From f19f6b6bf637a56e1b84d4e9441e93a993e54c77 Mon Sep 17 00:00:00 2001
From: Michal Arbet <michal.arbet@ultimum.io>
Date: Fri, 31 Jan 2025 12:48:45 +0100
Subject: [PATCH] Fix permissions for ironic metrics
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This patch adds creation of metrics folder, set
permissions  and  SetGID bit.

Closes-Bug: #2097098
Signed-off-by: Serhat Rıfat Demircan <demircan.serhat@gmail.com>
Change-Id: Ic46b895775edf5e5fb2b637be49e2de1eb4adf36
(cherry picked from commit ed7c8399c4a2a43e9a4165db416b98f5be8d538c)
---
 docker/ironic/ironic-base/Dockerfile.j2   |  2 +-
 docker/ironic/ironic-base/extend_start.sh | 10 ++++++++++
 docker/ironic/ironic-base/ironic_sudoers  |  3 +++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2
index 4b4681b673..3ae0484e0e 100644
--- a/docker/ironic/ironic-base/Dockerfile.j2
+++ b/docker/ironic/ironic-base/Dockerfile.j2
@@ -7,7 +7,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% import "macros.j2" as macros with context %}
 
-{{ macros.configure_user(name='ironic') }}
+{{ macros.configure_user(name='ironic', shell='/bin/bash') }}
 
 ADD ironic-base-archive /ironic-base-source
 ADD ironic_sudoers /etc/sudoers.d/kolla_ironic_sudoers
diff --git a/docker/ironic/ironic-base/extend_start.sh b/docker/ironic/ironic-base/extend_start.sh
index e3b1d4e2dc..dc6b05caaf 100644
--- a/docker/ironic/ironic-base/extend_start.sh
+++ b/docker/ironic/ironic-base/extend_start.sh
@@ -1,12 +1,22 @@
 #!/bin/bash
 
 LOG_PATH=/var/log/kolla/ironic
+METRICS_PATH=/var/lib/ironic-metrics
 
 if [[ ! -d "${LOG_PATH}" ]]; then
     mkdir -p "${LOG_PATH}"
 fi
+if [[ ! -d "${METRICS_PATH}" ]]; then
+    sudo mkdir -p "${METRICS_PATH}"
+fi
 if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then
     chmod 755 "${LOG_PATH}"
 fi
+if [[ $(stat -c %U:%G "${METRICS_PATH}") != "ironic:ironic" ]]; then
+    sudo chown ironic:ironic "${METRICS_PATH}"
+fi
+if [[ $(stat -c %a "${METRICS_PATH}") != "2775" ]]; then
+    sudo chmod 2775 "${METRICS_PATH}"
+fi
 
 . /usr/local/bin/kolla_ironic_extend_start
diff --git a/docker/ironic/ironic-base/ironic_sudoers b/docker/ironic/ironic-base/ironic_sudoers
index 3e7c843f39..1a3f32e1af 100644
--- a/docker/ironic/ironic-base/ironic_sudoers
+++ b/docker/ironic/ironic-base/ironic_sudoers
@@ -1 +1,4 @@
 ironic ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *
+ironic ALL = (root) NOPASSWD: /bin/mkdir -p /var/lib/ironic-metrics, /usr/bin/mkdir -p /var/lib/ironic-metrics
+ironic ALL = (root) NOPASSWD: /bin/chown ironic\:ironic /var/lib/ironic-metrics, /usr/bin/chown ironic\:ironic /var/lib/ironic-metrics
+ironic ALL = (root) NOPASSWD: /bin/chmod 2755 /var/lib/ironic-metrics, /usr/bin/chmod 2775 /var/lib/ironic-metrics