TCIB: Add cinder-volume extend_start.sh script

Add an extend_start.sh script for the cinder-volume service that
recursively chowns /var/lib/cinder to cinder:kolla. This ensures
cinder has permission to access the directory, especially in
situations where the directory may be owned by root.

Just like kolla itself did prior to tripleo's switch to TCIB, the
recursive chown is conditional on whether the top level /var/lib/cinder
directory isn't already owned by cinder:kolla. This is done so the
chown is only run once, which prevents slow service startups when the
directory contains a large number of entries.

Note: There was an initial fear that a recursive chown could traverse
onto any NFS share mounted by cinder. However, the extend_start.sh
script runs on container startup, prior to when cinder would create
any mounts. Even restarting the cinder-volume container is safe,
because NFS shares are automatically unmounted during the container
restart.

Closes-Bug: #1908750
Change-Id: I2d82c1ca86735d2a8d69b3e28e8cea7acd637f0b
This commit is contained in:
Alan Bishop 2021-01-06 20:02:48 -08:00
parent 8e57c59eb5
commit 1b45bb8838
3 changed files with 10 additions and 1 deletions

View File

@ -0,0 +1 @@
%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /var/lib/cinder

View File

@ -0,0 +1,5 @@
#!/bin/bash
if [[ $(stat -c %U:%G /var/lib/cinder) != "cinder:kolla" ]]; then
sudo chown -R cinder:kolla /var/lib/cinder
fi

View File

@ -1,7 +1,10 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /etc/libqb
- copy: /usr/share/tripleo-common/container-images/kolla/cinder-volume/extend_start.sh /usr/local/bin/kolla_extend_start
- copy: /usr/share/tripleo-common/container-images/kolla/cinder-volume/cinder-volume-sudoers /etc/sudoers.d/cinder-volume-sudoers
- run: chmod 755 /usr/local/bin/kolla_extend_start && chmod 440 /etc/sudoers.d/cinder-volume-sudoers && mkdir -p /etc/libqb
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-volume /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/cinder-volume/*'', wantlist=True) }}'
tcib_packages:
common:
- libqb