hw-health-charm

Merge ~guoqiao/charm-hw-health:LP1906991-chown-output-files into charm-hw-health:master

  1. Git
  2. lp:~guoqiao/charm-hw-health
  3. LP1906991-chown-output-files
  4. Merge into master
Proposed by Joe Guo
Status: Merged
Approved by: Xav Paice
Approved revision: ce6379579280bf1845f9b03effd741038fa9fec6
Merged at revision: ce6379579280bf1845f9b03effd741038fa9fec6
Proposed branch: ~guoqiao/charm-hw-health:LP1906991-chown-output-files
Merge into: charm-hw-health:master
Diff against target: 57 lines (+25/-0)
1 file modified
src/lib/hwhealth/tools.py (+25/-0)
Reviewer Review Type Date Requested Status
Xav Paice (community) Approve
Linda Guo (community) Approve
Review via email: mp+397952@code.launchpad.net

Commit message

ensure cron output dir and files are owned by nagios user

Before, nrpe-server and cron jobs are run by root, so legacy output dir and files are
owned by root. Now the user has changed to nagios, which will get permission errors
while writing to legacy dir and files owned by root.

This patch try to ensure the permission is correct.

LP: #1906991

To post a comment you must log in.
Revision history for this message
Joe Guo (guoqiao) wrote :

NOTE:

This patch is only trying to fix current bug with minimal changes.

There is suggestion to create a subdir for each tool, so we can manage files and permissions in an easier way. e.g.:

/var/lib/nagios/ipmi/ipmi_sensors.out
/var/lib/nagios/ipmi/ipmi_exclude

I will submit another patch for that, after this one if merged.

Revision history for this message
Linda Guo (lihuiguo) wrote :

LGTM

review: Approve
Revision history for this message
Xav Paice (xavpaice) wrote :

Just a small query, I've not run this through tests as yet.

Revision history for this message
Joe Guo (guoqiao) wrote :

hi xav:

Yes, CRONJOB_OUTPUT_DIR is '/var/lib/nagios' and you are right, nrpe charm should chown it, which I already did in another patch.

I added this line just because in testing, I noticed if I don't do so, test will fail. So I add it for safe, just in case nrpe charm is not upgraded yet.

I can remove this line, so this patch will rely on nrpe charm to be upgraded first.

Revision history for this message
Joe Guo (guoqiao) wrote :

Hi Xav:

I removed that line and added a comment there.
New review appreciated.

Revision history for this message
Xav Paice (xavpaice) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/lib/hwhealth/tools.py b/src/lib/hwhealth/tools.py
2index a3a92fa..2ac85c9 100644
3--- a/src/lib/hwhealth/tools.py
4+++ b/src/lib/hwhealth/tools.py
5@@ -195,6 +195,17 @@ class Tool:
6
7 return series in cls.SUPPORTED_SERIES
8
9+ def chown(self, path, user="nagios", group="nagios"):
10+ if os.path.exists(path):
11+ shutil.chown(path, user=user, group=group)
12+
13+ def get_output_files(self):
14+ """Which output files this check tool will generate.
15+
16+ Override in each subclass of Tool.
17+ """
18+ return []
19+
20 def _install_cronjob(self, cron_user="root"):
21 assert self._cron_script is not None
22
23@@ -238,6 +249,12 @@ class Tool:
24 crond_fd.write(cronjob_line)
25 hookenv.log("Cronjob configured at {}".format(crond_file), hookenv.DEBUG)
26
27+ # ensure for cron output files are owned by nagios
28+ # NOTE: to write xxx.out.tmp file, dir CRONJOB_OUTPUT_DIR must also be owned
29+ # by nagios, which should already be done in nrpe charm.
30+ for filepath in self.get_output_files():
31+ self.chown(filepath)
32+
33 return dst
34
35 def _remove_cronjob(self):
36@@ -643,6 +660,8 @@ class Ipmi(Tool):
37 actual nrpe check, which is imported as a git submodule
38 """
39
40+ # must match cron_ipmi_sensors.py and check_ipmi.py
41+ OUTPUT_FILE = "/var/lib/nagios/ipmi_sensors.out"
42 EXCLUDE_FILE = "/var/lib/nagios/ipmi_exclude"
43
44 def __init__(self, nrpe_opts=""):
45@@ -652,6 +671,12 @@ class Ipmi(Tool):
46 super().__init__(cron_script="cron_ipmi_sensors.py", cron_script_args=options)
47 self._sudoer_file = "99-check_ipmi_sensor"
48
49+ def get_output_files(self):
50+ return [
51+ self.OUTPUT_FILE,
52+ self.EXCLUDE_FILE,
53+ ]
54+
55 def set_exclusions(self, cfg_exclude_lines):
56 try:
57 excluded_lns = yaml.safe_load(cfg_exclude_lines)

Subscribers

People subscribed via source and target branches

to all changes: