm.group | squote }} {{ $perm.permissions | squote }}
184
+ {{- end }}
185
+ log.INFO "Applied: ${applied_perm}"
115 186
 
116
-if [ -n "${curr_settings}" ]; then
187
+ revert_perm
188
+
189
+ if [ -n "${curr_settings}" ]; then
117 190
   log.INFO 'All permissions successfully applied on this node.'
118
-else
191
+ else
119 192
   log.WARN 'No permissions overrides defined for this node.'
193
+ fi
120 194
 fi
121 195
 
196
+echo 0 > "${hash}/exit_code"
122 197
 exit 0
198
+{{- end}}
123 199
 EOF
124 200
 
125 201
 chmod 755 {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
126
-chroot {{ .Values.conf.chroot_mnt_path | quote }} /tmp/perm_host.sh
127
-
128
-sleep 1
129
-echo 'INFO Putting the daemon to sleep.'
130 202
 
131
-while [ 1 ]; do
132
-  sleep 300
203
+while true; do
204
+  chroot {{ .Values.conf.chroot_mnt_path | quote }} /tmp/perm_host.sh
205
+  sleep 2
206
+  echo 'INFO Putting the daemon to sleep.'
207
+  sleep {{ $perm_loop_sleep_interval }}
133 208
 done
134 209
 
135 210
 exit 0

+ 4
- 0
divingbell/values.yaml View File

@@ -32,6 +32,10 @@ conf:
32 32
     - nis
33 33
     - ntpdate
34 34
 #  perm:
35
+#    rerun_policy: always
36
+#    86400 = 1 day
37
+#    rerun_interval: 86400
38
+#    paths:
35 39
 #    -
36 40
 #      path: '/boot/System.map-*'
37 41
 #      owner: 'root'

+ 45
- 0
tools/gate/scripts/020-test-divingbell.sh View File

@@ -435,6 +435,7 @@ test_perm(){
435 435
   local overrides_yaml=${LOGS_SUBDIR}/${FUNCNAME}.yaml
436 436
   echo "conf:
437 437
   perm:
438
+    paths:
438 439
     -
439 440
       path: ${p_test_file1}
440 441
       owner: 'root'
@@ -452,6 +453,7 @@ test_perm(){
452 453
   echo "[SUCCESS] Positive test for perm passed successfully" >> "${TEST_RESULTS}"
453 454
   echo "conf:
454 455
   perm:
456
+    paths:
455 457
     -
456 458
       path: ${p_test_file1}
457 459
       owner: 'root'
@@ -462,6 +464,49 @@ test_perm(){
462 464
   _test_perm_value ${p_test_file1} root shadow 640
463 465
   _test_perm_value ${p_test_file2} ${p_test_file2##*.} ${p_test_file2##*.} 777
464 466
   echo "[SUCCESS] Backup test for perm passed successfully" >> "${TEST_RESULTS}"
467
+  # Test invalid rerun_interval (too short)
468
+  echo "conf:
469
+  perm:
470
+    rerun_interval: 30
471
+    paths:
472
+    -
473
+      path: ${p_test_file1}
474
+      owner: 'root'
475
+      group: 'shadow'
476
+      permissions: '0640'" > "${overrides_yaml}"
477
+  install_base "--values=${overrides_yaml}" 2>&1 | grep 'BAD .rerun_interval. Got' || \
478
+    (echo "[FAIL] perm test invalid rerun_interval value did not receive expected 'BAD .rerun_interval. Got' error" && exit 1)
479
+  echo '[SUCCESS] perm test invalid rerun_interval passed successfully' >> "${TEST_RESULTS}"
480
+  # Test invalid rerun_interval combination
481
+  echo "conf:
482
+  perm:
483
+    rerun_interval: 60
484
+    rerun_policy: once_successfully
485
+    paths:
486
+    -
487
+      path: ${p_test_file1}
488
+      owner: 'root'
489
+      group: 'shadow'
490
+      permissions: '0640'" > "${overrides_yaml}"
491
+  install_base "--values=${overrides_yaml}" 2>&1 | grep 'BAD COMBINATION' || \
492
+    (echo "[FAIL] perm invalid rerun_interval combination did not receive expected 'BAD COMBINATION' error" && exit 1)
493
+  echo '[SUCCESS] perm invalid rerun_interval combination passed successfully' >> "${TEST_RESULTS}"
494
+  # test rerun_interval
495
+  echo "conf:
496
+  perm:
497
+    rerun_interval: 60
498
+    paths:
499
+    -
500
+      path: ${p_test_file1}
501
+      owner: 'root'
502
+      group: 'shadow'
503
+      permissions: '0640'" > "${overrides_yaml}"
504
+  install_base "--values=${overrides_yaml}"
505
+  get_container_status perm
506
+  sleep 72
507
+  get_container_status perm
508
+  _test_perm_value ${p_test_file1} root shadow 640
509
+  echo '[SUCCESS] perm rerun_interval passed successfully' >> "${TEST_RESULTS}"
465 510
   _perm_teardown
466 511
 }
467 512
 

Loading…
Cancel
Save