From 4c3cfd0f85c1044c804b2c31d99a4bc3b1c1fe49 Mon Sep 17 00:00:00 2001 From: Kotresh HR Date: Tue, 20 Nov 2018 12:36:55 +0530 Subject: geo-rep: Fix permissions with non-root setup Problem: In non-root fail-over/fail-back(FO/FB), when slave is promoted as master, the session goes to 'Faulty' Cause: The command 'gluster-mountbroker ' is run as a pre-requisite on slave in non-root setup. It modifies the permission and group of following required directories and files recursively [1] /var/lib/glusterd/geo-replication [2] /var/log/glusterfs/geo-replication-slaves In a normal setup, this is executed on slave node and hence doing it recursively is not an issue on [1]. But when original master becomes slave in non-root during FO/FB, it contains ssh public keys and modifying permissions on them causes geo-rep to fail with incorrect permissions. Fix: Don't do permission change recursively. Fix permissions for required files. Backport of: > Patch: https://review.gluster.org/#/c/glusterfs/+/21689/ > fixes: bz#1651498 > Change-Id: I68a744644842e3b00abc26c95c06f123aa78361d > Signed-off-by: Kotresh HR (cherry picked from commit b2776b1ec1ad845ba568c4439bca3b57cc4d2592) fixes: bz#1654118 Change-Id: I68a744644842e3b00abc26c95c06f123aa78361d Signed-off-by: Kotresh HR --- geo-replication/src/peer_mountbroker.py.in | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/geo-replication/src/peer_mountbroker.py.in b/geo-replication/src/peer_mountbroker.py.in index b44192bef2c..d73879ef023 100644 --- a/geo-replication/src/peer_mountbroker.py.in +++ b/geo-replication/src/peer_mountbroker.py.in @@ -8,6 +8,7 @@ from gluster.cliutils import (execute, Cmd, node_output_ok, from prettytable import PrettyTable LOG_DIR = "@localstatedir@/log/glusterfs/geo-replication-slaves" +CLI_LOG = "@localstatedir@/log/glusterfs/cli.log" GEOREP_DIR = "@GLUSTERD_WORKDIR@/geo-replication" GLUSTERD_VOLFILE = "@GLUSTERD_VOLFILE@" @@ -142,7 +143,7 @@ class NodeSetup(Cmd): # chgrp -R /var/log/glusterfs/geo-replication-slaves # chgrp -R /var/lib/glusterd/geo-replication # chmod -R 770 /var/log/glusterfs/geo-replication-slaves - # chmod -R 770 /var/lib/glusterd/geo-replication + # chmod 770 /var/lib/glusterd/geo-replication # mkdir -p # chmod 0711 # If selinux, @@ -192,8 +193,13 @@ class NodeSetup(Cmd): execute(["chgrp", "-R", args.group, GEOREP_DIR]) execute(["chgrp", "-R", args.group, LOG_DIR]) - execute(["chmod", "-R", "770", GEOREP_DIR]) - execute(["chmod", "-R", "770", args.group, LOG_DIR]) + execute(["chgrp", args.group, CLI_LOG]) + execute(["chmod", "770", args.group, GEOREP_DIR]) + execute(["find", LOG_DIR, "-type", "d", "-exec", "chmod", "770", "{}", + "+"]) + execute(["find", LOG_DIR, "-type", "f", "-exec", "chmod", "660", "{}", + "+"]) + execute(["chmod", "660", CLI_LOG]) m.set_mount_root_and_group(args.mount_root, args.group) m.save() -- cgit