starlingx/utilities
Code Issues Proposed changes

Fix permission errors adding report tool and collect.log for ldap users

Browse Source 
This update stops using sudo to create the target collect directory
in /scratch to avoid permission errors when trying to add content
without sudo. Doing so has the added benefit of leaving the collect
bundles and content with ownership that matches the username collect
was run from rather than root.

Notice bundle file permissions at all levels

Main Bundle:

-rw-r--r-- 1 ericmac  users /scratch/ALL_SUBCLOUDS_20240726.162635.tar

Untared Main Bundle:

[ericmac@controller-0 ALL_SUBCLOUDS_20240726.162635 ]$ ls -lrt

-rw-r--r-- 1 ericmac users subcloud2-wrcp-master_20240726.162635.tar
-rw-r--r-- 1 ericmac users subcloud1-wrcp-master_20240726.162635.tar
-rw-r--r-- 1 ericmac users collect.log
drwxr-xr-x 2 ericmac users subcloud2-wrcp-master_20240726.162635
drwxr-xr-x 2 ericmac users subcloud1-wrcp-master_20240726.162635

Untared Subcloud Bundle:

[ericmac@controller-0 subcloud1-wrcp-master_20240726.162635 ]$ ls -lrt

-rw-r--r-- 1 ericmac users controller-0_20240726.162635.tgz
-rw-r--r-- 1 ericmac users report_tool.tgz
-rw-r--r-- 1 ericmac users report_analysis.tgz
-rw-r--r-- 1 ericmac users collect.log

This update also adds /var/log/lastlog to the varlog.exclude file.
This 'lastlog' file is used to record the last login times for each
user. It is a sparse data file that can grow very large when WAD is
enabled. So large that collect is seen to fail due to out of space
error.

Test Plan: run each test case
 - with and without the --report option
 - using sysadmin username and user sccount created with ldapusersetup

PASS: Verify bundle file permissions at all levels
PASS: Verify /var/run/lastlog is excluded
PASS: Verify collect local
PASS: Verify collect remote
PASS: Verify collect from multiple subclouds, some with system nodes

Story: 2010533
Task: 50670
Change-Id: If7c01c2c9a32d37c72f6304a1d9381b9cc42e740
Signed-off-by: Eric MacDonald <eric.macdonald@windriver.com>
This commit is contained in:
Eric MacDonald 2024-07-26 18:07:21 +00:00
parent 4959808c73
commit abae526d8c
2 changed files with 5 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
tools/collector/debian-scripts/collect
View File

@ -1891,60 +1891,6 @@ EOF
return ${rc}
}
###########################################################################
#
# Name : create_collect_dir_local
#
# Purpose : Create the local dated collect dir where all
# the tarballs for this collect will get put.
# Then change the owner from root to the current username.
#
# Assumptions: Permissions are set to make it easy to copy
# tarballs from remote host into
#
# Parameters: $1 - the fill dir
#
###########################################################################
function create_collect_dir_local()
{
local dir=${1}
/usr/bin/expect ${expect_debug} << EOF > ${redirect} 2>&1
trap exit {SIGINT SIGTERM}
if { "${expect_debug}" != "" } { log_file ${EXPECT_LOG_FILE}_${UN}_${HOSTNAME}_${FUNCNAME[0]} }
log_user ${USER_LOG_MODE}
spawn bash -i
set timeout ${SUDO_TIMEOUT}
expect -re $
send "sudo mkdir -m 775 -p ${dir} ; cat ${cmd_done_file}\n"
expect {
"assword:" {
send "${pw}\r"
expect {
"${cmd_done_sig}" { exit ${PASS} }
"${pw_error}" { exit ${FAIL_PASSWORD} }
"${ac_error}" { exit ${FAIL_PERMISSION}}
timeout { exit ${FAIL_TIMEOUT_OPERATION} }
}
}
"${cmd_done_sig}" { exit ${PASS} }
"${ac_error}" { exit ${FAIL_PERMISSION}}
timeout { exit ${FAIL_TIMEOUT_PW} }
}
EOF
local rc=${?}
if [ ${rc} -ne ${PASS} ] ; then
report_error "failed to create_collect_dir_local for ${dir}" ${rc}
collect_exit ${rc}
fi
chown_file_or_dir_local $(whoami) ${dir}
return ${rc}
}
##########################################################################
#
# Name : remove_file_local
@ -2529,12 +2475,12 @@ function collect_host_complete_local()
# create the dir again just to handle the case where we are
# collecting on ourself and have removed the collect_dir
# directory in collect_host above.
create_collect_dir_local "${COLLECT_DIR}"
[ ! -d "${COLLECT_DIR}" ] && mkdir -p "${COLLECT_DIR}"
# move the tarball into the collect dir
# only applies to the local collect since the remote
# collect scp's it directly into the collect dir.
move_file_local "${COLLECT_BASE_DIR}/${tarname}.tgz" "${COLLECT_DIR}"
mv "${COLLECT_BASE_DIR}/${tarname}.tgz" "${COLLECT_DIR}"
rc=${?}
if [ ${rc} -eq ${PASS} ] ; then
log "collect ${COLLECT_BASE_DIR}/${tarname}.tgz succeeded"
@ -3008,7 +2954,7 @@ fi
#
############################################################################
create_collect_dir_local "${COLLECT_DIR}"
mkdir -p "${COLLECT_DIR}"
declare COLLECT_START_TIME=${SECONDS}
@ -3672,26 +3618,7 @@ fi
create_collect_log
echo -n "creating ${COLLECT_TYPE} tarball ${TARBALL_NAME} ... "
/usr/bin/expect ${expect_debug} << EOF > ${redirect} 2>&1
if { "${expect_debug}" != "" } { log_file ${EXPECT_LOG_FILE}_${UN}_${HOSTNAME}_create_tarball }
log_user ${USER_LOG_MODE}
spawn bash -i
expect -re $
set timeout ${CREATE_TARBALL_TIMEOUT}
send "(cd ${COLLECT_BASE_DIR} ; sudo ${IONICE_CMD} ${NICE_CMD} ${TAR_CMD_APPEND} ${TARBALL_NAME} --remove-files ${COLLECT_NAME}/* 2>>${COLLECT_ERROR_LOG} ; cat ${cmd_done_file})\n"
expect {
"assword:" {
send "${pw}\r"
expect {
"${cmd_done_sig}" { exit ${PASS} }
"${pw_error}" { exit ${FAIL_PASSWORD} }
"${ac_error}" { exit ${FAIL_PERMISSION} }
timeout { exit ${FAIL_TIMEOUT1} }
}
}
timeout { exit ${FAIL_TIMEOUT_PW}}
}
EOF
(cd ${COLLECT_BASE_DIR} ; ${IONICE_CMD} ${NICE_CMD} ${TAR_CMD_APPEND} ${TARBALL_NAME} --remove-files ${COLLECT_NAME}/* 2>>${COLLECT_ERROR_LOG} 1>/dev/null)
rc=${?}
if [ ${rc} -ne ${PASS} ] ; then
collect_errors ${HOSTNAME}

1
tools/collector/debian-scripts/varlog.exclude
View File

@ -1 +1,2 @@
/var/log/crash
/var/log/lastlog