[Engine-patches] Change in ovirt-engine[master]: packaging: engine-service: clean /var/tmp in upgrade and cle...

Sun, 07 Apr 2013 02:06:56 -0700 

Alon Bar-Lev has uploaded a new change for review.

Change subject: packaging: engine-service: clean /var/tmp in upgrade and cleanup
......................................................................

packaging: engine-service: clean /var/tmp in upgrade and cleanup

previous service implementation used mixed ownership of root/ovirt in
/var/tmp/ovirt-engine, /var/lib/ovirt-engine/deployments.

the /var/tmp/ovirt-engine was not cleared if daemon exited so likely to
remain.

new service implementation does not run under root account, so having
root owned resources is not healthy.

during upgrade setup correct setting, during setup remove leftovers, as
engine-cleanup not to be trusted as it does not actually revert to
initial state.

Change-Id: If0efa0b8a71673140490e2c363af7d3ba6044ffe
Signed-off-by: Alon Bar-Lev <[email protected]>
---
M packaging/fedora/setup/basedefs.py
M packaging/fedora/setup/engine-setup.py
M packaging/fedora/setup/engine-upgrade.py
M packaging/fedora/setup/output_messages.py
4 files changed, 27 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/63/13663/1

diff --git a/packaging/fedora/setup/basedefs.py 
b/packaging/fedora/setup/basedefs.py
index 2ee1c86..3a06635 100644
--- a/packaging/fedora/setup/basedefs.py
+++ b/packaging/fedora/setup/basedefs.py
@@ -47,6 +47,7 @@
 DIR_USR_SHARE="/usr/share"
 DIR_VAR_LOG="/var/log"
 DIR_VAR_LIB="/var/lib"
+DIR_VAR_TMP="/var/tmp"
 DIR_LOG="%s/ovirt-engine/" % DIR_VAR_LOG
 DIR_CONFIG="%s/ovirt-engine/conf" % DIR_USR_SHARE
 DIR_JBOSS_RESOURCES="%s/ovirt-engine/resources/jboss" % DIR_USR_SHARE
@@ -57,9 +58,11 @@
 DIR_ENGINE_EAR="%s/ovirt-engine/engine.ear" % DIR_USR_SHARE
 DIR_DB_SCRIPTS="%s/ovirt-engine/dbscripts/" % DIR_USR_SHARE
 DIR_DB_BACKUPS="%s/ovirt-engine/backups" % DIR_VAR_LIB
+DIR_DEPLOYMENTS="%s/ovirt-engine/deployments" % DIR_VAR_LIB
 DIR_ENGINE_CONFIG="%s/ovirt-engine/engine-config/" % DIR_USR_SHARE
 DIR_ENGINE_CONFIG_CONF="/etc/ovirt-engine/engine-config/"
 DIR_OVIRT_PKI="/etc/pki/ovirt-engine"
+DIR_ENGINE_TMP="%s/ovirt-engine" % DIR_VAR_TMP
 
 DIR_YUM_CACHE = "/var/cache/yum"
 DIR_PKGS_INSTALL = "/usr/share"
diff --git a/packaging/fedora/setup/engine-setup.py 
b/packaging/fedora/setup/engine-setup.py
index 8d23f6c..d3c3bc6 100755
--- a/packaging/fedora/setup/engine-setup.py
+++ b/packaging/fedora/setup/engine-setup.py
@@ -167,7 +167,7 @@
                         'steps'           : [ { 'title'     : 
output_messages.INFO_CFG_IPTABLES,
                                                 'functions' : 
[_configFirewall] },
                                               { 'title'     : 
output_messages.INFO_START_ENGINE,
-                                                'functions' : [_startEngine] } 
]
+                                                'functions' : 
[_setupVarPrivileges, _startEngine] } ]
                        },
                       { 'description'     : 'Handling httpd',
                         'condition'       : [utils.compareStrIgnoreCase, 
controller.CONF["OVERRIDE_HTTPD_CONFIG"], "yes"],
@@ -1749,7 +1749,15 @@
     srv.stop(False)
     srv.start(True)
 
-
+def _setupVarPrivileges():
+    # previous versions mixed root/ovirt
+    # ownership in these directories
+    shutil.rmtree(basedefs.DIR_ENGINE_TMP)
+    utils.execCmd(
+        cmdList=('chown', '-Rh', 'ovirt:ovirt', basedefs.DIR_DEPLOYMENTS),
+        failOnError=True,
+        msg=output_messages.ERR_FAILED_CHOWN,
+    )
 
 def _startEngine():
     logging.debug("using chkconfig to enable engine to load on system 
startup.")
diff --git a/packaging/fedora/setup/engine-upgrade.py 
b/packaging/fedora/setup/engine-upgrade.py
index 20e8878..2b29b6c 100755
--- a/packaging/fedora/setup/engine-upgrade.py
+++ b/packaging/fedora/setup/engine-upgrade.py
@@ -69,6 +69,7 @@
 MSG_ERROR_NEW_SETUP_AVAIL="\nError: New %s rpm available via yum.\n\
 Please execute `yum update %s`, then re-execute '%s'.\n\
 To use the current %s rpm, execute '%s --force-current-setup-rpm'." % 
(RPM_SETUP, RPM_SETUP, RPM_UPGRADE, RPM_SETUP, RPM_UPGRADE)
+MSG_ERROR_CANNOT_CHOWN = "Error: Cannot change ownership of directory"
 MSG_ERROR_BACKUP_DB = "Error: Database backup failed"
 MSG_ERROR_RESTORE_DB = "Error: Database restore failed"
 MSG_ERROR_DROP_DB = "Error: Database drop failed"
@@ -1050,6 +1051,17 @@
         shutil.rmtree(basedefs.DIR_ENGINE_SYSCONFIG)
 
 
+def setupVarPrivileges():
+    # previous versions mixed root/ovirt
+    # ownership in these directories
+    shutil.rmtree(basedefs.DIR_ENGINE_TMP)
+    utils.execCmd(
+        cmdList=('chown', '-Rh', 'ovirt:ovirt', basedefs.DIR_DEPLOYMENTS),
+        failOnError=True,
+        msg=MSG_ERROR_CANNOT_CHOWN,
+    )
+
+
 def main(options):
     # BEGIN: PROCESS-INITIALIZATION
     miniyumsink = utils.MiniYumSink()
@@ -1092,7 +1104,7 @@
     stopEngineService = [stopEngine]
     startEngineService = [startEngine]
     preupgradeFunc = [preupgradeUUIDCheck]
-    upgradeFunc = [rhyum.update, generateEngineConf]
+    upgradeFunc = [rhyum.update, generateEngineConf, setupVarPrivileges]
     postFunc = [modifyUUIDs, ca.commit, runPost, deleteEngineSysconfig]
     engineService = basedefs.ENGINE_SERVICE_NAME
     # define db connections services
diff --git a/packaging/fedora/setup/output_messages.py 
b/packaging/fedora/setup/output_messages.py
index e5a5ccd..6aaea4b 100644
--- a/packaging/fedora/setup/output_messages.py
+++ b/packaging/fedora/setup/output_messages.py
@@ -261,6 +261,7 @@
 ERR_FAILED_UPD_VDC_OPTIONS="Failed updating configuration parameter: %s"
 ERR_FAILED_GET_VDC_OPTIONS="Failed to retrieve configuration parameter: %s"
 #start_jboss
+ERR_FAILED_CHOWN="Failed to change ownership of files"
 ERR_FAILED_CHKCFG_JBOSS="Failed to configure JBoss service to start on boot"
 ERR_FAILED_STP_JBOSS_SERVICE="Failed stopping JBoss service"
 ERR_FAILED_START_JBOSS_SERVICE="Failed starting JBoss service"


--
To view, visit http://gerrit.ovirt.org/13663
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If0efa0b8a71673140490e2c363af7d3ba6044ffe
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to