Fix apt-cacher-ng file owners during rsync

The lsyncd service runs as the 'nginx' user such that files sync'd from the master node to the backups will have 'nginx' as the owner. However, the apt-cacher-ng service needs to be the owner to function properly. This fix consolidates the pre and post sync tasks into a script that can be called by lsyncd. The script can then change the file owners as needed before and after the rsync. The owners need to be 'nginx' before the rsync so that lsyncd can update files and 'apt-cacher-ng' after the sync so the cacher service works. Additionally, setup lsyncd to sync each service's directory separately rather than being rsync'd all together. This avoids lsyncd bouncing services when their respective files are not being sync'd. Change-Id: Ifaba17b89035398917f2b3257574e18eb9027c08 Closes-bug: #1649339
2016-12-14 12:35:28 -06:00 · 2016-12-14 12:35:28 -06:00 · 1169edc47b
parent 55eb0f8830
commit 1169edc47b
8 changed files with 96 additions and 21 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -46,5 +46,16 @@ repo_pkg_cache_enabled: true
 # Set the listening port for the Package Cache service
 repo_pkg_cache_port: 3142

-# Set the listening address for the PAckage Cache service
+# Set the listening address for the Package Cache service
 repo_pkg_cache_bind: "0.0.0.0"
+
+# Set the git file paths
+repo_git_cache_dirname: openstackgit
+repo_git_cache_dir: "{{ repo_service_home_folder }}/repo/{{ repo_git_cache_dirname }}"
+
+# Set the Package Cache Service files path
+repo_pkg_cache_dirname: pkg-cache
+repo_pkg_cache_dir: "{{ repo_service_home_folder }}/repo/{{ repo_pkg_cache_dirname }}"
+
+# Set the Package Cache Service owner
+repo_pkg_cache_owner: apt-cacher-ng
--- a/tasks/repo_cacher.yml
+++ b/tasks/repo_cacher.yml
@ -42,9 +42,9 @@

 - name: Create cache directory
  file:
-    path: "{{ repo_service_home_folder }}/repo/pkg-cache"
+    path: "{{ repo_pkg_cache_dir }}"
    state: "directory"
-    owner: "apt-cacher-ng"
+    owner: "{{ repo_pkg_cache_owner }}"
    group: "{{ repo_service_group_name }}"
    mode: "02775"

@ -72,4 +72,3 @@
    dest: "/etc/apt-cacher-ng/acng.conf"
  notify:
    - reload acng
-
--- a/tasks/repo_post_install.yml
+++ b/tasks/repo_post_install.yml
@ -78,16 +78,26 @@
  tags:
    - pkg-repo-dirs

+- name: Drop repo pre/post command script
+  template:
+    src: repo_prepost_cmd.sh.j2
+    dest: "{{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh"
+    mode: "0750"
+    owner: "root"
+    group: "root"
+  tags:
+    - pkg-repo-config
+
 - name: Check if the git folder exists already
  stat:
-    path: "{{ repo_service_home_folder }}/repo/openstackgit"
+    path: "{{ repo_git_cache_dir }}"
  register: _git_folder
  tags:
    - pkg-repo-dirs

 - name: Git service data folder setup
  file:
-    path: "{{ (_git_folder.stat.exists and _git_folder.stat.islnk) | ternary(_git_folder.stat.lnk_source, repo_service_home_folder + '/repo/openstackgit') }}"
+    path: "{{ (_git_folder.stat.exists and _git_folder.stat.islnk) | ternary(_git_folder.stat.lnk_source, repo_git_cache_dir) }}"
    state: "directory"
    owner: "{{ repo_service_user_name }}"
    group: "{{ repo_service_group_name }}"
--- a/tasks/repo_pre_install.yml
+++ b/tasks/repo_pre_install.yml
@ -13,20 +13,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-# This is so that the master repo server can stop nginx on the slaves
-# while data is syncing.
+# This is so that the master repo server can perform pre and post rsync tasks
+# which may include stopping nginx on the slaves while data is syncing.
 - name: Allow nginx user to stop/start nginx via sudo
  copy:
-    content: "nginx ALL=NOPASSWD: /etc/init.d/nginx start, /etc/init.d/nginx stop\n"
+    content: "nginx ALL=NOPASSWD: {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh\n"
    dest: /etc/sudoers.d/nginx

-# This is so that the master repo server can stop the git daemon on the slaves
-# while data is syncing.
- name: Allow nginx user to stop/start git-daemon via sudo
-  copy:
-    content: "nginx ALL=NOPASSWD: /etc/init.d/git-daemon start, /etc/init.d/git-daemon stop\n"
-    dest: /etc/sudoers.d/git-daemon
-
 - name: Drop rsyncd configuration file(s)
  copy:
    src: "rsync.defaults"
--- a/templates/acng.conf.j2
+++ b/templates/acng.conf.j2
@ -1,6 +1,6 @@
 # {{ ansible_managed }}

-CacheDir: {{ repo_service_home_folder }}/repo/pkg-cache
+CacheDir: {{ repo_pkg_cache_dir }}
 LogDir: /var/log/apt-cacher-ng
 Port: {{ repo_pkg_cache_port }}
 BindAddress: {{ repo_pkg_cache_bind }}
--- a/templates/git.service.j2
+++ b/templates/git.service.j2
@ -4,5 +4,5 @@ Documentation=man:git-daemon(1)

 [Service]
 User=nobody
-ExecStart=-{{ git_daemon_path }} --base-path={{ repo_service_home_folder }}/repo/openstackgit/ --export-all --user-path=public_git --syslog --inetd --verbose
+ExecStart=-{{ git_daemon_path }} --base-path={{ repo_git_cache_dir }}/ --export-all --user-path=public_git --syslog --inetd --verbose
 StandardInput=socket
--- a/templates/lsyncd.lua.j2
+++ b/templates/lsyncd.lua.j2
@ -593,14 +593,41 @@ sync {
    rsync,
    source = "{{ repo_service_home_folder }}/repo",
    target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_service_home_folder }}/repo",
+    exclude = {"{{ repo_pkg_cache_dirname }}", "{{ repo_git_cache_dir }}"},
    rsync = {
        compress = true,
        acls = true,
        rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
-        precmd = "sudo /etc/init.d/nginx stop; sudo /etc/init.d/git-daemon stop",
-        postcmd = "sudo /etc/init.d/nginx start; sudo /etc/init.d/git-daemon start"
+        precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-www",
+        postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-www"
    }
 }
-
+sync {
+    rsync,
+    source = "{{ repo_git_cache_dir }}",
+    target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_git_cache_dir }}",
+    rsync = {
+        compress = true,
+        acls = true,
+        rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
+        precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-git",
+        postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-git"
+    }
+}
+{% if repo_pkg_cache_enabled | bool %}
+sync {
+    rsync,
+    source = "{{ repo_pkg_cache_dir }}",
+    target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_pkg_cache_dir }}",
+    delete = false,
+    rsync = {
+        compress = true,
+        acls = true,
+        rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
+        precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-pkg",
+        postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-pkg"
+    }
+}
+{% endif %}
 {% endif %}
 {% endfor %}
--- a/templates/repo_prepost_cmd.sh.j2
+++ b/templates/repo_prepost_cmd.sh.j2
@ -0,0 +1,35 @@
+#!/bin/bash
+#  This script is called by lsyncd to perform 'pre' and 'post' rsync tasks.
+#
+PKG_CACHE={{ repo_pkg_cache_dir }}
+
+function chg_owner {
+  NEW_OWNER=$1
+  if [ -d $PKG_CACHE ]; then
+    chown -R $NEW_OWNER $PKG_CACHE
+  fi
+}
+
+CMD=$1
+case $CMD in
+pre-www)
+  systemctl stop nginx
+  ;;
+post-www)
+  systemctl start nginx
+  ;;
+pre-git)
+  systemctl stop git.socket
+  ;;
+post-git)
+  systemctl start git.socket
+  ;;
+pre-pkg)
+  chg_owner {{ repo_service_user_name }}
+  ;;
+post-pkg)
+  chg_owner {{ repo_pkg_cache_owner }}
+  ;;
+*)
+  echo "Unknown command."
+esac