Add rerun support for perm module
- Adds the ability to rerun divingbell-perm at specified interval. - Adds the ability to specify a rerun policy of 'always', 'never', 'once_successfully'. Default value is 'always'. Demo: https://asciinema.org/a/220289 Change-Id: I3909b4d92f8e2bdb0d826ca1cfbd62f937c2532d
This commit is contained in:
parent
606cf35bda
commit
f4c8228ff6
@ -16,6 +16,8 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- $perm_loop_sleep_interval := 60 }}
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
cat <<'EOF' > {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
|
cat <<'EOF' > {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
|
||||||
@ -82,54 +84,127 @@ add_single_perm(){
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
{{- range $perm := .Values.conf.perm }}
|
revert_perm(){
|
||||||
add_perm {{ $perm.path | squote }} {{ $perm.owner | squote }} {{ $perm.group | squote }} {{ $perm.permissions | squote }}
|
# Revert
|
||||||
|
prev_files="$(find "${backup_path}" -type f ! -name last_run_timestamp)"
|
||||||
|
if [ -n "${prev_files}" ]; then
|
||||||
|
basename -a ${prev_files} | sort > /tmp/prev_perm
|
||||||
|
echo "${applied_perm}" | sort > /tmp/curr_perm
|
||||||
|
log.DEBUG /tmp/prev_perm
|
||||||
|
log.DEBUG /tmp/curr_perm
|
||||||
|
revert_list="$(comm -23 /tmp/prev_perm /tmp/curr_perm)"
|
||||||
|
IFS=$'\n'
|
||||||
|
for o_perm in ${revert_list}; do
|
||||||
|
first=1
|
||||||
|
while IFS=' ' read -r a1 a2; do
|
||||||
|
if [ "$first" -eq 1 ]; then
|
||||||
|
$(chmod $a1 $a2)
|
||||||
|
first=0
|
||||||
|
else
|
||||||
|
$(chown $a1 $a2)
|
||||||
|
fi
|
||||||
|
done < "${backup_path}/${o_perm}"
|
||||||
|
|
||||||
|
rm "${backup_path}/${o_perm}"
|
||||||
|
log.INFO "Reverted permissions and owner: ${backup_path}/${o_perm}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
{{- $_ := set $.Values "__rerun_policy" "always" }}
|
||||||
|
{{- if hasKey .Values.conf "perm" }}
|
||||||
|
{{- if hasKey .Values.conf.perm "rerun_policy" }}
|
||||||
|
{{- if and (not (eq .Values.conf.perm.rerun_policy "always")) (not (eq .Values.conf.perm.rerun_policy "never")) (not (eq .Values.conf.perm.rerun_policy "once_successfully")) }}
|
||||||
|
{{- fail (print "BAD 'rerun_policy' Got '" .Values.conf.perm.rerun_policy "', but expected 'always', 'never', or 'once_successfully'.") }}
|
||||||
|
{{- end }}
|
||||||
|
{{- $_ := set $.Values "__rerun_policy" .Values.conf.perm.rerun_policy }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
log.INFO "Applied: ${applied_perm}"
|
{{- $_ := set $.Values "__rerun_interval" "infinite" }}
|
||||||
|
{{- if hasKey .Values.conf.perm "rerun_interval" }}
|
||||||
|
{{- $_ := set $.Values "__rerun_interval" .Values.conf.perm.rerun_interval }}
|
||||||
|
|
||||||
# Revert
|
{{- if not (eq (.Values.conf.perm.rerun_interval | toString) "infinity") }}
|
||||||
prev_files="$(find "${backup_path}" -type f)"
|
{{- if lt (.Values.conf.perm.rerun_interval | int) $perm_loop_sleep_interval }}
|
||||||
if [ -n "${prev_files}" ]; then
|
{{- fail (print "BAD 'rerun_interval' Got '" $.Values.__rerun_interval "', but expected >= '" $perm_loop_sleep_interval "'.") }}
|
||||||
basename -a ${prev_files} | sort > /tmp/prev_perm
|
{{- end }}
|
||||||
echo "${applied_perm}" | sort > /tmp/curr_perm
|
{{- if not (eq $.Values.__rerun_policy "always") }}
|
||||||
log.DEBUG /tmp/prev_perm
|
{{- fail (print "BAD COMBINATION: Must use 'rerun_policy' of 'always' when defining a finite 'retry_interval'. Got 'rerun_policy' of '" $.Values.__rerun_policy "' and 'retry_interval' of '" $.Values.__rerun_interval "'.") }}
|
||||||
log.DEBUG /tmp/curr_perm
|
{{- end }}
|
||||||
revert_list="$(comm -23 /tmp/prev_perm /tmp/curr_perm)"
|
{{- end }}
|
||||||
IFS=$'\n'
|
{{- $_ := set $.Values "__rerun_interval" .Values.conf.perm.rerun_interval }}
|
||||||
for o_perm in ${revert_list}; do
|
{{- end }}
|
||||||
first=1
|
|
||||||
while IFS=' ' read -r a1 a2; do
|
|
||||||
if [ "$first" -eq 1 ]; then
|
|
||||||
$(chmod $a1 $a2)
|
|
||||||
first=0
|
|
||||||
else
|
|
||||||
$(chown $a1 $a2)
|
|
||||||
fi
|
|
||||||
done < "${backup_path}/${o_perm}"
|
|
||||||
|
|
||||||
rm "${backup_path}/${o_perm}"
|
{{- if hasKey .Values.conf.perm "rerun_policy" }}
|
||||||
log.INFO "Reverted permissions and owner: ${backup_path}/${o_perm}"
|
{{- if and (not (eq $.Values.__rerun_policy "always")) (not (eq $.Values.__rerun_policy "never")) (not (eq $.Values.__rerun_policy "once_successfully")) }}
|
||||||
done
|
{{- fail (print "BAD 'rerun_policy' : Got '" $.Values.__rerun_policy "', but expected 'always', 'never', or 'once_successfully'.") }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
cd "${backup_path}"
|
||||||
|
|
||||||
|
{{- $_ := set $.Values "__values_hash" list }}
|
||||||
|
{{- $hash := $.Values.__values_hash | toString | sha256sum }}
|
||||||
|
|
||||||
|
hash={{ $hash | squote }}
|
||||||
|
if [ ! -d "${hash}" ]; then
|
||||||
|
mkdir -p "${hash}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${curr_settings}" ]; then
|
# check rerun policy
|
||||||
|
hash_check=fail
|
||||||
|
if [[ {{ $.Values.__rerun_policy }} = always ]] || \
|
||||||
|
[[ ! -f ${hash}/exit_code ]] || \
|
||||||
|
([[ {{ $.Values.__rerun_policy }} = once_successfully ]] && \
|
||||||
|
[[ $(cat ${hash}/exit_code) != 0 ]]); then
|
||||||
|
hash_check=pass
|
||||||
|
fi
|
||||||
|
# check rerun interval
|
||||||
|
interval_check=fail
|
||||||
|
if [[ ! -f ${hash}/last_run_timestamp ]] || [[ ! -f ${hash}/exit_code ]]; then
|
||||||
|
interval_check=pass
|
||||||
|
elif [[ $(cat ${hash}/exit_code) = 0 ]]; then
|
||||||
|
if [[ {{ $.Values.__rerun_interval }} = infinite ]]; then
|
||||||
|
interval_check=pass
|
||||||
|
elif [[ $(date +"%s") -ge $(($(cat ${hash}/last_run_timestamp) + {{ $.Values.__rerun_interval }})) ]]; then
|
||||||
|
interval_check=pass
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [[ $hash_check = pass ]] && [[ $interval_check = pass ]]; then
|
||||||
|
if [[ -f ${hash}/exit_code ]]; then
|
||||||
|
# remove previous run record, in case this run is interrupted
|
||||||
|
rm ${hash}/exit_code
|
||||||
|
fi
|
||||||
|
# write timestamp at beginning of execution
|
||||||
|
log.INFO 'All permissions successfully applied on this node.'
|
||||||
|
echo $(date +"%s") > "${hash}/last_run_timestamp"
|
||||||
|
|
||||||
|
{{- range $perm := .Values.conf.perm.paths }}
|
||||||
|
add_perm {{ $perm.path | squote }} {{ $perm.owner | squote }} {{ $perm.group | squote }} {{ $perm.permissions | squote }}
|
||||||
|
{{- end }}
|
||||||
|
log.INFO "Applied: ${applied_perm}"
|
||||||
|
|
||||||
|
revert_perm
|
||||||
|
|
||||||
|
if [ -n "${curr_settings}" ]; then
|
||||||
log.INFO 'All permissions successfully applied on this node.'
|
log.INFO 'All permissions successfully applied on this node.'
|
||||||
else
|
else
|
||||||
log.WARN 'No permissions overrides defined for this node.'
|
log.WARN 'No permissions overrides defined for this node.'
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo 0 > "${hash}/exit_code"
|
||||||
exit 0
|
exit 0
|
||||||
|
{{- end}}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
chmod 755 {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
|
chmod 755 {{ .Values.conf.chroot_mnt_path | quote }}/tmp/perm_host.sh
|
||||||
chroot {{ .Values.conf.chroot_mnt_path | quote }} /tmp/perm_host.sh
|
|
||||||
|
|
||||||
sleep 1
|
while true; do
|
||||||
echo 'INFO Putting the daemon to sleep.'
|
chroot {{ .Values.conf.chroot_mnt_path | quote }} /tmp/perm_host.sh
|
||||||
|
sleep 2
|
||||||
while [ 1 ]; do
|
echo 'INFO Putting the daemon to sleep.'
|
||||||
sleep 300
|
sleep {{ $perm_loop_sleep_interval }}
|
||||||
done
|
done
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -32,6 +32,10 @@ conf:
|
|||||||
- nis
|
- nis
|
||||||
- ntpdate
|
- ntpdate
|
||||||
# perm:
|
# perm:
|
||||||
|
# rerun_policy: always
|
||||||
|
# 86400 = 1 day
|
||||||
|
# rerun_interval: 86400
|
||||||
|
# paths:
|
||||||
# -
|
# -
|
||||||
# path: '/boot/System.map-*'
|
# path: '/boot/System.map-*'
|
||||||
# owner: 'root'
|
# owner: 'root'
|
||||||
|
@ -435,6 +435,7 @@ test_perm(){
|
|||||||
local overrides_yaml=${LOGS_SUBDIR}/${FUNCNAME}.yaml
|
local overrides_yaml=${LOGS_SUBDIR}/${FUNCNAME}.yaml
|
||||||
echo "conf:
|
echo "conf:
|
||||||
perm:
|
perm:
|
||||||
|
paths:
|
||||||
-
|
-
|
||||||
path: ${p_test_file1}
|
path: ${p_test_file1}
|
||||||
owner: 'root'
|
owner: 'root'
|
||||||
@ -452,6 +453,7 @@ test_perm(){
|
|||||||
echo "[SUCCESS] Positive test for perm passed successfully" >> "${TEST_RESULTS}"
|
echo "[SUCCESS] Positive test for perm passed successfully" >> "${TEST_RESULTS}"
|
||||||
echo "conf:
|
echo "conf:
|
||||||
perm:
|
perm:
|
||||||
|
paths:
|
||||||
-
|
-
|
||||||
path: ${p_test_file1}
|
path: ${p_test_file1}
|
||||||
owner: 'root'
|
owner: 'root'
|
||||||
@ -462,6 +464,49 @@ test_perm(){
|
|||||||
_test_perm_value ${p_test_file1} root shadow 640
|
_test_perm_value ${p_test_file1} root shadow 640
|
||||||
_test_perm_value ${p_test_file2} ${p_test_file2##*.} ${p_test_file2##*.} 777
|
_test_perm_value ${p_test_file2} ${p_test_file2##*.} ${p_test_file2##*.} 777
|
||||||
echo "[SUCCESS] Backup test for perm passed successfully" >> "${TEST_RESULTS}"
|
echo "[SUCCESS] Backup test for perm passed successfully" >> "${TEST_RESULTS}"
|
||||||
|
# Test invalid rerun_interval (too short)
|
||||||
|
echo "conf:
|
||||||
|
perm:
|
||||||
|
rerun_interval: 30
|
||||||
|
paths:
|
||||||
|
-
|
||||||
|
path: ${p_test_file1}
|
||||||
|
owner: 'root'
|
||||||
|
group: 'shadow'
|
||||||
|
permissions: '0640'" > "${overrides_yaml}"
|
||||||
|
install_base "--values=${overrides_yaml}" 2>&1 | grep 'BAD .rerun_interval. Got' || \
|
||||||
|
(echo "[FAIL] perm test invalid rerun_interval value did not receive expected 'BAD .rerun_interval. Got' error" && exit 1)
|
||||||
|
echo '[SUCCESS] perm test invalid rerun_interval passed successfully' >> "${TEST_RESULTS}"
|
||||||
|
# Test invalid rerun_interval combination
|
||||||
|
echo "conf:
|
||||||
|
perm:
|
||||||
|
rerun_interval: 60
|
||||||
|
rerun_policy: once_successfully
|
||||||
|
paths:
|
||||||
|
-
|
||||||
|
path: ${p_test_file1}
|
||||||
|
owner: 'root'
|
||||||
|
group: 'shadow'
|
||||||
|
permissions: '0640'" > "${overrides_yaml}"
|
||||||
|
install_base "--values=${overrides_yaml}" 2>&1 | grep 'BAD COMBINATION' || \
|
||||||
|
(echo "[FAIL] perm invalid rerun_interval combination did not receive expected 'BAD COMBINATION' error" && exit 1)
|
||||||
|
echo '[SUCCESS] perm invalid rerun_interval combination passed successfully' >> "${TEST_RESULTS}"
|
||||||
|
# test rerun_interval
|
||||||
|
echo "conf:
|
||||||
|
perm:
|
||||||
|
rerun_interval: 60
|
||||||
|
paths:
|
||||||
|
-
|
||||||
|
path: ${p_test_file1}
|
||||||
|
owner: 'root'
|
||||||
|
group: 'shadow'
|
||||||
|
permissions: '0640'" > "${overrides_yaml}"
|
||||||
|
install_base "--values=${overrides_yaml}"
|
||||||
|
get_container_status perm
|
||||||
|
sleep 72
|
||||||
|
get_container_status perm
|
||||||
|
_test_perm_value ${p_test_file1} root shadow 640
|
||||||
|
echo '[SUCCESS] perm rerun_interval passed successfully' >> "${TEST_RESULTS}"
|
||||||
_perm_teardown
|
_perm_teardown
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user