kolla-ansible/docker/base/set_configs.py
Jeffrey Zhang 4c207bc039 Fix rabbitmq upgrade permission issue
During the upgrade from Mitaka to Newton, the uid/gid may change for the
same image. Especially on Ubuntu, we moved to Ubuntu Xenial in Newton
and it added systemd related user which break all the uid/gid during an
upgrade. It will the permissions in all docker named volumes.

This fix extends set_config.py to set the proper permission during
container start. This is super light then add commands in
extend_start.sh file  or add ansible tasks.

This patch just fixes rabbitmq case. Other services will be fixed in
following patches.

Partial-Bug: #1631503
Change-Id: Ib17027b97abbc9bf4e3cd503601b8010325b5c5b
2016-10-13 01:19:05 +08:00

310 lines
9.6 KiB
Python

#!/usr/bin/env python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
import glob
import grp
import json
import logging
import os
import pwd
import shutil
import sys
# TODO(rhallisey): add docstring.
logging.basicConfig()
LOG = logging.getLogger(__name__)
LOG.setLevel(logging.INFO)
def validate_config(config):
config_files_required_keys = {'source', 'dest', 'owner', 'perm'}
permissions_required_keys = {'path', 'owner'}
if 'command' not in config:
LOG.error('Config is missing required "command" key')
sys.exit(1)
# Validate config sections
for data in config.get('config_files', list()):
# Verify required keys exist.
if not data.viewkeys() >= config_files_required_keys:
LOG.error("Config is missing required keys: %s", data)
sys.exit(1)
for data in config.get('permissions', list()):
if not data.viewkeys() >= permissions_required_keys:
LOG.error("Config is missing required keys: %s", data)
sys.exit(1)
def validate_source(data):
source = data.get('source')
# Only check existance if no wildcard found
if '*' not in source:
if not os.path.exists(source):
if data.get('optional'):
LOG.info("%s does not exist, but is not required", source)
return False
else:
LOG.error("The source to copy does not exist: %s", source)
sys.exit(1)
return True
def copy_files(data):
dest = data.get('dest')
source = data.get('source')
if os.path.exists(dest):
LOG.info("Removing existing destination: %s", dest)
if os.path.isdir(dest):
shutil.rmtree(dest)
else:
os.remove(dest)
if os.path.isdir(source):
source_path = source
dest_path = dest
else:
source_path = os.path.dirname(source)
dest_path = os.path.dirname(dest)
if not os.path.exists(dest_path):
LOG.info("Creating dest parent directory: %s", dest_path)
os.makedirs(dest_path)
if source != source_path:
# Source is file
for file in glob.glob(source):
LOG.info("Copying %s to %s", file, dest)
shutil.copy(file, dest)
else:
# Source is a directory
for src in os.listdir(source_path):
LOG.info("Copying %s to %s",
os.path.join(source_path, src), dest_path)
if os.path.isdir(os.path.join(source_path, src)):
shutil.copytree(os.path.join(source_path, src), dest_path)
else:
shutil.copy(os.path.join(source_path, src), dest_path)
def set_permissions(data):
def set_perms(file_, uid, guid, perm):
LOG.info("Setting permissions for %s", file_)
# Give config file proper perms.
try:
os.chown(file_, uid, gid)
os.chmod(file_, perm)
except OSError as e:
LOG.error("Error while setting permissions for %s: %r",
file_, repr(e))
sys.exit(1)
dest = data.get('dest')
owner = data.get('owner')
perm = int(data.get('perm'), 0)
# Check for user and group id in the environment.
try:
user = pwd.getpwnam(owner)
except KeyError:
LOG.error("The specified user does not exist: %s", owner)
sys.exit(1)
uid = user.pw_uid
gid = user.pw_gid
# Set permissions on the top level dir or file
set_perms(dest, uid, gid, perm)
if os.path.isdir(dest):
# Recursively set permissions
for root, dirs, files in os.walk(dest):
for dir_ in dirs:
set_perms(os.path.join(root, dir_), uid, gid, perm)
for file_ in files:
set_perms(os.path.join(root, file_), uid, gid, perm)
def load_config():
def load_from_env():
config_raw = os.environ.get("KOLLA_CONFIG")
if config_raw is None:
return None
# Attempt to read config
try:
return json.loads(config_raw)
except ValueError:
LOG.error('Invalid json for Kolla config')
sys.exit(1)
def load_from_file():
config_file = '/var/lib/kolla/config_files/config.json'
LOG.info("Loading config file at %s", config_file)
# Attempt to read config file
with open(config_file) as f:
try:
return json.load(f)
except ValueError:
LOG.error("Invalid json file found at %s", config_file)
sys.exit(1)
except IOError as e:
LOG.error("Could not read file %s: %r", config_file, e)
sys.exit(1)
config = load_from_env()
if config is None:
config = load_from_file()
LOG.info('Validating config file')
validate_config(config)
return config
def copy_config(config):
if 'config_files' in config:
LOG.info('Copying service configuration files')
for data in config['config_files']:
if validate_source(data):
copy_files(data)
set_permissions(data)
else:
LOG.debug('No files to copy found in config')
LOG.info('Writing out command to execute')
LOG.debug("Command is: %s", config['command'])
# The value from the 'command' key will be written to '/run_command'
with open('/run_command', 'w+') as f:
f.write(config['command'])
def handle_permissions(config):
for permission in config.get('permissions', list()):
path = permission.get('path')
owner = permission.get('owner')
recurse = permission.get('recurse', False)
if ':' in owner:
user, group = owner.split(':', 1)
if not group:
group = user
else:
user, group = owner, owner
uid = pwd.getpwnam(user).pw_uid
gid = grp.getgrnam(group).gr_gid
def set_perms(path, uid, gid):
LOG.info('Setting permission for %s', path)
os.chown(path, uid, gid)
for dest in glob.glob(path):
set_perms(dest, uid, gid)
if recurse and os.path.isdir(dest):
for root, dirs, files in os.walk(dest):
for dir_ in dirs:
set_perms(os.path.join(root, dir_), uid, gid)
for file_ in files:
set_perms(os.path.join(root, file_), uid, gid)
def execute_config_strategy():
config_strategy = os.environ.get("KOLLA_CONFIG_STRATEGY")
LOG.info("Kolla config strategy set to: %s", config_strategy)
config = load_config()
if config_strategy == "COPY_ALWAYS":
copy_config(config)
handle_permissions(config)
elif config_strategy == "COPY_ONCE":
if os.path.exists('/configured'):
LOG.info("The config strategy prevents copying new configs")
sys.exit(0)
else:
copy_config(config)
handle_permissions(config)
os.mknod('/configured')
else:
LOG.error('KOLLA_CONFIG_STRATEGY is not set properly')
sys.exit(1)
def execute_config_check():
config = load_config()
for config_file in config.get('config_files', {}):
source = config_file.get('source')
dest = config_file.get('dest')
perm = config_file.get('perm')
owner = config_file.get('owner')
optional = config_file.get('optional', False)
if not os.path.exists(dest):
if optional:
LOG.info('Dest file does not exist, but is optional: %s',
dest)
return
else:
LOG.error('Dest file does not exist and is: %s', dest)
sys.exit(1)
# check content
with open(source) as fp1, open(dest) as fp2:
if fp1.read() != fp2.read():
LOG.error('The content of source file(%s) and'
' dest file(%s) are not equal.', source, dest)
sys.exit(1)
# check perm
file_stat = os.stat(dest)
actual_perm = oct(file_stat.st_mode)[-4:]
if perm != actual_perm:
LOG.error('Dest file does not have expected perm: %s, actual: %s',
perm, actual_perm)
sys.exit(1)
# check owner
actual_user = pwd.getpwuid(file_stat.st_uid)
if actual_user.pw_name != owner:
LOG.error('Dest file does not have expected user: %s, actual: %s ',
owner, actual_user.pw_name)
sys.exit(1)
LOG.info('The config files are in the expected state')
def main():
parser = argparse.ArgumentParser()
parser.add_argument('--check',
action='store_true',
required=False,
help='Check whether the configs changed')
conf = parser.parse_args()
if conf.check:
execute_config_check()
else:
execute_config_strategy()
return 0
if __name__ == "__main__":
try:
exit_code = main()
except Exception:
exit_code = 1
LOG.exception('Unexpected error:')
finally:
sys.exit(exit_code)