Fix apt-cacher-ng file owners during rsync
The lsyncd service runs as the 'nginx' user such that files sync'd from the master node to the backups will have 'nginx' as the owner. However, the apt-cacher-ng service needs to be the owner to function properly. This fix consolidates the pre and post sync tasks into a script that can be called by lsyncd. The script can then change the file owners as needed before and after the rsync. The owners need to be 'nginx' before the rsync so that lsyncd can update files and 'apt-cacher-ng' after the sync so the cacher service works. Additionally, setup lsyncd to sync each service's directory separately rather than being rsync'd all together. This avoids lsyncd bouncing services when their respective files are not being sync'd. Change-Id: Ifaba17b89035398917f2b3257574e18eb9027c08 Closes-bug: #1649339
This commit is contained in:
parent
55eb0f8830
commit
1169edc47b
|
@ -46,5 +46,16 @@ repo_pkg_cache_enabled: true
|
|||
# Set the listening port for the Package Cache service
|
||||
repo_pkg_cache_port: 3142
|
||||
|
||||
# Set the listening address for the PAckage Cache service
|
||||
# Set the listening address for the Package Cache service
|
||||
repo_pkg_cache_bind: "0.0.0.0"
|
||||
|
||||
# Set the git file paths
|
||||
repo_git_cache_dirname: openstackgit
|
||||
repo_git_cache_dir: "{{ repo_service_home_folder }}/repo/{{ repo_git_cache_dirname }}"
|
||||
|
||||
# Set the Package Cache Service files path
|
||||
repo_pkg_cache_dirname: pkg-cache
|
||||
repo_pkg_cache_dir: "{{ repo_service_home_folder }}/repo/{{ repo_pkg_cache_dirname }}"
|
||||
|
||||
# Set the Package Cache Service owner
|
||||
repo_pkg_cache_owner: apt-cacher-ng
|
||||
|
|
|
@ -42,9 +42,9 @@
|
|||
|
||||
- name: Create cache directory
|
||||
file:
|
||||
path: "{{ repo_service_home_folder }}/repo/pkg-cache"
|
||||
path: "{{ repo_pkg_cache_dir }}"
|
||||
state: "directory"
|
||||
owner: "apt-cacher-ng"
|
||||
owner: "{{ repo_pkg_cache_owner }}"
|
||||
group: "{{ repo_service_group_name }}"
|
||||
mode: "02775"
|
||||
|
||||
|
@ -72,4 +72,3 @@
|
|||
dest: "/etc/apt-cacher-ng/acng.conf"
|
||||
notify:
|
||||
- reload acng
|
||||
|
||||
|
|
|
@ -78,16 +78,26 @@
|
|||
tags:
|
||||
- pkg-repo-dirs
|
||||
|
||||
- name: Drop repo pre/post command script
|
||||
template:
|
||||
src: repo_prepost_cmd.sh.j2
|
||||
dest: "{{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh"
|
||||
mode: "0750"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
tags:
|
||||
- pkg-repo-config
|
||||
|
||||
- name: Check if the git folder exists already
|
||||
stat:
|
||||
path: "{{ repo_service_home_folder }}/repo/openstackgit"
|
||||
path: "{{ repo_git_cache_dir }}"
|
||||
register: _git_folder
|
||||
tags:
|
||||
- pkg-repo-dirs
|
||||
|
||||
- name: Git service data folder setup
|
||||
file:
|
||||
path: "{{ (_git_folder.stat.exists and _git_folder.stat.islnk) | ternary(_git_folder.stat.lnk_source, repo_service_home_folder + '/repo/openstackgit') }}"
|
||||
path: "{{ (_git_folder.stat.exists and _git_folder.stat.islnk) | ternary(_git_folder.stat.lnk_source, repo_git_cache_dir) }}"
|
||||
state: "directory"
|
||||
owner: "{{ repo_service_user_name }}"
|
||||
group: "{{ repo_service_group_name }}"
|
||||
|
|
|
@ -13,20 +13,13 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This is so that the master repo server can stop nginx on the slaves
|
||||
# while data is syncing.
|
||||
# This is so that the master repo server can perform pre and post rsync tasks
|
||||
# which may include stopping nginx on the slaves while data is syncing.
|
||||
- name: Allow nginx user to stop/start nginx via sudo
|
||||
copy:
|
||||
content: "nginx ALL=NOPASSWD: /etc/init.d/nginx start, /etc/init.d/nginx stop\n"
|
||||
content: "nginx ALL=NOPASSWD: {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh\n"
|
||||
dest: /etc/sudoers.d/nginx
|
||||
|
||||
# This is so that the master repo server can stop the git daemon on the slaves
|
||||
# while data is syncing.
|
||||
- name: Allow nginx user to stop/start git-daemon via sudo
|
||||
copy:
|
||||
content: "nginx ALL=NOPASSWD: /etc/init.d/git-daemon start, /etc/init.d/git-daemon stop\n"
|
||||
dest: /etc/sudoers.d/git-daemon
|
||||
|
||||
- name: Drop rsyncd configuration file(s)
|
||||
copy:
|
||||
src: "rsync.defaults"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
CacheDir: {{ repo_service_home_folder }}/repo/pkg-cache
|
||||
CacheDir: {{ repo_pkg_cache_dir }}
|
||||
LogDir: /var/log/apt-cacher-ng
|
||||
Port: {{ repo_pkg_cache_port }}
|
||||
BindAddress: {{ repo_pkg_cache_bind }}
|
||||
|
|
|
@ -4,5 +4,5 @@ Documentation=man:git-daemon(1)
|
|||
|
||||
[Service]
|
||||
User=nobody
|
||||
ExecStart=-{{ git_daemon_path }} --base-path={{ repo_service_home_folder }}/repo/openstackgit/ --export-all --user-path=public_git --syslog --inetd --verbose
|
||||
ExecStart=-{{ git_daemon_path }} --base-path={{ repo_git_cache_dir }}/ --export-all --user-path=public_git --syslog --inetd --verbose
|
||||
StandardInput=socket
|
||||
|
|
|
@ -593,14 +593,41 @@ sync {
|
|||
rsync,
|
||||
source = "{{ repo_service_home_folder }}/repo",
|
||||
target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_service_home_folder }}/repo",
|
||||
exclude = {"{{ repo_pkg_cache_dirname }}", "{{ repo_git_cache_dir }}"},
|
||||
rsync = {
|
||||
compress = true,
|
||||
acls = true,
|
||||
rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
|
||||
precmd = "sudo /etc/init.d/nginx stop; sudo /etc/init.d/git-daemon stop",
|
||||
postcmd = "sudo /etc/init.d/nginx start; sudo /etc/init.d/git-daemon start"
|
||||
precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-www",
|
||||
postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-www"
|
||||
}
|
||||
}
|
||||
|
||||
sync {
|
||||
rsync,
|
||||
source = "{{ repo_git_cache_dir }}",
|
||||
target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_git_cache_dir }}",
|
||||
rsync = {
|
||||
compress = true,
|
||||
acls = true,
|
||||
rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
|
||||
precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-git",
|
||||
postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-git"
|
||||
}
|
||||
}
|
||||
{% if repo_pkg_cache_enabled | bool %}
|
||||
sync {
|
||||
rsync,
|
||||
source = "{{ repo_pkg_cache_dir }}",
|
||||
target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_pkg_cache_dir }}",
|
||||
delete = false,
|
||||
rsync = {
|
||||
compress = true,
|
||||
acls = true,
|
||||
rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
|
||||
precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-pkg",
|
||||
postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-pkg"
|
||||
}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
#!/bin/bash
|
||||
# This script is called by lsyncd to perform 'pre' and 'post' rsync tasks.
|
||||
#
|
||||
PKG_CACHE={{ repo_pkg_cache_dir }}
|
||||
|
||||
function chg_owner {
|
||||
NEW_OWNER=$1
|
||||
if [ -d $PKG_CACHE ]; then
|
||||
chown -R $NEW_OWNER $PKG_CACHE
|
||||
fi
|
||||
}
|
||||
|
||||
CMD=$1
|
||||
case $CMD in
|
||||
pre-www)
|
||||
systemctl stop nginx
|
||||
;;
|
||||
post-www)
|
||||
systemctl start nginx
|
||||
;;
|
||||
pre-git)
|
||||
systemctl stop git.socket
|
||||
;;
|
||||
post-git)
|
||||
systemctl start git.socket
|
||||
;;
|
||||
pre-pkg)
|
||||
chg_owner {{ repo_service_user_name }}
|
||||
;;
|
||||
post-pkg)
|
||||
chg_owner {{ repo_pkg_cache_owner }}
|
||||
;;
|
||||
*)
|
||||
echo "Unknown command."
|
||||
esac
|
Loading…
Reference in New Issue