From 4e64c8495d8cddab653e7b6f8db1d4335755d4c9 Mon Sep 17 00:00:00 2001
From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Date: Thu, 21 Feb 2019 18:06:42 +0100
Subject: [maas] Fix permissions on (partial) redeploy

When redeploying a cluster only (keeping the infrastructure containers
from a previous deploy), some things need to be adjusted:
- /entrypoint.sh exec permission;
- /etc/maas uid/gid re-align on new (fresh) deploy;
- account for different location of /usr/sbin/tcpdump apparmor profile
  for CentOS jumpservers;

Change-Id: If51db0bc95eff1a497e1df5d457e26a7b902aa5a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 60bf21d6aedda367c3e017cd74ea8cf602f1fdef)
---
 mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2 | 4 ++--
 mcp/scripts/lib_jump_deploy.sh                         | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2 b/mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2
index 23b8d8f30..d92eeb017 100644
--- a/mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2
+++ b/mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2
@@ -10,9 +10,9 @@
 {%- set pxebr_addr = nm.net_admin | ipnet_hostaddr(nm.start_ip[nm.net_admin] + nm.net_admin_hosts.index('opnfv_infra_maas_node01_deploy_address') +1) %}
 if [ ! -e /var/lib/postgresql/*/main ]; then
     cp -ar /var/lib/opnfv/{postgresql,maas} /var/lib/
-    cp -ar /var/lib/opnfv/etc/{ssh,maas} /etc/
+    cp -ar /var/lib/opnfv/etc/maas /etc/
 fi
-chown -R maas:maas /var/lib/maas
+chown -R maas:maas /var/lib/maas /etc/maas
 chown -R postgres:postgres /var/lib/postgresql
 chown -R proxy:proxy /var/spool/maas-proxy
 
diff --git a/mcp/scripts/lib_jump_deploy.sh b/mcp/scripts/lib_jump_deploy.sh
index aad6ce586..a96becadd 100644
--- a/mcp/scripts/lib_jump_deploy.sh
+++ b/mcp/scripts/lib_jump_deploy.sh
@@ -441,10 +441,9 @@ function prepare_containers {
   mkdir -p "${image_dir}/"{salt/master.d,salt/minion.d}
 
   if grep -q -e 'maas' 'docker-compose/docker-compose.yaml'; then
-    chmod +x docker-compose/files/entrypoint*.sh
     # Apparmor workaround for bind9 inside Docker containers using AUFS
     for profile in 'usr.sbin.ntpd' 'usr.sbin.named' \
-                   'usr.sbin.dhcpd' 'usr.bin.tcpdump'; do
+                   'usr.sbin.dhcpd' 'usr.sbin.tcpdump' 'usr.bin.tcpdump'; do
       if [ -e "/etc/apparmor.d/${profile}" ] && \
        [ ! -e "/etc/apparmor.d/disable/${profile}" ]; then
         sudo ln -sf "/etc/apparmor.d/${profile}" "/etc/apparmor.d/disable/"
@@ -458,6 +457,9 @@ function start_containers {
   local image_dir=$1
   [ -n "${image_dir}" ] || exit 1
   [ ! -e "${image_dir}/docker-compose" ] || COMPOSE_PREFIX="${image_dir}/"
+  if grep -q -e 'maas' 'docker-compose/docker-compose.yaml'; then
+    chmod +x docker-compose/files/entrypoint*.sh
+  fi
   "${COMPOSE_PREFIX}docker-compose" -f docker-compose/docker-compose.yaml up -d
 }
 
-- 
cgit 1.2.3-korg