1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
Description: Check for commented out drives in fstab
This patch checks for commented out drives in /etc/fstab, in case Swift
drive-audit process removed it.
Author: Thomas Goirand <zigo@debian.org>
Forwarded: https://review.opendev.org/c/openstack/puppet-swift/+/775631
Last-Update: 2021-02-15
Index: puppet-module-swift/lib/facter/swift-commented-fstab-entries.rb
===================================================================
--- /dev/null
+++ puppet-module-swift/lib/facter/swift-commented-fstab-entries.rb
@@ -0,0 +1,21 @@
+# module_name/lib/facter/swift-commented-fstab-entries
+Facter.add(:swift_commented_fstab_entries) do
+ setcode do
+ myhash = {}
+ File.open('/etc/fstab').readlines.each{ |line|
+ if line.match('^[#]*UUID=')
+ mountpoint = line.split[1]
+ if mountpoint.match('^/srv/node/')
+ drivename = mountpoint.gsub('/srv/node/', '')
+ if line.match('^#')
+ c = { drivename => 'commented' }
+ else
+ c = { drivename => 'active' }
+ end
+ myhash = myhash.merge(c)
+ end
+ end
+ }
+ myhash
+ end
+end
Index: puppet-module-swift/manifests/storage/mount.pp
===================================================================
--- puppet-module-swift.orig/manifests/storage/mount.pp
+++ puppet-module-swift/manifests/storage/mount.pp
@@ -39,71 +39,86 @@
$fsoptions = 'user_xattr'
}
- # The directory that represents the mount point needs to exist.
- file { "${mnt_base_dir}/${name}":
- ensure => directory,
- require => Anchor['swift::config::begin'],
- before => Anchor['swift::config::end'],
- }
-
- # Make root own the mount point to prevent swift processes from writing files
- # when the disk device is not mounted
- exec { "fix_mountpoint_permissions_${name}":
- command => ['chown', '-R', 'root:root', "${mnt_base_dir}/${name}"],
- path => ['/usr/bin', '/bin'],
- before => Anchor['swift::config::end'],
- unless => "grep ${mnt_base_dir}/${name} /etc/mtab",
- }
-
- mount { "${mnt_base_dir}/${name}":
- ensure => present,
- device => $device,
- fstype => $fstype,
- options => "${options},${fsoptions}",
- }
-
- # double checks to make sure that things are mounted
- exec { "mount_${name}":
- command => "mount ${mnt_base_dir}/${name}",
- path => ['/bin'],
- unless => "grep ${mnt_base_dir}/${name} /etc/mtab",
- before => Anchor['swift::config::end'],
- }
-
$user = $swift::params::user
$group = $swift::params::group
- exec { "fix_mount_permissions_${name}":
- command => ['chown', '-R', "${user}:${group}", "${mnt_base_dir}/${name}"],
- path => ['/usr/bin', '/bin'],
- refreshonly => true,
- before => Anchor['swift::config::end'],
- }
-
- File["${mnt_base_dir}/${name}"]
- -> Exec["fix_mountpoint_permissions_${name}"]
- -> Mount["${mnt_base_dir}/${name}"]
- -> Exec["mount_${name}"]
-
- Mount["${mnt_base_dir}/${name}"] ~> Exec["fix_mount_permissions_${name}"]
- Exec["mount_${name}"] ~> Exec["fix_mount_permissions_${name}"]
-
- # mounting in linux and puppet is broken and non-atomic
- # we have to mount, check mount with executing command,
- # fix ownership and on selinux systems fix context.
- # It would be definitely nice if passing options uid=,gid=
- # would be possible as context is. But, as there already is
- # chown command we'll just restorecon on selinux enabled
- # systems :(
- if (str2bool($facts['os']['selinux']['enabled']) == true) {
- exec { "restorecon_mount_${name}":
- command => ['restorecon', "${mnt_base_dir}/${name}"],
- path => ['/usr/sbin', '/sbin'],
+ if $facts['swift_commented_fstab_entries'][$name] {
+ if $facts['swift_commented_fstab_entries'][$name] == 'active'{
+ # double checks to make sure that things are mounted
+ exec { "mount_${name}":
+ command => "mount ${mnt_base_dir}/${name}",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
+ unless => "cat /proc/mounts | grep -E '^/dev/.* ${mnt_base_dir}/${name}'",
+ require => Anchor['swift::config::begin'],
+ }->
+ exec { "fix_mount_permissions_${name}":
+ command => "chown swift:swift ${mnt_base_dir}/${name}",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
+ onlyif => "[ `stat -c '%U' ${mnt_base_dir}/${name}` != 'swift' ] || [ `stat -c '%G' ${mnt_base_dir}/${name}` != 'swift' ]",
+ before => Anchor['swift::config::end'],
+ }
+ }else{
+ # double checks to make sure that the folder is unmounted
+ exec { "unmount_fstab_commented_${name}":
+ command => "umount ${mnt_base_dir}/${name}",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
+ onlyif => "cat /proc/mounts | grep -q -E '^/dev/.* ${mnt_base_dir}/${name}'",
+ }
+ # If the drive was unmounted by swift disk auditor
+ # make sure that /srv/node/NAME is owned by root,
+ # so swift cannot fill-up the system partition.
+ -> exec { "fix_unmounted_drive_permissions_${name}":
+ command => "chown root:root ${mnt_base_dir}/${name}",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
+ unless => "cat /proc/mounts | grep -q -E '^/dev/.* ${mnt_base_dir}/${name}'",
+ onlyif => "[ `stat -c '%U' ${mnt_base_dir}/${name}` != 'root' ] || [ `stat -c '%G' ${mnt_base_dir}/${name}` != 'root' ]",
+ }
+ # If it's really unmounted, but not empty, then it
+ # means the folder contains files on the root filesystem:
+ # Chown its top folders.
+ -> exec { "chown_folder_${mnt_base_dir}/${name}/objects":
+ command => "chown root:root ${mnt_base_dir}/${name}/objects",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
+ onlyif => "ls -A1q ${mnt_base_dir}/${name}/ | grep -q . && test -d ${mnt_base_dir}/${name}/objects"
+ }
+ -> exec { "chown_folder_${mnt_base_dir}/${name}/accounts":
+ command => "chown root:root ${mnt_base_dir}/${name}/accounts",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
+ onlyif => "ls -A1q ${mnt_base_dir}/${name}/ | grep -q . && test -d ${mnt_base_dir}/${name}/accounts"
+ }
+ -> exec { "chown_folder_${mnt_base_dir}/${name}/containers":
+ command => "chown root:root ${mnt_base_dir}/${name}/containers",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
+ onlyif => "ls -A1q ${mnt_base_dir}/${name}/ | grep -q . && test -d ${mnt_base_dir}/${name}/containers"
+ }
+ -> notify{"${name}: The device already exist in fsttab, but is commented out": }
+ -> notify{"${name}: This may happen if swift has detected a problem on the device":}
+ -> notify{"${name}: and the swift drive-audit umounted the drive.":}
+ -> notify{"${name}: THIS NEEDS MANUAL UNCOMMENT AND MOUNT IF THE DRIVE IS FIXED/REPLACED.":
+ before => Anchor['swift::config::end'],}
+ }
+ }else{
+ # The directory must be owned by root before the mount,
+ # otherwise, when the drive breaks, swift fills-up the
+ # system partition.
+ file { "${mnt_base_dir}/${name}":
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ require => Anchor['swift::config::begin'],
+ }->
+ mount { "${mnt_base_dir}/${name}":
+ ensure => mounted,
+ device => $device,
+ fstype => $fstype,
+ options => "${options},${fsoptions}",
+ }->
+ # Fixup rights *only* once mounted
+ exec { "fix_mount_permissions_${name}":
+ command => "chown swift:swift ${mnt_base_dir}/${name}",
+ path => ['/usr/bin', '/usr/sbin', '/bin', '/sbin',],
before => Anchor['swift::config::end'],
refreshonly => true,
}
-
- Mount["${mnt_base_dir}/${name}"] ~> Exec["restorecon_mount_${name}"]
- Exec["mount_${name}"] ~> Exec["restorecon_mount_${name}"]
}
}
|
