From 39bf395e91021dd51d53c312d6e02638267c3a6b Mon Sep 17 00:00:00 2001

From: Kotresh HR <khiremat@redhat.com>

Date: Tue, 20 Nov 2018 12:36:55 +0530

Subject: [PATCH 516/529] geo-rep: Fix permissions with non-root setup

Problem:

In non-root fail-over/fail-back(FO/FB), when slave is

promoted as master, the session goes to 'Faulty'

Cause:

The command 'gluster-mountbroker <mountbroker-root> <group>'

is run as a pre-requisite on slave in non-root setup.

It modifies the permission and group of following required

directories and files recursively

  [1] /var/lib/glusterd/geo-replication

  [2] /var/log/glusterfs/geo-replication-slaves

In a normal setup, this is executed on slave node and hence

doing it recursively is not an issue on [1]. But when original

master becomes slave in non-root during FO/FB, it contains

ssh public keys and modifying permissions on them causes

geo-rep to fail with incorrect permissions.

Fix:

Don't do permission change recursively. Fix permissions for

required files.

Backport of:

 > Patch: https://review.gluster.org/#/c/glusterfs/+/21689/

 > BUG: bz#1651498

 > Change-Id: I68a744644842e3b00abc26c95c06f123aa78361d

 > Signed-off-by: Kotresh HR <khiremat@redhat.com>

BUG: 1510752

Change-Id: I68a744644842e3b00abc26c95c06f123aa78361d

Signed-off-by: Kotresh HR <khiremat@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/162463

Tested-by: RHGS Build Bot <nigelb@redhat.com>

Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>

---

 geo-replication/src/peer_mountbroker.py.in | 12 +++++++++---

 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/geo-replication/src/peer_mountbroker.py.in b/geo-replication/src/peer_mountbroker.py.in

index be182c5..5be16a2 100644

--- a/geo-replication/src/peer_mountbroker.py.in

+++ b/geo-replication/src/peer_mountbroker.py.in

@@ -8,6 +8,7 @@ from gluster.cliutils import (execute, Cmd, node_output_ok,

 from prettytable import PrettyTable

 LOG_DIR = "@localstatedir@/log/glusterfs/geo-replication-slaves"

+CLI_LOG = "@localstatedir@/log/glusterfs/cli.log"

 GEOREP_DIR = "@GLUSTERD_WORKDIR@/geo-replication"

 GLUSTERD_VOLFILE = "@GLUSTERD_VOLFILE@"

@@ -142,7 +143,7 @@ class NodeSetup(Cmd):

     # chgrp -R <grp> /var/log/glusterfs/geo-replication-slaves

     # chgrp -R <grp> /var/lib/glusterd/geo-replication

     # chmod -R 770 /var/log/glusterfs/geo-replication-slaves

-    # chmod -R 770 /var/lib/glusterd/geo-replication

+    # chmod 770 /var/lib/glusterd/geo-replication

     # mkdir -p <mnt_root>

     # chmod 0711 <mnt_root>

     # If selinux,

@@ -192,8 +193,13 @@ class NodeSetup(Cmd):

         execute(["chgrp", "-R", args.group, GEOREP_DIR])

         execute(["chgrp", "-R", args.group, LOG_DIR])

-        execute(["chmod", "-R", "770", GEOREP_DIR])

-        execute(["chmod", "-R", "770", args.group, LOG_DIR])

+        execute(["chgrp", args.group, CLI_LOG])

+        execute(["chmod", "770", args.group, GEOREP_DIR])

+        execute(["find", LOG_DIR, "-type", "d", "-exec", "chmod", "770", "{}",

+                 "+"])

+        execute(["find", LOG_DIR, "-type", "f", "-exec", "chmod", "660", "{}",

+                 "+"])

+        execute(["chmod", "660", CLI_LOG])

         m.set_mount_root_and_group(args.mount_root, args.group)

         m.save()

-- 

1.8.3.1