4c207bc039
During the upgrade from Mitaka to Newton, the uid/gid may change for the same image. Especially on Ubuntu, we moved to Ubuntu Xenial in Newton and it added systemd related user which break all the uid/gid during an upgrade. It will the permissions in all docker named volumes. This fix extends set_config.py to set the proper permission during container start. This is super light then add commands in extend_start.sh file or add ansible tasks. This patch just fixes rabbitmq case. Other services will be fixed in following patches. Partial-Bug: #1631503 Change-Id: Ib17027b97abbc9bf4e3cd503601b8010325b5c5b
310 lines
9.6 KiB
Python
310 lines
9.6 KiB
Python
#!/usr/bin/env python
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import argparse
|
|
import glob
|
|
import grp
|
|
import json
|
|
import logging
|
|
import os
|
|
import pwd
|
|
import shutil
|
|
import sys
|
|
|
|
|
|
# TODO(rhallisey): add docstring.
|
|
logging.basicConfig()
|
|
LOG = logging.getLogger(__name__)
|
|
LOG.setLevel(logging.INFO)
|
|
|
|
|
|
def validate_config(config):
|
|
config_files_required_keys = {'source', 'dest', 'owner', 'perm'}
|
|
permissions_required_keys = {'path', 'owner'}
|
|
|
|
if 'command' not in config:
|
|
LOG.error('Config is missing required "command" key')
|
|
sys.exit(1)
|
|
|
|
# Validate config sections
|
|
for data in config.get('config_files', list()):
|
|
# Verify required keys exist.
|
|
if not data.viewkeys() >= config_files_required_keys:
|
|
LOG.error("Config is missing required keys: %s", data)
|
|
sys.exit(1)
|
|
for data in config.get('permissions', list()):
|
|
if not data.viewkeys() >= permissions_required_keys:
|
|
LOG.error("Config is missing required keys: %s", data)
|
|
sys.exit(1)
|
|
|
|
|
|
def validate_source(data):
|
|
source = data.get('source')
|
|
|
|
# Only check existance if no wildcard found
|
|
if '*' not in source:
|
|
if not os.path.exists(source):
|
|
if data.get('optional'):
|
|
LOG.info("%s does not exist, but is not required", source)
|
|
return False
|
|
else:
|
|
LOG.error("The source to copy does not exist: %s", source)
|
|
sys.exit(1)
|
|
|
|
return True
|
|
|
|
|
|
def copy_files(data):
|
|
dest = data.get('dest')
|
|
source = data.get('source')
|
|
|
|
if os.path.exists(dest):
|
|
LOG.info("Removing existing destination: %s", dest)
|
|
if os.path.isdir(dest):
|
|
shutil.rmtree(dest)
|
|
else:
|
|
os.remove(dest)
|
|
|
|
if os.path.isdir(source):
|
|
source_path = source
|
|
dest_path = dest
|
|
else:
|
|
source_path = os.path.dirname(source)
|
|
dest_path = os.path.dirname(dest)
|
|
|
|
if not os.path.exists(dest_path):
|
|
LOG.info("Creating dest parent directory: %s", dest_path)
|
|
os.makedirs(dest_path)
|
|
|
|
if source != source_path:
|
|
# Source is file
|
|
for file in glob.glob(source):
|
|
LOG.info("Copying %s to %s", file, dest)
|
|
shutil.copy(file, dest)
|
|
else:
|
|
# Source is a directory
|
|
for src in os.listdir(source_path):
|
|
LOG.info("Copying %s to %s",
|
|
os.path.join(source_path, src), dest_path)
|
|
|
|
if os.path.isdir(os.path.join(source_path, src)):
|
|
shutil.copytree(os.path.join(source_path, src), dest_path)
|
|
else:
|
|
shutil.copy(os.path.join(source_path, src), dest_path)
|
|
|
|
|
|
def set_permissions(data):
|
|
def set_perms(file_, uid, guid, perm):
|
|
LOG.info("Setting permissions for %s", file_)
|
|
# Give config file proper perms.
|
|
try:
|
|
os.chown(file_, uid, gid)
|
|
os.chmod(file_, perm)
|
|
except OSError as e:
|
|
LOG.error("Error while setting permissions for %s: %r",
|
|
file_, repr(e))
|
|
sys.exit(1)
|
|
|
|
dest = data.get('dest')
|
|
owner = data.get('owner')
|
|
perm = int(data.get('perm'), 0)
|
|
|
|
# Check for user and group id in the environment.
|
|
try:
|
|
user = pwd.getpwnam(owner)
|
|
except KeyError:
|
|
LOG.error("The specified user does not exist: %s", owner)
|
|
sys.exit(1)
|
|
|
|
uid = user.pw_uid
|
|
gid = user.pw_gid
|
|
|
|
# Set permissions on the top level dir or file
|
|
set_perms(dest, uid, gid, perm)
|
|
if os.path.isdir(dest):
|
|
# Recursively set permissions
|
|
for root, dirs, files in os.walk(dest):
|
|
for dir_ in dirs:
|
|
set_perms(os.path.join(root, dir_), uid, gid, perm)
|
|
for file_ in files:
|
|
set_perms(os.path.join(root, file_), uid, gid, perm)
|
|
|
|
|
|
def load_config():
|
|
def load_from_env():
|
|
config_raw = os.environ.get("KOLLA_CONFIG")
|
|
if config_raw is None:
|
|
return None
|
|
|
|
# Attempt to read config
|
|
try:
|
|
return json.loads(config_raw)
|
|
except ValueError:
|
|
LOG.error('Invalid json for Kolla config')
|
|
sys.exit(1)
|
|
|
|
def load_from_file():
|
|
config_file = '/var/lib/kolla/config_files/config.json'
|
|
LOG.info("Loading config file at %s", config_file)
|
|
|
|
# Attempt to read config file
|
|
with open(config_file) as f:
|
|
try:
|
|
return json.load(f)
|
|
except ValueError:
|
|
LOG.error("Invalid json file found at %s", config_file)
|
|
sys.exit(1)
|
|
except IOError as e:
|
|
LOG.error("Could not read file %s: %r", config_file, e)
|
|
sys.exit(1)
|
|
|
|
config = load_from_env()
|
|
if config is None:
|
|
config = load_from_file()
|
|
|
|
LOG.info('Validating config file')
|
|
validate_config(config)
|
|
return config
|
|
|
|
|
|
def copy_config(config):
|
|
if 'config_files' in config:
|
|
LOG.info('Copying service configuration files')
|
|
for data in config['config_files']:
|
|
if validate_source(data):
|
|
copy_files(data)
|
|
set_permissions(data)
|
|
else:
|
|
LOG.debug('No files to copy found in config')
|
|
|
|
LOG.info('Writing out command to execute')
|
|
LOG.debug("Command is: %s", config['command'])
|
|
# The value from the 'command' key will be written to '/run_command'
|
|
with open('/run_command', 'w+') as f:
|
|
f.write(config['command'])
|
|
|
|
|
|
def handle_permissions(config):
|
|
for permission in config.get('permissions', list()):
|
|
path = permission.get('path')
|
|
owner = permission.get('owner')
|
|
recurse = permission.get('recurse', False)
|
|
|
|
if ':' in owner:
|
|
user, group = owner.split(':', 1)
|
|
if not group:
|
|
group = user
|
|
else:
|
|
user, group = owner, owner
|
|
|
|
uid = pwd.getpwnam(user).pw_uid
|
|
gid = grp.getgrnam(group).gr_gid
|
|
|
|
def set_perms(path, uid, gid):
|
|
LOG.info('Setting permission for %s', path)
|
|
os.chown(path, uid, gid)
|
|
|
|
for dest in glob.glob(path):
|
|
set_perms(dest, uid, gid)
|
|
if recurse and os.path.isdir(dest):
|
|
for root, dirs, files in os.walk(dest):
|
|
for dir_ in dirs:
|
|
set_perms(os.path.join(root, dir_), uid, gid)
|
|
for file_ in files:
|
|
set_perms(os.path.join(root, file_), uid, gid)
|
|
|
|
|
|
def execute_config_strategy():
|
|
config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
|
|
LOG.info("Kolla config strategy set to: %s", config_strategy)
|
|
config = load_config()
|
|
|
|
if config_strategy == "COPY_ALWAYS":
|
|
copy_config(config)
|
|
handle_permissions(config)
|
|
elif config_strategy == "COPY_ONCE":
|
|
if os.path.exists('/configured'):
|
|
LOG.info("The config strategy prevents copying new configs")
|
|
sys.exit(0)
|
|
else:
|
|
copy_config(config)
|
|
handle_permissions(config)
|
|
os.mknod('/configured')
|
|
else:
|
|
LOG.error('KOLLA_CONFIG_STRATEGY is not set properly')
|
|
sys.exit(1)
|
|
|
|
|
|
def execute_config_check():
|
|
config = load_config()
|
|
for config_file in config.get('config_files', {}):
|
|
source = config_file.get('source')
|
|
dest = config_file.get('dest')
|
|
perm = config_file.get('perm')
|
|
owner = config_file.get('owner')
|
|
optional = config_file.get('optional', False)
|
|
if not os.path.exists(dest):
|
|
if optional:
|
|
LOG.info('Dest file does not exist, but is optional: %s',
|
|
dest)
|
|
return
|
|
else:
|
|
LOG.error('Dest file does not exist and is: %s', dest)
|
|
sys.exit(1)
|
|
# check content
|
|
with open(source) as fp1, open(dest) as fp2:
|
|
if fp1.read() != fp2.read():
|
|
LOG.error('The content of source file(%s) and'
|
|
' dest file(%s) are not equal.', source, dest)
|
|
sys.exit(1)
|
|
# check perm
|
|
file_stat = os.stat(dest)
|
|
actual_perm = oct(file_stat.st_mode)[-4:]
|
|
if perm != actual_perm:
|
|
LOG.error('Dest file does not have expected perm: %s, actual: %s',
|
|
perm, actual_perm)
|
|
sys.exit(1)
|
|
# check owner
|
|
actual_user = pwd.getpwuid(file_stat.st_uid)
|
|
if actual_user.pw_name != owner:
|
|
LOG.error('Dest file does not have expected user: %s, actual: %s ',
|
|
owner, actual_user.pw_name)
|
|
sys.exit(1)
|
|
LOG.info('The config files are in the expected state')
|
|
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument('--check',
|
|
action='store_true',
|
|
required=False,
|
|
help='Check whether the configs changed')
|
|
conf = parser.parse_args()
|
|
|
|
if conf.check:
|
|
execute_config_check()
|
|
else:
|
|
execute_config_strategy()
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
try:
|
|
exit_code = main()
|
|
except Exception:
|
|
exit_code = 1
|
|
LOG.exception('Unexpected error:')
|
|
finally:
|
|
sys.exit(exit_code)
|