Set cert-mon temp dir location to /var/run/cert-mon_tmp

Redirect the k8s python client's use of /tmp to /var/run/cert-mon_tmp
via setting TMPDIR

This is a known issue of kubernetes python client:
https://github.com/kubernetes-client/python/issues/765

The fix is the same as for
https://bugs.launchpad.net/starlingx/+bug/1883599
See commit message there for more details.

Related-Bug: 1883599
Closes-Bug: 1936435

Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
Change-Id: I0e163bd1b4d5a19f07267dd4cd14bad1b8cb20bb

sysinv/cert-mon/files/cert-mon

@@ -32,6 +32,7 @@ OCF_RESKEY_config_default="/etc/sysinv/cert-mon.conf"
 : ${OCF_RESKEY_client_binary=${OCF_RESKEY_client_binary_default}}
 
 mydaemon="/usr/bin/${OCF_RESKEY_binary}"
+TMP_DIR=/var/run/cert-mon_tmp
 
 #######################################################################
 
@@ -110,6 +111,22 @@ END
    return ${OCF_SUCCESS}
 }
 
+cert_mon_tmpdir() {
+    local rc
+
+    if [ ! -d "$TMP_DIR" ]; then
+        mkdir -p "$TMP_DIR"
+        rc=$?
+        if [ $rc -ne 0 ]; then
+            ocf_log err "Certificate Monitor Service (${OCF_RESKEY_binary}) failed to create temp dir (rc=${rc})"
+            return "${OCF_ERR_GENERIC}"
+        fi
+        chown "${OCF_RESKEY_user_default}:${OCF_RESKEY_user_default}" "$TMP_DIR"
+    fi
+    export TMPDIR="$TMP_DIR"
+    return "${OCF_SUCCESS}"
+}
+
 cert_mon_validate() {
 
     local rc
@@ -329,6 +346,10 @@ esac
 # Anything except meta-data and help must pass validation
 cert_mon_validate || exit $?
 
+# Set up tmpfiles directory to avoid temp files being
+# cleaned up by systemd tmpfiles clean service.
+cert_mon_tmpdir || exit $?
+
 if [ ${OCF_RESKEY_dbg} = "true" ] ; then
     ocf_log info "${binname}:${__OCF_ACTION} action"
 fi