MAAS

debian/maas-agent.dirs (+0/-1)
debian/maas-agent.postinst (+1/-3)
debian/maas-common.dirs (+0/-1)
debian/maas-dhcp.apparmor (+5/-5)
debian/maas-dhcp.maas-dhcpd.service (+2/-2)
debian/maas-dhcp.maas-dhcpd6.service (+2/-2)
debian/maas-dhcp.postinst (+0/-1)
debian/maas-dhcp.postrm (+1/-1)
debian/maas-proxy.dirs (+0/-1)
debian/maas-rack-controller.maas-rackd.service (+1/-0)
src/maasagent/cmd/maas-agent/main.go (+3/-3)
src/maasagent/cmd/maas-agent/main_test.go (+3/-3)
src/maasagent/internal/httpproxy/service.go (+1/-1)

Related bugs:

Bug #2056222: Failed configuring DHCP on rack controller	High	Fix Committed
Bug #2056225: configure-agent failed (httpproxy)	High	Fix Committed

Link a bug report

Reviewer	Review Type	Date Requested	Status
Jacopo Rota		2024-03-18	Approve on 2024-03-18
Review via email: mp+462578@code.launchpad.net

Commit message

fix: /run/maas should be owned by maas

`/run` is usually a tmpfs mount, and it is not persistent across reboots, so
`/run/maas` should not be created using .dirs, .install or .postinst scripts.

MAAS has various services that store their directories and files under
`/run/maas`, but because some services are run as root (e.g. dhcp), this leads
to ownership issues when `mkdir -p` is used (e.g. DHCP will create
`/run/maas/dhcp`)

In order to solve ownership issue, this commit changes DHCP service directory
to `/run/maas-dhcp` while keeping `/run/maas` only for files related to MAAS
itself (not external 3rd party services)

Resolves LP:2056222
Resolves LP:2056225

(cherry picked from commit 3b58876f7dbf6d4b563a36a16282a51876c28255)

Revision history for this message

Jacopo Rota (r00ta) wrote on 2024-03-18:

approving backport

review: Approve

Revision history for this message

MAAS Lander (maas-lander) wrote on 2024-03-18:

LANDING
-b backport-3b58876-3.5 lp:~troyanov/maas/+git/maas into -b 3.5 lp:~maas-committers/maas

STATUS: FAILED BUILD
LOG: http://maas-ci.internal:8080/job/maas-tester/4991/console

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Anton Troyanov

MAAS Committers

Matvej Jurbin

Shane Holloman

1	diff --git a/debian/maas-agent.dirs b/debian/maas-agent.dirs
2	index c49d29d..deaaafe 100644
3	--- a/debian/maas-agent.dirs
4	+++ b/debian/maas-agent.dirs
5	@@ -1,2 +1 @@
6	-run/maas/agent
7	var/cache/maas
8	diff --git a/debian/maas-agent.postinst b/debian/maas-agent.postinst
9	index a57b8a6..a2d9a1b 100755
10	--- a/debian/maas-agent.postinst
11	+++ b/debian/maas-agent.postinst
12	@@ -2,19 +2,17 @@
13	set -e
14
15	cachedir=/var/cache/maas
16	-agent_rundir=/run/maas/agent
17
18	ensure_dir() {
19	target_dir="$1"
20	if [ ! -d "$target_dir" ]; then
21	- install -d -o maas -g maas -m 0755 "$target_dir"
22	+ install -d -o maas -g maas -m 0755 "$target_dir"
23	fi
24	chown maas:maas "$target_dir"
25	}
26
27	if [ "$1" = "configure" ]; then
28	ensure_dir $cachedir
29	- ensure_dir $agent_rundir
30	fi
31
32	#DEBHELPER#
33	diff --git a/debian/maas-common.dirs b/debian/maas-common.dirs
34	index 90daa6c..9249b9e 100644
35	--- a/debian/maas-common.dirs
36	+++ b/debian/maas-common.dirs
37	@@ -1,4 +1,3 @@
38	-run/maas
39	var/lib/maas
40	var/lib/maas/http
41	var/lib/maas/prometheus
42	diff --git a/debian/maas-dhcp.apparmor b/debian/maas-dhcp.apparmor
43	index b38c05b..0ea5f17 100644
44	--- a/debian/maas-dhcp.apparmor
45	+++ b/debian/maas-dhcp.apparmor
46	@@ -1,8 +1,8 @@
47	-/run/maas/dhcp/ r,
48	-/run/maas/dhcp/** r,
49	-/run/maas/dhcp/*.pid lrw,
50	-/run/maas/dhcp/*.trace lrw,
51	-/run/maas/dhcp/.leases lrw,
52	+/run/maas-dhcp/ r,
53	+/run/maas-dhcp/** r,
54	+/run/maas-dhcp/*.pid lrw,
55	+/run/maas-dhcp/*.trace lrw,
56	+/run/maas-dhcp/.leases lrw,
57	/var/lib/maas/dhcp/dhcpd.leases lrw,
58	/var/lib/maas/dhcpd.conf r,
59	/var/lib/maas/dhcpd6.conf r,
60	diff --git a/debian/maas-dhcp.maas-dhcpd.service b/debian/maas-dhcp.maas-dhcpd.service
61	index f3cd864..1ceb790 100644
62	--- a/debian/maas-dhcp.maas-dhcpd.service
63	+++ b/debian/maas-dhcp.maas-dhcpd.service
64	@@ -5,13 +5,13 @@ Wants=network-online.target
65	After=network-online.target
66	After=time-sync.target
67	BindsTo=maas-rackd.service
68	-ConditionPathExists=/run/maas/dhcp
69	ConditionPathExists=/var/lib/maas/dhcpd.conf
70	ConditionPathExists=/var/lib/maas/dhcpd-interfaces
71
72	[Service]
73	# Allow dhcp server to write lease and pid file as 'dhcpd' user
74	# The leases files need to be root:dhcpd even when dropping privileges
75	+ExecStartPre=/bin/mkdir -p /run/maas-dhcp
76	ExecStart=/bin/sh -ec '\
77	INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \
78	LEASES_FILE=/var/lib/maas/dhcp/dhcpd.leases; \
79	@@ -19,7 +19,7 @@ ExecStart=/bin/sh -ec '\
80	/usr/sbin/maas-dhcp-helper clean $LEASES_FILE; \
81	chown root:dhcpd /var/lib/maas/dhcp $LEASES_FILE; \
82	chmod 775 /var/lib/maas/dhcp ; chmod 664 $LEASES_FILE; \
83	- exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid \
84	+ exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas-dhcp/dhcpd.pid \
85	-cf /var/lib/maas/dhcpd.conf -lf $LEASES_FILE $INTERFACES'
86	# Require dhcpd stop in 8 seconds, if not kill it with 'mixed' mode.
87	TimeoutStopSec=8
88	diff --git a/debian/maas-dhcp.maas-dhcpd6.service b/debian/maas-dhcp.maas-dhcpd6.service
89	index 9fc55df..a6d8232 100644
90	--- a/debian/maas-dhcp.maas-dhcpd6.service
91	+++ b/debian/maas-dhcp.maas-dhcpd6.service
92	@@ -5,13 +5,13 @@ Wants=network-online.target
93	After=network-online.target
94	After=time-sync.target
95	BindsTo=maas-rackd.service
96	-ConditionPathExists=/run/maas/dhcpd
97	ConditionPathExists=/var/lib/maas/dhcpd6.conf
98	ConditionPathExists=/var/lib/maas/dhcpd6-interfaces
99
100	[Service]
101	# Allow dhcp server to write lease and pid file as 'dhcpd' user
102	# The leases files need to be root:dhcpd even when dropping privileges
103	+ExecStartPre=/bin/mkdir -p /run/maas-dhcp
104	ExecStart=/bin/sh -ec '\
105	INTERFACES=$(cat /var/lib/maas/dhcpd6-interfaces); \
106	LEASES_FILE=/var/lib/maas/dhcp/dhcpd6.leases; \
107	@@ -19,7 +19,7 @@ ExecStart=/bin/sh -ec '\
108	/usr/sbin/maas-dhcp-helper clean $LEASES_FILE; \
109	chown root:dhcpd /var/lib/maas/dhcp $LEASES_FILE; \
110	chmod 775 /var/lib/maas/dhcp ; chmod 664 $LEASES_FILE; \
111	- exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/maas/dhcp/dhcpd6.pid \
112	+ exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/maas-dhcp/dhcpd6.pid \
113	-cf /var/lib/maas/dhcpd6.conf -lf $LEASES_FILE $INTERFACES'
114	# Require dhcpd stop in 8 seconds, if not kill it with 'mixed' mode.
115	TimeoutStopSec=8
116	diff --git a/debian/maas-dhcp.postinst b/debian/maas-dhcp.postinst
117	index c1aaf89..b65d543 100755
118	--- a/debian/maas-dhcp.postinst
119	+++ b/debian/maas-dhcp.postinst
120	@@ -19,7 +19,6 @@ then
121
122	# Ensure ownership is correct
123	install -d -o root -g dhcpd /var/lib/maas/dhcp
124	- install -d -o root -g root /run/maas/dhcp
125	fi
126
127	#DEBHELPER#
128	diff --git a/debian/maas-dhcp.postrm b/debian/maas-dhcp.postrm
129	index a485c73..c9294e7 100644
130	--- a/debian/maas-dhcp.postrm
131	+++ b/debian/maas-dhcp.postrm
132	@@ -10,7 +10,7 @@ if [ "$1" = "remove" ] \|\| [ "$1" = "purge" ]; then
133	fi
134	if [ "$1" = "purge" ]; then
135	rm -rf /var/lib/maas/dhcp
136	- rm -rf /run/maas/dhcp
137	+ rm -rf /run/maas-dhcp
138	fi
139	fi
140
141	diff --git a/debian/maas-proxy.dirs b/debian/maas-proxy.dirs
142	index 131c793..173c64b 100644
143	--- a/debian/maas-proxy.dirs
144	+++ b/debian/maas-proxy.dirs
145	@@ -1,3 +1,2 @@
146	var/log/maas/proxy
147	var/lib/maas
148	-run/maas/proxy
149	diff --git a/debian/maas-rack-controller.maas-rackd.service b/debian/maas-rack-controller.maas-rackd.service
150	index fede8ae..6b4a27f 100644
151	--- a/debian/maas-rack-controller.maas-rackd.service
152	+++ b/debian/maas-rack-controller.maas-rackd.service
153	@@ -16,6 +16,7 @@ Environment="prometheus_multiproc_dir=/var/lib/maas/prometheus"
154	# Prevent maas-dhcpd and maas-dhcpd6 from starting until maas-rackd
155	# has regenerated the configurations and told the services to start.
156	ExecStartPre=/bin/rm -f /var/lib/maas/dhcpd.sock /var/lib/maas/dhcpd.conf /var/lib/maas/dhcpd6.conf
157	+ExecStartPre=/bin/mkdir -p /run/maas
158	ExecStart=/usr/sbin/rackd
159
160	[Install]
161	diff --git a/src/maasagent/cmd/maas-agent/main.go b/src/maasagent/cmd/maas-agent/main.go
162	index 4063f97..d2b6490 100644
163	--- a/src/maasagent/cmd/maas-agent/main.go
164	+++ b/src/maasagent/cmd/maas-agent/main.go
165	@@ -115,7 +115,7 @@ func Run() int {
166	}
167
168	powerService := power.NewPowerService(cfg.SystemID, &workerPool)
169	- httpProxyService := httpproxy.NewHTTPProxyService(getSocketDir(), cache)
170	+ httpProxyService := httpproxy.NewHTTPProxyService(getRunDir(), cache)
171
172	workerPool = *worker.NewWorkerPool(cfg.SystemID, temporalClient,
173	worker.WithMainWorkerTaskQueueSuffix("agent:main"),
174	@@ -217,14 +217,14 @@ func getConfig() (*config, error) {
175	return cfg, nil
176	}
177
178	-func getSocketDir() string {
179	+func getRunDir() string {
180	name := os.Getenv("SNAP_INSTANCE_NAME")
181
182	if name != "" {
183	return fmt.Sprintf("/run/snap.%s", name)
184	}
185
186	- return "/run/maas/agent"
187	+ return "/run/maas"
188	}
189
190	func main() {
191	diff --git a/src/maasagent/cmd/maas-agent/main_test.go b/src/maasagent/cmd/maas-agent/main_test.go
192	index ded0256..505b348 100644
193	--- a/src/maasagent/cmd/maas-agent/main_test.go
194	+++ b/src/maasagent/cmd/maas-agent/main_test.go
195	@@ -6,7 +6,7 @@ import (
196	"github.com/stretchr/testify/assert"
197	)
198
199	-func TestGetSocketDir(t *testing.T) {
200	+func TestGetRunDir(t *testing.T) {
201	testcases := map[string]struct {
202	in func(t *testing.T)
203	out string
204	@@ -20,7 +20,7 @@ func TestGetSocketDir(t *testing.T) {
205	"deb": {
206	in: func(t *testing.T) {
207	t.Setenv("SNAP_INSTANCE_NAME", "")
208	- }, out: "/run/maas/agent",
209	+ }, out: "/run/maas",
210	},
211	}
212
213	@@ -29,7 +29,7 @@ func TestGetSocketDir(t *testing.T) {
214
215	t.Run(name, func(t *testing.T) {
216	tc.in(t)
217	- res := getSocketDir()
218	+ res := getRunDir()
219	assert.Equal(t, tc.out, res)
220	})
221	}
222	diff --git a/src/maasagent/internal/httpproxy/service.go b/src/maasagent/internal/httpproxy/service.go
223	index 8aea014..913b6d2 100644
224	--- a/src/maasagent/internal/httpproxy/service.go
225	+++ b/src/maasagent/internal/httpproxy/service.go
226	@@ -133,7 +133,7 @@ func (s *HTTPProxyService) Configure(ctx tworkflow.Context, systemID string) err
227	}
228
229	// XXX: While httpproxy-service service is consumed through socket via NGINX
230	- // there is nothing bad about not setting the timeout on the listener/server/
231	+ // there is nothing bad about not setting the timeout on the listener/server
232
233	//nolint:gosec // this is okay in the current situation
234	go func() { s.fatal <- http.Serve(s.listener, s.proxy) }()

MAAS

Merge ~troyanov/maas:backport-3b58876-3.5 into maas:3.5

Commit message

Description of the change

Preview Diff

Subscribers