Use a tempfile directory to store restart scripts

Make a tempfile directory and copy the restart scripts there (and then
execute them from there), rather than using insecure known filenames
in /tmp/

This is a partial fix for ceph/ceph-ansible#2937

Signed-off-by: Matthew Vernon <mv3@sanger.ac.uk>
pull/5262/head
Matthew Vernon 2019-11-28 17:28:53 +00:00 committed by Guillaume Abrioux
parent 2cfaa056e0
commit 7963a76c7a
10 changed files with 54 additions and 20 deletions

View File

@ -11,6 +11,23 @@
register: result register: result
until: result is succeeded until: result is succeeded
- name: make tempdir for scripts
tempfile:
state: directory
prefix: ceph_ansible
listen:
- "restart ceph mons"
- "restart ceph osds"
- "restart ceph mdss"
- "restart ceph rgws"
- "restart ceph nfss"
- "restart ceph rbdmirrors"
- "restart ceph mgrs"
- "restart ceph tcmu-runner"
- "restart ceph rbd-target-api-gw"
register: tmpdirpath
when: tmpdirpath is not defined or tmpdirpath.path is not defined or tmpdirpath.state=="absent"
- name: mons handler - name: mons handler
include_tasks: handler_mons.yml include_tasks: handler_mons.yml
when: mon_group_name in group_names when: mon_group_name in group_names
@ -55,3 +72,20 @@
include_tasks: handler_rbd_target_api_gw.yml include_tasks: handler_rbd_target_api_gw.yml
when: iscsi_gw_group_name in group_names when: iscsi_gw_group_name in group_names
listen: "restart ceph rbd-target-api-gw" listen: "restart ceph rbd-target-api-gw"
- name: remove tempdir for scripts
file:
path: "{{ tmpdirpath.path }}"
state: absent
listen:
- "restart ceph mons"
- "restart ceph osds"
- "restart ceph mdss"
- "restart ceph rgws"
- "restart ceph nfss"
- "restart ceph rbdmirrors"
- "restart ceph mgrs"
- "restart ceph tcmu-runner"
- "restart ceph rbd-target-api-gw"
register: tmpdirpath
when: tmpdirpath is defined

View File

@ -6,13 +6,13 @@
- name: copy mds restart script - name: copy mds restart script
template: template:
src: restart_mds_daemon.sh.j2 src: restart_mds_daemon.sh.j2
dest: /tmp/restart_mds_daemon.sh dest: "{{ tmpdirpath.path }}/restart_mds_daemon.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart ceph mds daemon(s) - name: restart ceph mds daemon(s)
command: /usr/bin/env bash /tmp/restart_mds_daemon.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_mds_daemon.sh
when: when:
- hostvars[item]['handler_mds_status'] | default(False) | bool - hostvars[item]['handler_mds_status'] | default(False) | bool
- hostvars[item]['_mds_handler_called'] | default(False) | bool - hostvars[item]['_mds_handler_called'] | default(False) | bool

View File

@ -6,13 +6,13 @@
- name: copy mgr restart script - name: copy mgr restart script
template: template:
src: restart_mgr_daemon.sh.j2 src: restart_mgr_daemon.sh.j2
dest: /tmp/restart_mgr_daemon.sh dest: "{{ tmpdirpath.path }}/restart_mgr_daemon.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart ceph mgr daemon(s) - name: restart ceph mgr daemon(s)
command: /usr/bin/env bash /tmp/restart_mgr_daemon.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_mgr_daemon.sh
when: when:
- hostvars[item]['handler_mgr_status'] | default(False) | bool - hostvars[item]['handler_mgr_status'] | default(False) | bool
- hostvars[item]['_mgr_handler_called'] | default(False) | bool - hostvars[item]['_mgr_handler_called'] | default(False) | bool

View File

@ -9,13 +9,13 @@
- name: copy mon restart script - name: copy mon restart script
template: template:
src: restart_mon_daemon.sh.j2 src: restart_mon_daemon.sh.j2
dest: /tmp/restart_mon_daemon.sh dest: "{{ tmpdirpath.path }}/restart_mon_daemon.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart ceph mon daemon(s) - name: restart ceph mon daemon(s)
command: /usr/bin/env bash /tmp/restart_mon_daemon.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_mon_daemon.sh
when: when:
# We do not want to run these checks on initial deployment (`socket.rc == 0`) # We do not want to run these checks on initial deployment (`socket.rc == 0`)
- hostvars[item]['handler_mon_status'] | default(False) | bool - hostvars[item]['handler_mon_status'] | default(False) | bool

View File

@ -6,13 +6,13 @@
- name: copy nfs restart script - name: copy nfs restart script
template: template:
src: restart_nfs_daemon.sh.j2 src: restart_nfs_daemon.sh.j2
dest: /tmp/restart_nfs_daemon.sh dest: "{{ tmpdirpath.path }}/restart_nfs_daemon.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart ceph nfs daemon(s) - name: restart ceph nfs daemon(s)
command: /usr/bin/env bash /tmp/restart_nfs_daemon.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_nfs_daemon.sh
when: when:
- hostvars[item]['handler_nfs_status'] | default(False) | bool - hostvars[item]['handler_nfs_status'] | default(False) | bool
- hostvars[item]['_nfs_handler_called'] | default(False) | bool - hostvars[item]['_nfs_handler_called'] | default(False) | bool

View File

@ -18,13 +18,13 @@
- name: copy osd restart script - name: copy osd restart script
template: template:
src: restart_osd_daemon.sh.j2 src: restart_osd_daemon.sh.j2
dest: /tmp/restart_osd_daemon.sh dest: "{{ tmpdirpath.path }}/restart_osd_daemon.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart ceph osds daemon(s) - name: restart ceph osds daemon(s)
command: /usr/bin/env bash /tmp/restart_osd_daemon.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_osd_daemon.sh
when: when:
- hostvars[item]['handler_osd_status'] | default(False) | bool - hostvars[item]['handler_osd_status'] | default(False) | bool
- handler_health_osd_check | bool - handler_health_osd_check | bool

View File

@ -6,13 +6,13 @@
- name: copy rbd-target-api restart script - name: copy rbd-target-api restart script
template: template:
src: restart_rbd_target_api.sh.j2 src: restart_rbd_target_api.sh.j2
dest: /tmp/restart_rbd_target_api.sh dest: "{{ tmpdirpath.path }}/restart_rbd_target_api.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart rbd-target-api - name: restart rbd-target-api
command: /usr/bin/env bash /tmp/restart_rbd_target_api.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rbd_target_api.sh
when: when:
- ceph_rbd_target_api_stat.get('rc') == 0 - ceph_rbd_target_api_stat.get('rc') == 0
- hostvars[item]['_rbd_target_api_handler_called'] | default(False) | bool - hostvars[item]['_rbd_target_api_handler_called'] | default(False) | bool
@ -32,13 +32,13 @@
- name: copy rbd-target-gw restart script - name: copy rbd-target-gw restart script
template: template:
src: restart_rbd_target_gw.sh.j2 src: restart_rbd_target_gw.sh.j2
dest: /tmp/restart_rbd_target_gw.sh dest: "{{ tmpdirpath.path }}/restart_rbd_target_gw.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart rbd-target-gw - name: restart rbd-target-gw
command: /usr/bin/env bash /tmp/restart_rbd_target_gw.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rbd_target_gw.sh
when: when:
- ceph_rbd_target_gw_stat.get('rc') == 0 - ceph_rbd_target_gw_stat.get('rc') == 0
- hostvars[item]['_rbd_target_gw_handler_called'] | default(False) | bool - hostvars[item]['_rbd_target_gw_handler_called'] | default(False) | bool

View File

@ -6,13 +6,13 @@
- name: copy rbd mirror restart script - name: copy rbd mirror restart script
template: template:
src: restart_rbd_mirror_daemon.sh.j2 src: restart_rbd_mirror_daemon.sh.j2
dest: /tmp/restart_rbd_mirror_daemon.sh dest: "{{ tmpdirpath.path }}/restart_rbd_mirror_daemon.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart ceph rbd mirror daemon(s) - name: restart ceph rbd mirror daemon(s)
command: /usr/bin/env bash /tmp/restart_rbd_mirror_daemon.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rbd_mirror_daemon.sh
when: when:
- hostvars[item]['handler_rbd_mirror_status'] | default(False) | bool - hostvars[item]['handler_rbd_mirror_status'] | default(False) | bool
- hostvars[item]['_rbdmirror_handler_called'] | default(False) | bool - hostvars[item]['_rbdmirror_handler_called'] | default(False) | bool

View File

@ -6,13 +6,13 @@
- name: copy rgw restart script - name: copy rgw restart script
template: template:
src: restart_rgw_daemon.sh.j2 src: restart_rgw_daemon.sh.j2
dest: /tmp/restart_rgw_daemon.sh dest: "{{ tmpdirpath.path }}/restart_rgw_daemon.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart ceph rgw daemon(s) - name: restart ceph rgw daemon(s)
command: /usr/bin/env bash /tmp/restart_rgw_daemon.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rgw_daemon.sh
when: when:
- hostvars[item]['handler_rgw_status'] | default(False) | bool - hostvars[item]['handler_rgw_status'] | default(False) | bool
- hostvars[item]['_rgw_handler_called'] | default(False) | bool - hostvars[item]['_rgw_handler_called'] | default(False) | bool

View File

@ -6,13 +6,13 @@
- name: copy tcmu-runner restart script - name: copy tcmu-runner restart script
template: template:
src: restart_tcmu_runner.sh.j2 src: restart_tcmu_runner.sh.j2
dest: /tmp/restart_tcmu_runner.sh dest: "{{ tmpdirpath.path }}/restart_tcmu_runner.sh"
owner: root owner: root
group: root group: root
mode: 0750 mode: 0750
- name: restart tcmu-runner - name: restart tcmu-runner
command: /usr/bin/env bash /tmp/restart_tcmu_runner.sh command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_tcmu_runner.sh
when: when:
- ceph_tcmu_runner_stat.get('rc') == 0 - ceph_tcmu_runner_stat.get('rc') == 0
- hostvars[item]['_tcmu_runner_handler_called'] | default(False) | bool - hostvars[item]['_tcmu_runner_handler_called'] | default(False) | bool