From ef5e84f8ea7ace74912aad7a29eccfd3376c4ec0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Thu, 7 Nov 2019 09:42:08 +0100
Subject: [PATCH] Correct mysql-pacemaker upgrade task

There were two issues in the mysql-pacemaker upgrade tasks:

- SELinux: since we're using podman, we have proper selinux enforcing on
  the system and proper selinux separation for the containers. Some
  volumes were lacking the "z" flag, making them unaccessible

- Since we're on podman, we have to correct the "log-driver" in the
  command. This allow to get a dedicated log for debug purpose.

Change-Id: Ia03e6e8e913198b315c47982c14ed52569ec702c
Closes-Bug: #1851617
Resolves: rhbz#1769291
(cherry picked from commit 8b07a2259bc7e06e1423ee99a411b873dfe98937)
---
 deployment/database/mysql-pacemaker-puppet.yaml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/deployment/database/mysql-pacemaker-puppet.yaml b/deployment/database/mysql-pacemaker-puppet.yaml
index 059449fda6..1f0e34f9a6 100644
--- a/deployment/database/mysql-pacemaker-puppet.yaml
+++ b/deployment/database/mysql-pacemaker-puppet.yaml
@@ -233,9 +233,9 @@ outputs:
               list_concat:
                 - {get_attr: [ContainersCommon, volumes]}
                 -
-                  - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
-                  - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
-                  - /var/lib/mysql:/var/lib/mysql
+                  - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json:rw,z
+                  - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro,z
+                  - /var/lib/mysql:/var/lib/mysql:rw,z
             environment:
               KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
               KOLLA_BOOTSTRAP: true
@@ -584,13 +584,15 @@ outputs:
               shell:
                 str_replace:
                   template:
-                    'CONTAINER_CLI run --rm --log-driver=syslog -u root --net=host UPGRADE_ENV UPGRADE_VOLUMES "UPGRADE_IMAGE" /bin/bash -ecx "UPGRADE_SCRIPT"'
+                    'CONTAINER_CLI run --rm --log-driver=k8s-file --log-opt path=LOG_DIR/db-upgrade.log \
+                    -u root --net=host UPGRADE_ENV UPGRADE_VOLUMES "UPGRADE_IMAGE" /bin/bash -ecx "UPGRADE_SCRIPT"'
                   params:
                     UPGRADE_ENV: '-e "KOLLA_CONFIG_STRATEGY=COPY_ALWAYS"'
                     UPGRADE_IMAGE: *mysql_image_pcmklatest
-                    UPGRADE_VOLUMES: "-v {{ mysql_upgrade_db_bind_mounts | union(['/tmp/mariadb-upgrade:/var/log/mariadb:rw']) | join(' -v ')}}"
+                    UPGRADE_VOLUMES: "-v {{ mysql_upgrade_db_bind_mounts | union(['/tmp/mariadb-upgrade:/var/log/mariadb:rw,z']) | join(' -v ')}}"
                     UPGRADE_SCRIPT: "{{mysql_upgrade_script}}"
                     CONTAINER_CLI: "{{ container_cli }}"
+                    LOGDIR: '/var/log/containers/mysql'
 
       external_upgrade_tasks:
         - vars: