From 5224330eea1c57bbda3fd1ddf3ca5174aebb4d4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ren=C3=A9=20Nussbaumer?= <rn@google.com>
Date: Tue, 27 Jul 2010 14:43:21 +0200
Subject: [PATCH] Adapt ensure-dirs to accomodate the additional permissions
 and files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Please note that this can and will be improved over time. There are discussions
about automated file generation of ensure-dirs so we can _really_ keep all the
permissions and file ownerships in one place. Because right now they are all
in this file _and_ on every WriteFile call.

Signed-off-by: RenΓ© Nussbaumer <rn@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>
---
 daemons/ensure-dirs.in | 106 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 95 insertions(+), 11 deletions(-)

diff --git a/daemons/ensure-dirs.in b/daemons/ensure-dirs.in
index c9de87bc8..aed690a13 100644
--- a/daemons/ensure-dirs.in
+++ b/daemons/ensure-dirs.in
@@ -8,6 +8,7 @@ RUNDIR="@LOCALSTATEDIR@/run"
 GNTRUNDIR="${RUNDIR}/ganeti"
 LOGDIR="@LOCALSTATEDIR@/log"
 GNTLOGDIR="${LOGDIR}/ganeti"
+LOCKDIR="@LOCALSTATEDIR@/lock"
 
 _fileset_owner() {
   case "$1" in
@@ -20,35 +21,116 @@ _fileset_owner() {
     rapi)
       echo "@GNTRAPIUSER@:@GNTRAPIGROUP@"
       ;;
+    noded)
+      echo "root:@GNTMASTERDGROUP@"
+      ;;
     daemons)
       echo "@GNTMASTERUSER@:@GNTDAEMONSGROUP@"
       ;;
+    masterd-confd)
+      echo "@GNTMASTERUSER@:@GNTCONFDGROUP@"
+      ;;
     *)
       echo "root:root"
       ;;
   esac
 }
 
+_ensure_file() {
+  local file="$1"
+  local perm="$2"
+  local owner="$3"
+
+  [[ -e "${file}" ]] || return 1
+  chmod ${perm} "${file}"
+
+  if ! [[ -z "${owner}" ]]; then
+    chown ${owner} "${file}"
+  fi
+
+  return 0
+}
+
 _ensure_dir() {
   local dir="$1"
   local perm="$2"
   local owner="$3"
 
-  [ -d "${dir}" ] || mkdir "${dir}"
-  chmod ${perm} "${dir}"
-  chown ${owner} "${dir}"
+  [[ -d "${dir}" ]] || mkdir "${dir}"
+
+  _ensure_file "${dir}" "${perm}" "${owner}"
+}
+
+_gather_files() {
+  local path="$1"
+  local perm="$2"
+  local user="$3"
+  local group="$4"
+
+  shift 4
+
+  find "${path}" -type f "(" "!" -perm ${perm} -or "(" "!" -user ${user} -or \
+       "!" -group ${group} ")" ")" "$@"
+}
+
+_ensure_datadir() {
+  _ensure_dir ${DATADIR} 0755 "$(_fileset_owner masterd)"
+  _ensure_dir ${DATADIR}/queue 0700 "$(_fileset_owner masterd)"
+  _ensure_dir ${DATADIR}/queue/archive 0700 "$(_fileset_owner masterd)"
+  _ensure_dir ${DATADIR}/uidpool 0750 "$(_fileset_owner noded)"
+
+  # We ignore these files if they don't exists (incomplete setup)
+  _ensure_file ${DATADIR}/cluster-domain-secret 0640 \
+               "$(_fileset_owner masterd)" || :
+  _ensure_file ${DATADIR}/config.data 0640 "$(_fileset_owner masterd-confd)" || :
+  _ensure_file ${DATADIR}/hmac.key 0440 "$(_fileset_owner confd)" || :
+  _ensure_file ${DATADIR}/known_hosts 0644 "$(_fileset_owner masterd)" || :
+  _ensure_file ${DATADIR}/rapi.pem 0440 "$(_fileset_owner rapi)" || :
+  _ensure_file ${DATADIR}/rapi_users 0640 "$(_fileset_owner rapi)" || :
+  _ensure_file ${DATADIR}/server.pem 0440 "$(_fileset_owner masterd)" || :
+  _ensure_file ${DATADIR}/queue/serial 0600 "$(_fileset_owner masterd)" || :
+
+  # To not change the utils.LockFile object
+  touch ${DATADIR}/queue/lock
+  _ensure_file ${DATADIR}/queue/lock 0600 "$(_fileset_owner masterd)"
+
+  for file in $(_gather_files ${DATADIR}/queue 0600 @GNTMASTERUSER@ \
+                @GNTMASTERDGROUP@); do
+    _ensure_file "${file}" 0600 "$(_fileset_owner masterd)"
+  done
+
+  for file in $(_gather_files ${DATADIR} 0600 root \
+                @GNTMASTERDGROUP@ -name 'ssconf_*'); do
+    _ensure_file "${file}" 0444 "$(_fileset_owner noded)"
+  done
 }
 
 _ensure_rundir() {
-  _ensure_dir "${GNTRUNDIR}" 0775 "$(_fileset_owner "daemons")"
-  _ensure_dir "${GNTRUNDIR}/socket" 0750 "$(_fileset_owner "daemons")"
+  _ensure_dir ${GNTRUNDIR} 0775 "$(_fileset_owner daemons)"
+  _ensure_dir ${GNTRUNDIR}/socket 0750 "$(_fileset_owner daemons)"
+  _ensure_dir ${GNTRUNDIR}/bdev-cache 0755 "$(_fileset_owner noded)"
+  _ensure_dir ${GNTRUNDIR}/instance-disks 0755 "$(_fileset_owner noded)"
+  _ensure_dir ${GNTRUNDIR}/crypto 0700 "$(_fileset_owner noded)"
+  _ensure_dir ${GNTRUNDIR}/import-export 0755 "$(_fileset_owner noded)"
+
+  # We ignore this file if it don't exists (not yet start up)
+  _ensure_file ${GNTRUNDIR}/socket/ganeti-master 0770 \
+               "$(_fileset_owner daemons)" || :
 }
 
 _ensure_logdir() {
-  _ensure_dir "${GNTLOGDIR}" 0770 "$(_fileset_owner "daemons")"
+  _ensure_dir ${GNTLOGDIR} 0770 "$(_fileset_owner daemons)"
+  _ensure_dir ${GNTLOGDIR}/os 0750 "$(_fileset_owner daemons)"
+
+  # We ignore these files if they don't exists (incomplete setup)
+  _ensure_file ${GNTLOGDIR}/master-daemon.log 0600 "$(_fileset_owner masterd)" || :
+  _ensure_file ${GNTLOGDIR}/conf-daemon.log 0600 "$(_fileset_owner confd)" || :
+  _ensure_file ${GNTLOGDIR}/node-daemon.log 0600 "$(_fileset_owner noded)" || :
+  _ensure_file ${GNTLOGDIR}/rapi-daemon.log 0600 "$(_fileset_owner rapi)" || :
+}
 
-  touch "${GNTLOGDIR}/rapi-daemon.log"
-  chown $(_fileset_owner "rapi") "${GNTLOGDIR}/rapi-daemon.log"
+_ensure_lockdir() {
+  _ensure_dir ${LOCKDIR} 1777 ""
 }
 
 _operate_while_hold() {
@@ -56,13 +138,15 @@ _operate_while_hold() {
   local path=$2
   shift 2
 
-  (cd "${path}";
+  (cd ${path};
    ${fn} "$@")
 }
 
 main() {
-  _operate_while_hold "_ensure_rundir" "${RUNDIR}"
-  _operate_while_hold "_ensure_logdir" "${LOGDIR}"
+  _operate_while_hold "_ensure_datadir" ${DATADIR}
+  _operate_while_hold "_ensure_rundir" ${RUNDIR}
+  _operate_while_hold "_ensure_logdir" ${LOGDIR}
+  _operate_while_hold "_ensure_lockdir" @LOCALSTATEDIR@
 }
 
 main "$@"
-- 
GitLab