MAAS

Merge ~troyanov/maas:backport-3b58876-3.5 into maas:3.5

  1. Git
  2. lp:~troyanov/maas
  3. backport-3b58876-3.5
  4. Merge into 3.5
Proposed by Anton Troyanov
Status: Merged
Approved by: Anton Troyanov
Approved revision: d350bce5f74735fd0dbe7822ad4a75b8571f8b4a
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~troyanov/maas:backport-3b58876-3.5
Merge into: maas:3.5
Diff against target: 234 lines (+19/-24)
13 files modified
debian/maas-agent.dirs (+0/-1)
debian/maas-agent.postinst (+1/-3)
debian/maas-common.dirs (+0/-1)
debian/maas-dhcp.apparmor (+5/-5)
debian/maas-dhcp.maas-dhcpd.service (+2/-2)
debian/maas-dhcp.maas-dhcpd6.service (+2/-2)
debian/maas-dhcp.postinst (+0/-1)
debian/maas-dhcp.postrm (+1/-1)
debian/maas-proxy.dirs (+0/-1)
debian/maas-rack-controller.maas-rackd.service (+1/-0)
src/maasagent/cmd/maas-agent/main.go (+3/-3)
src/maasagent/cmd/maas-agent/main_test.go (+3/-3)
src/maasagent/internal/httpproxy/service.go (+1/-1)
Reviewer Review Type Date Requested Status
Jacopo Rota Approve
Review via email: mp+462578@code.launchpad.net

Commit message

fix: /run/maas should be owned by maas

`/run` is usually a tmpfs mount, and it is not persistent across reboots, so
`/run/maas` should not be created using .dirs, .install or .postinst scripts.

MAAS has various services that store their directories and files under
`/run/maas`, but because some services are run as root (e.g. dhcp), this leads
to ownership issues when `mkdir -p` is used (e.g. DHCP will create
`/run/maas/dhcp`)

In order to solve ownership issue, this commit changes DHCP service directory
to `/run/maas-dhcp` while keeping `/run/maas` only for files related to MAAS
itself (not external 3rd party services)

Resolves LP:2056222
Resolves LP:2056225

(cherry picked from commit 3b58876f7dbf6d4b563a36a16282a51876c28255)

To post a comment you must log in.
Revision history for this message
Jacopo Rota (r00ta) wrote :

approving backport

review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

LANDING
-b backport-3b58876-3.5 lp:~troyanov/maas/+git/maas into -b 3.5 lp:~maas-committers/maas

STATUS: FAILED BUILD
LOG: http://maas-ci.internal:8080/job/maas-tester/4991/console

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/maas-agent.dirs b/debian/maas-agent.dirs
index c49d29d..deaaafe 100644
--- a/debian/maas-agent.dirs
+++ b/debian/maas-agent.dirs
@@ -1,2 +1 @@
1run/maas/agent
2var/cache/maas1var/cache/maas
diff --git a/debian/maas-agent.postinst b/debian/maas-agent.postinst
index a57b8a6..a2d9a1b 100755
--- a/debian/maas-agent.postinst
+++ b/debian/maas-agent.postinst
@@ -2,19 +2,17 @@
2set -e2set -e
33
4cachedir=/var/cache/maas4cachedir=/var/cache/maas
5agent_rundir=/run/maas/agent
65
7ensure_dir() {6ensure_dir() {
8 target_dir="$1"7 target_dir="$1"
9 if [ ! -d "$target_dir" ]; then8 if [ ! -d "$target_dir" ]; then
10 install -d -o maas -g maas -m 0755 "$target_dir"9 install -d -o maas -g maas -m 0755 "$target_dir"
11 fi10 fi
12 chown maas:maas "$target_dir"11 chown maas:maas "$target_dir"
13}12}
1413
15if [ "$1" = "configure" ]; then14if [ "$1" = "configure" ]; then
16 ensure_dir $cachedir15 ensure_dir $cachedir
17 ensure_dir $agent_rundir
18fi16fi
1917
20#DEBHELPER#18#DEBHELPER#
diff --git a/debian/maas-common.dirs b/debian/maas-common.dirs
index 90daa6c..9249b9e 100644
--- a/debian/maas-common.dirs
+++ b/debian/maas-common.dirs
@@ -1,4 +1,3 @@
1run/maas
2var/lib/maas1var/lib/maas
3var/lib/maas/http2var/lib/maas/http
4var/lib/maas/prometheus3var/lib/maas/prometheus
diff --git a/debian/maas-dhcp.apparmor b/debian/maas-dhcp.apparmor
index b38c05b..0ea5f17 100644
--- a/debian/maas-dhcp.apparmor
+++ b/debian/maas-dhcp.apparmor
@@ -1,8 +1,8 @@
1/run/maas/dhcp/ r,1/run/maas-dhcp/ r,
2/run/maas/dhcp/** r,2/run/maas-dhcp/** r,
3/run/maas/dhcp/*.pid lrw,3/run/maas-dhcp/*.pid lrw,
4/run/maas/dhcp/*.trace lrw,4/run/maas-dhcp/*.trace lrw,
5/run/maas/dhcp/*.leases* lrw,5/run/maas-dhcp/*.leases* lrw,
6/var/lib/maas/dhcp/dhcpd*.leases* lrw,6/var/lib/maas/dhcp/dhcpd*.leases* lrw,
7/var/lib/maas/dhcpd.conf r,7/var/lib/maas/dhcpd.conf r,
8/var/lib/maas/dhcpd6.conf r,8/var/lib/maas/dhcpd6.conf r,
diff --git a/debian/maas-dhcp.maas-dhcpd.service b/debian/maas-dhcp.maas-dhcpd.service
index f3cd864..1ceb790 100644
--- a/debian/maas-dhcp.maas-dhcpd.service
+++ b/debian/maas-dhcp.maas-dhcpd.service
@@ -5,13 +5,13 @@ Wants=network-online.target
5After=network-online.target5After=network-online.target
6After=time-sync.target6After=time-sync.target
7BindsTo=maas-rackd.service7BindsTo=maas-rackd.service
8ConditionPathExists=/run/maas/dhcp
9ConditionPathExists=/var/lib/maas/dhcpd.conf8ConditionPathExists=/var/lib/maas/dhcpd.conf
10ConditionPathExists=/var/lib/maas/dhcpd-interfaces9ConditionPathExists=/var/lib/maas/dhcpd-interfaces
1110
12[Service]11[Service]
13# Allow dhcp server to write lease and pid file as 'dhcpd' user12# Allow dhcp server to write lease and pid file as 'dhcpd' user
14# The leases files need to be root:dhcpd even when dropping privileges13# The leases files need to be root:dhcpd even when dropping privileges
14ExecStartPre=/bin/mkdir -p /run/maas-dhcp
15ExecStart=/bin/sh -ec '\15ExecStart=/bin/sh -ec '\
16 INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \16 INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \
17 LEASES_FILE=/var/lib/maas/dhcp/dhcpd.leases; \17 LEASES_FILE=/var/lib/maas/dhcp/dhcpd.leases; \
@@ -19,7 +19,7 @@ ExecStart=/bin/sh -ec '\
19 /usr/sbin/maas-dhcp-helper clean $LEASES_FILE; \19 /usr/sbin/maas-dhcp-helper clean $LEASES_FILE; \
20 chown root:dhcpd /var/lib/maas/dhcp $LEASES_FILE; \20 chown root:dhcpd /var/lib/maas/dhcp $LEASES_FILE; \
21 chmod 775 /var/lib/maas/dhcp ; chmod 664 $LEASES_FILE; \21 chmod 775 /var/lib/maas/dhcp ; chmod 664 $LEASES_FILE; \
22 exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid \22 exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas-dhcp/dhcpd.pid \
23 -cf /var/lib/maas/dhcpd.conf -lf $LEASES_FILE $INTERFACES'23 -cf /var/lib/maas/dhcpd.conf -lf $LEASES_FILE $INTERFACES'
24# Require dhcpd stop in 8 seconds, if not kill it with 'mixed' mode.24# Require dhcpd stop in 8 seconds, if not kill it with 'mixed' mode.
25TimeoutStopSec=825TimeoutStopSec=8
diff --git a/debian/maas-dhcp.maas-dhcpd6.service b/debian/maas-dhcp.maas-dhcpd6.service
index 9fc55df..a6d8232 100644
--- a/debian/maas-dhcp.maas-dhcpd6.service
+++ b/debian/maas-dhcp.maas-dhcpd6.service
@@ -5,13 +5,13 @@ Wants=network-online.target
5After=network-online.target5After=network-online.target
6After=time-sync.target6After=time-sync.target
7BindsTo=maas-rackd.service7BindsTo=maas-rackd.service
8ConditionPathExists=/run/maas/dhcpd
9ConditionPathExists=/var/lib/maas/dhcpd6.conf8ConditionPathExists=/var/lib/maas/dhcpd6.conf
10ConditionPathExists=/var/lib/maas/dhcpd6-interfaces9ConditionPathExists=/var/lib/maas/dhcpd6-interfaces
1110
12[Service]11[Service]
13# Allow dhcp server to write lease and pid file as 'dhcpd' user12# Allow dhcp server to write lease and pid file as 'dhcpd' user
14# The leases files need to be root:dhcpd even when dropping privileges13# The leases files need to be root:dhcpd even when dropping privileges
14ExecStartPre=/bin/mkdir -p /run/maas-dhcp
15ExecStart=/bin/sh -ec '\15ExecStart=/bin/sh -ec '\
16 INTERFACES=$(cat /var/lib/maas/dhcpd6-interfaces); \16 INTERFACES=$(cat /var/lib/maas/dhcpd6-interfaces); \
17 LEASES_FILE=/var/lib/maas/dhcp/dhcpd6.leases; \17 LEASES_FILE=/var/lib/maas/dhcp/dhcpd6.leases; \
@@ -19,7 +19,7 @@ ExecStart=/bin/sh -ec '\
19 /usr/sbin/maas-dhcp-helper clean $LEASES_FILE; \19 /usr/sbin/maas-dhcp-helper clean $LEASES_FILE; \
20 chown root:dhcpd /var/lib/maas/dhcp $LEASES_FILE; \20 chown root:dhcpd /var/lib/maas/dhcp $LEASES_FILE; \
21 chmod 775 /var/lib/maas/dhcp ; chmod 664 $LEASES_FILE; \21 chmod 775 /var/lib/maas/dhcp ; chmod 664 $LEASES_FILE; \
22 exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/maas/dhcp/dhcpd6.pid \22 exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/maas-dhcp/dhcpd6.pid \
23 -cf /var/lib/maas/dhcpd6.conf -lf $LEASES_FILE $INTERFACES'23 -cf /var/lib/maas/dhcpd6.conf -lf $LEASES_FILE $INTERFACES'
24# Require dhcpd stop in 8 seconds, if not kill it with 'mixed' mode.24# Require dhcpd stop in 8 seconds, if not kill it with 'mixed' mode.
25TimeoutStopSec=825TimeoutStopSec=8
diff --git a/debian/maas-dhcp.postinst b/debian/maas-dhcp.postinst
index c1aaf89..b65d543 100755
--- a/debian/maas-dhcp.postinst
+++ b/debian/maas-dhcp.postinst
@@ -19,7 +19,6 @@ then
1919
20 # Ensure ownership is correct20 # Ensure ownership is correct
21 install -d -o root -g dhcpd /var/lib/maas/dhcp21 install -d -o root -g dhcpd /var/lib/maas/dhcp
22 install -d -o root -g root /run/maas/dhcp
23fi22fi
2423
25#DEBHELPER#24#DEBHELPER#
diff --git a/debian/maas-dhcp.postrm b/debian/maas-dhcp.postrm
index a485c73..c9294e7 100644
--- a/debian/maas-dhcp.postrm
+++ b/debian/maas-dhcp.postrm
@@ -10,7 +10,7 @@ if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
10 fi10 fi
11 if [ "$1" = "purge" ]; then11 if [ "$1" = "purge" ]; then
12 rm -rf /var/lib/maas/dhcp12 rm -rf /var/lib/maas/dhcp
13 rm -rf /run/maas/dhcp13 rm -rf /run/maas-dhcp
14 fi14 fi
15fi15fi
1616
diff --git a/debian/maas-proxy.dirs b/debian/maas-proxy.dirs
index 131c793..173c64b 100644
--- a/debian/maas-proxy.dirs
+++ b/debian/maas-proxy.dirs
@@ -1,3 +1,2 @@
1var/log/maas/proxy1var/log/maas/proxy
2var/lib/maas2var/lib/maas
3run/maas/proxy
diff --git a/debian/maas-rack-controller.maas-rackd.service b/debian/maas-rack-controller.maas-rackd.service
index fede8ae..6b4a27f 100644
--- a/debian/maas-rack-controller.maas-rackd.service
+++ b/debian/maas-rack-controller.maas-rackd.service
@@ -16,6 +16,7 @@ Environment="prometheus_multiproc_dir=/var/lib/maas/prometheus"
16# Prevent maas-dhcpd and maas-dhcpd6 from starting until maas-rackd16# Prevent maas-dhcpd and maas-dhcpd6 from starting until maas-rackd
17# has regenerated the configurations and told the services to start.17# has regenerated the configurations and told the services to start.
18ExecStartPre=/bin/rm -f /var/lib/maas/dhcpd.sock /var/lib/maas/dhcpd.conf /var/lib/maas/dhcpd6.conf18ExecStartPre=/bin/rm -f /var/lib/maas/dhcpd.sock /var/lib/maas/dhcpd.conf /var/lib/maas/dhcpd6.conf
19ExecStartPre=/bin/mkdir -p /run/maas
19ExecStart=/usr/sbin/rackd20ExecStart=/usr/sbin/rackd
2021
21[Install]22[Install]
diff --git a/src/maasagent/cmd/maas-agent/main.go b/src/maasagent/cmd/maas-agent/main.go
index 4063f97..d2b6490 100644
--- a/src/maasagent/cmd/maas-agent/main.go
+++ b/src/maasagent/cmd/maas-agent/main.go
@@ -115,7 +115,7 @@ func Run() int {
115 }115 }
116116
117 powerService := power.NewPowerService(cfg.SystemID, &workerPool)117 powerService := power.NewPowerService(cfg.SystemID, &workerPool)
118 httpProxyService := httpproxy.NewHTTPProxyService(getSocketDir(), cache)118 httpProxyService := httpproxy.NewHTTPProxyService(getRunDir(), cache)
119119
120 workerPool = *worker.NewWorkerPool(cfg.SystemID, temporalClient,120 workerPool = *worker.NewWorkerPool(cfg.SystemID, temporalClient,
121 worker.WithMainWorkerTaskQueueSuffix("agent:main"),121 worker.WithMainWorkerTaskQueueSuffix("agent:main"),
@@ -217,14 +217,14 @@ func getConfig() (*config, error) {
217 return cfg, nil217 return cfg, nil
218}218}
219219
220func getSocketDir() string {220func getRunDir() string {
221 name := os.Getenv("SNAP_INSTANCE_NAME")221 name := os.Getenv("SNAP_INSTANCE_NAME")
222222
223 if name != "" {223 if name != "" {
224 return fmt.Sprintf("/run/snap.%s", name)224 return fmt.Sprintf("/run/snap.%s", name)
225 }225 }
226226
227 return "/run/maas/agent"227 return "/run/maas"
228}228}
229229
230func main() {230func main() {
diff --git a/src/maasagent/cmd/maas-agent/main_test.go b/src/maasagent/cmd/maas-agent/main_test.go
index ded0256..505b348 100644
--- a/src/maasagent/cmd/maas-agent/main_test.go
+++ b/src/maasagent/cmd/maas-agent/main_test.go
@@ -6,7 +6,7 @@ import (
6 "github.com/stretchr/testify/assert"6 "github.com/stretchr/testify/assert"
7)7)
88
9func TestGetSocketDir(t *testing.T) {9func TestGetRunDir(t *testing.T) {
10 testcases := map[string]struct {10 testcases := map[string]struct {
11 in func(t *testing.T)11 in func(t *testing.T)
12 out string12 out string
@@ -20,7 +20,7 @@ func TestGetSocketDir(t *testing.T) {
20 "deb": {20 "deb": {
21 in: func(t *testing.T) {21 in: func(t *testing.T) {
22 t.Setenv("SNAP_INSTANCE_NAME", "")22 t.Setenv("SNAP_INSTANCE_NAME", "")
23 }, out: "/run/maas/agent",23 }, out: "/run/maas",
24 },24 },
25 }25 }
2626
@@ -29,7 +29,7 @@ func TestGetSocketDir(t *testing.T) {
2929
30 t.Run(name, func(t *testing.T) {30 t.Run(name, func(t *testing.T) {
31 tc.in(t)31 tc.in(t)
32 res := getSocketDir()32 res := getRunDir()
33 assert.Equal(t, tc.out, res)33 assert.Equal(t, tc.out, res)
34 })34 })
35 }35 }
diff --git a/src/maasagent/internal/httpproxy/service.go b/src/maasagent/internal/httpproxy/service.go
index 8aea014..913b6d2 100644
--- a/src/maasagent/internal/httpproxy/service.go
+++ b/src/maasagent/internal/httpproxy/service.go
@@ -133,7 +133,7 @@ func (s *HTTPProxyService) Configure(ctx tworkflow.Context, systemID string) err
133 }133 }
134134
135 // XXX: While httpproxy-service service is consumed through socket via NGINX135 // XXX: While httpproxy-service service is consumed through socket via NGINX
136 // there is nothing bad about not setting the timeout on the listener/server/136 // there is nothing bad about not setting the timeout on the listener/server
137137
138 //nolint:gosec // this is okay in the current situation138 //nolint:gosec // this is okay in the current situation
139 go func() { s.fatal <- http.Serve(s.listener, s.proxy) }()139 go func() { s.fatal <- http.Serve(s.listener, s.proxy) }()

Subscribers

People subscribed via source and target branches