From 1169edc47be92943690983a6d10857761038b473 Mon Sep 17 00:00:00 2001
From: "Kyle L. Henderson" <kyleh@us.ibm.com>
Date: Wed, 14 Dec 2016 12:35:28 -0600
Subject: [PATCH] Fix apt-cacher-ng file owners during rsync

The lsyncd service runs as the 'nginx' user such that files sync'd
from the master node to the backups will have 'nginx' as the owner.
However, the apt-cacher-ng service needs to be the owner to function
properly. This fix consolidates the pre and post sync tasks into
a script that can be called by lsyncd. The script can then change
the file owners as needed before and after the rsync.  The owners
need to be 'nginx' before the rsync so that lsyncd can update
files and 'apt-cacher-ng' after the sync so the cacher service works.

Additionally, setup lsyncd to sync each service's directory separately
rather than being rsync'd all together. This avoids lsyncd bouncing
services when their respective files are not being sync'd.

Change-Id: Ifaba17b89035398917f2b3257574e18eb9027c08
Closes-bug: #1649339
---
 defaults/main.yml                | 13 +++++++++++-
 tasks/repo_cacher.yml            |  5 ++---
 tasks/repo_post_install.yml      | 14 +++++++++++--
 tasks/repo_pre_install.yml       | 13 +++---------
 templates/acng.conf.j2           |  2 +-
 templates/git.service.j2         |  2 +-
 templates/lsyncd.lua.j2          | 33 +++++++++++++++++++++++++++---
 templates/repo_prepost_cmd.sh.j2 | 35 ++++++++++++++++++++++++++++++++
 8 files changed, 96 insertions(+), 21 deletions(-)
 create mode 100644 templates/repo_prepost_cmd.sh.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 314d2b5..7b5bd17 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -46,5 +46,16 @@ repo_pkg_cache_enabled: true
 # Set the listening port for the Package Cache service
 repo_pkg_cache_port: 3142
 
-# Set the listening address for the PAckage Cache service
+# Set the listening address for the Package Cache service
 repo_pkg_cache_bind: "0.0.0.0"
+
+# Set the git file paths
+repo_git_cache_dirname: openstackgit
+repo_git_cache_dir: "{{ repo_service_home_folder }}/repo/{{ repo_git_cache_dirname }}"
+
+# Set the Package Cache Service files path
+repo_pkg_cache_dirname: pkg-cache
+repo_pkg_cache_dir: "{{ repo_service_home_folder }}/repo/{{ repo_pkg_cache_dirname }}"
+
+# Set the Package Cache Service owner
+repo_pkg_cache_owner: apt-cacher-ng
diff --git a/tasks/repo_cacher.yml b/tasks/repo_cacher.yml
index 23e9e1d..58644f8 100644
--- a/tasks/repo_cacher.yml
+++ b/tasks/repo_cacher.yml
@@ -42,9 +42,9 @@
 
 - name: Create cache directory
   file:
-    path: "{{ repo_service_home_folder }}/repo/pkg-cache"
+    path: "{{ repo_pkg_cache_dir }}"
     state: "directory"
-    owner: "apt-cacher-ng"
+    owner: "{{ repo_pkg_cache_owner }}"
     group: "{{ repo_service_group_name }}"
     mode: "02775"
 
@@ -72,4 +72,3 @@
     dest: "/etc/apt-cacher-ng/acng.conf"
   notify:
     - reload acng
-
diff --git a/tasks/repo_post_install.yml b/tasks/repo_post_install.yml
index a3ff76b..1a345db 100644
--- a/tasks/repo_post_install.yml
+++ b/tasks/repo_post_install.yml
@@ -78,16 +78,26 @@
   tags:
     - pkg-repo-dirs
 
+- name: Drop repo pre/post command script
+  template:
+    src: repo_prepost_cmd.sh.j2
+    dest: "{{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh"
+    mode: "0750"
+    owner: "root"
+    group: "root"
+  tags:
+    - pkg-repo-config
+
 - name: Check if the git folder exists already
   stat:
-    path: "{{ repo_service_home_folder }}/repo/openstackgit"
+    path: "{{ repo_git_cache_dir }}"
   register: _git_folder
   tags:
     - pkg-repo-dirs
 
 - name: Git service data folder setup
   file:
-    path: "{{ (_git_folder.stat.exists and _git_folder.stat.islnk) | ternary(_git_folder.stat.lnk_source, repo_service_home_folder + '/repo/openstackgit') }}"
+    path: "{{ (_git_folder.stat.exists and _git_folder.stat.islnk) | ternary(_git_folder.stat.lnk_source, repo_git_cache_dir) }}"
     state: "directory"
     owner: "{{ repo_service_user_name }}"
     group: "{{ repo_service_group_name }}"
diff --git a/tasks/repo_pre_install.yml b/tasks/repo_pre_install.yml
index 6cb9c2c..4f66c24 100644
--- a/tasks/repo_pre_install.yml
+++ b/tasks/repo_pre_install.yml
@@ -13,20 +13,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# This is so that the master repo server can stop nginx on the slaves
-# while data is syncing.
+# This is so that the master repo server can perform pre and post rsync tasks
+# which may include stopping nginx on the slaves while data is syncing.
 - name: Allow nginx user to stop/start nginx via sudo
   copy:
-    content: "nginx ALL=NOPASSWD: /etc/init.d/nginx start, /etc/init.d/nginx stop\n"
+    content: "nginx ALL=NOPASSWD: {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh\n"
     dest: /etc/sudoers.d/nginx
 
-# This is so that the master repo server can stop the git daemon on the slaves
-# while data is syncing.
-- name: Allow nginx user to stop/start git-daemon via sudo
-  copy:
-    content: "nginx ALL=NOPASSWD: /etc/init.d/git-daemon start, /etc/init.d/git-daemon stop\n"
-    dest: /etc/sudoers.d/git-daemon
-
 - name: Drop rsyncd configuration file(s)
   copy:
     src: "rsync.defaults"
diff --git a/templates/acng.conf.j2 b/templates/acng.conf.j2
index 07e5797..ccc80ff 100644
--- a/templates/acng.conf.j2
+++ b/templates/acng.conf.j2
@@ -1,6 +1,6 @@
 # {{ ansible_managed }}
 
-CacheDir: {{ repo_service_home_folder }}/repo/pkg-cache
+CacheDir: {{ repo_pkg_cache_dir }}
 LogDir: /var/log/apt-cacher-ng
 Port: {{ repo_pkg_cache_port }}
 BindAddress: {{ repo_pkg_cache_bind }}
diff --git a/templates/git.service.j2 b/templates/git.service.j2
index 78bdc24..dc6d7ac 100644
--- a/templates/git.service.j2
+++ b/templates/git.service.j2
@@ -4,5 +4,5 @@ Documentation=man:git-daemon(1)
 
 [Service]
 User=nobody
-ExecStart=-{{ git_daemon_path }} --base-path={{ repo_service_home_folder }}/repo/openstackgit/ --export-all --user-path=public_git --syslog --inetd --verbose
+ExecStart=-{{ git_daemon_path }} --base-path={{ repo_git_cache_dir }}/ --export-all --user-path=public_git --syslog --inetd --verbose
 StandardInput=socket
diff --git a/templates/lsyncd.lua.j2 b/templates/lsyncd.lua.j2
index b930960..b3978fb 100644
--- a/templates/lsyncd.lua.j2
+++ b/templates/lsyncd.lua.j2
@@ -593,14 +593,41 @@ sync {
     rsync,
     source = "{{ repo_service_home_folder }}/repo",
     target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_service_home_folder }}/repo",
+    exclude = {"{{ repo_pkg_cache_dirname }}", "{{ repo_git_cache_dir }}"},
     rsync = {
         compress = true,
         acls = true,
         rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
-        precmd = "sudo /etc/init.d/nginx stop; sudo /etc/init.d/git-daemon stop",
-        postcmd = "sudo /etc/init.d/nginx start; sudo /etc/init.d/git-daemon start"
+        precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-www",
+        postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-www"
     }
 }
-
+sync {
+    rsync,
+    source = "{{ repo_git_cache_dir }}",
+    target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_git_cache_dir }}",
+    rsync = {
+        compress = true,
+        acls = true,
+        rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
+        precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-git",
+        postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-git"
+    }
+}
+{% if repo_pkg_cache_enabled | bool %}
+sync {
+    rsync,
+    source = "{{ repo_pkg_cache_dir }}",
+    target = "{{ hostvars[node]['ansible_host'] }}:{{ repo_pkg_cache_dir }}",
+    delete = false,
+    rsync = {
+        compress = true,
+        acls = true,
+        rsh = "/usr/bin/ssh -l {{ repo_service_user_name }} -i {{ repo_service_home_folder }}/.ssh/id_rsa -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=5",
+        precmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh pre-pkg",
+        postcmd = "sudo {{ repo_service_home_folder }}/repo/repo_prepost_cmd.sh post-pkg"
+    }
+}
+{% endif %}
 {% endif %}
 {% endfor %}
diff --git a/templates/repo_prepost_cmd.sh.j2 b/templates/repo_prepost_cmd.sh.j2
new file mode 100644
index 0000000..df7468f
--- /dev/null
+++ b/templates/repo_prepost_cmd.sh.j2
@@ -0,0 +1,35 @@
+#!/bin/bash
+#  This script is called by lsyncd to perform 'pre' and 'post' rsync tasks.
+#
+PKG_CACHE={{ repo_pkg_cache_dir }}
+
+function chg_owner {
+  NEW_OWNER=$1
+  if [ -d $PKG_CACHE ]; then
+    chown -R $NEW_OWNER $PKG_CACHE
+  fi
+}
+
+CMD=$1
+case $CMD in
+pre-www)
+  systemctl stop nginx
+  ;;
+post-www)
+  systemctl start nginx
+  ;;
+pre-git)
+  systemctl stop git.socket
+  ;;
+post-git)
+  systemctl start git.socket
+  ;;
+pre-pkg)
+  chg_owner {{ repo_service_user_name }}
+  ;;
+post-pkg)
+  chg_owner {{ repo_pkg_cache_owner }}
+  ;;
+*)
+  echo "Unknown command."
+esac