openstack
/
tripleo-common
Code Issues Proposed changes

TCIB: Add cinder-volume extend_start.sh script 

Add an extend_start.sh script for the cinder-volume service that
recursively chowns /var/lib/cinder to cinder:kolla. This ensures
cinder has permission to access the directory, especially in
situations where the directory may be owned by root.

Just like kolla itself did prior to tripleo's switch to TCIB, the
recursive chown is conditional on whether the top level /var/lib/cinder
directory isn't already owned by cinder:kolla. This is done so the
chown is only run once, which prevents slow service startups when the
directory contains a large number of entries.

Note: There was an initial fear that a recursive chown could traverse
onto any NFS share mounted by cinder. However, the extend_start.sh
script runs on container startup, prior to when cinder would create
any mounts. Even restarting the cinder-volume container is safe,
because NFS shares are automatically unmounted during the container
restart.

Closes-Bug: #1908750
Change-Id: I2d82c1ca86735d2a8d69b3e28e8cea7acd637f0b
(cherry picked from commit 1b45bb8838)
(cherry picked from commit 5668f23975)
This commit is contained in:
Alan Bishop 2021-01-06 20:02:48 -08:00 committed by yatin
parent 460b0d5764
commit ae31ba5e04
3 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
container-images/kolla/cinder-volume/cinder-volume-sudoers Normal file
View File

@ -0,0 +1 @@
%kolla ALL=(root) NOPASSWD: /bin/chown -R cinder\:kolla /var/lib/cinder

5
container-images/kolla/cinder-volume/extend_start.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
if [[ $(stat -c %U:%G /var/lib/cinder) != "cinder:kolla" ]]; then
sudo chown -R cinder:kolla /var/lib/cinder
fi

5
container-images/tcib/base/os/cinder-base/cinder-volume/cinder-volume.yaml
View File

@ -1,7 +1,10 @@
tcib_actions:
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /etc/libqb
- copy: /usr/share/tripleo-common/container-images/kolla/cinder-volume/extend_start.sh /usr/local/bin/kolla_extend_start
- copy: /usr/share/tripleo-common/container-images/kolla/cinder-volume/cinder-volume-sudoers /etc/sudoers.d/cinder-volume-sudoers
- run: chmod 755 /usr/local/bin/kolla_extend_start && chmod 440 /etc/sudoers.d/cinder-volume-sudoers && mkdir -p /etc/libqb
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/cinder-volume /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/cinder-volume/*'', wantlist=True) }}'
tcib_packages:
common:
- libqb