From: Matthew Vernon Date: Thu, 28 Nov 2019 17:28:53 +0000 (+0000) Subject: Use a tempfile directory to store restart scripts X-Git-Tag: v6.0.0alpha2~225 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=7963a76c7ae95fe931b51b92b95b6f253c616906;p=ceph-ansible.git Use a tempfile directory to store restart scripts Make a tempfile directory and copy the restart scripts there (and then execute them from there), rather than using insecure known filenames in /tmp/ This is a partial fix for ceph/ceph-ansible#2937 Signed-off-by: Matthew Vernon --- diff --git a/roles/ceph-handler/handlers/main.yml b/roles/ceph-handler/handlers/main.yml index a6f33e24b..4f6b6334c 100644 --- a/roles/ceph-handler/handlers/main.yml +++ b/roles/ceph-handler/handlers/main.yml @@ -11,6 +11,23 @@ register: result until: result is succeeded + - name: make tempdir for scripts + tempfile: + state: directory + prefix: ceph_ansible + listen: + - "restart ceph mons" + - "restart ceph osds" + - "restart ceph mdss" + - "restart ceph rgws" + - "restart ceph nfss" + - "restart ceph rbdmirrors" + - "restart ceph mgrs" + - "restart ceph tcmu-runner" + - "restart ceph rbd-target-api-gw" + register: tmpdirpath + when: tmpdirpath is not defined or tmpdirpath.path is not defined or tmpdirpath.state=="absent" + - name: mons handler include_tasks: handler_mons.yml when: mon_group_name in group_names @@ -55,3 +72,20 @@ include_tasks: handler_rbd_target_api_gw.yml when: iscsi_gw_group_name in group_names listen: "restart ceph rbd-target-api-gw" + + - name: remove tempdir for scripts + file: + path: "{{ tmpdirpath.path }}" + state: absent + listen: + - "restart ceph mons" + - "restart ceph osds" + - "restart ceph mdss" + - "restart ceph rgws" + - "restart ceph nfss" + - "restart ceph rbdmirrors" + - "restart ceph mgrs" + - "restart ceph tcmu-runner" + - "restart ceph rbd-target-api-gw" + register: tmpdirpath + when: tmpdirpath is defined diff --git a/roles/ceph-handler/tasks/handler_mdss.yml b/roles/ceph-handler/tasks/handler_mdss.yml index 98eaeae78..d150c5d80 100644 --- a/roles/ceph-handler/tasks/handler_mdss.yml +++ b/roles/ceph-handler/tasks/handler_mdss.yml @@ -6,13 +6,13 @@ - name: copy mds restart script template: src: restart_mds_daemon.sh.j2 - dest: /tmp/restart_mds_daemon.sh + dest: "{{ tmpdirpath.path }}/restart_mds_daemon.sh" owner: root group: root mode: 0750 - name: restart ceph mds daemon(s) - command: /usr/bin/env bash /tmp/restart_mds_daemon.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_mds_daemon.sh when: - hostvars[item]['handler_mds_status'] | default(False) | bool - hostvars[item]['_mds_handler_called'] | default(False) | bool diff --git a/roles/ceph-handler/tasks/handler_mgrs.yml b/roles/ceph-handler/tasks/handler_mgrs.yml index b7abd0cae..67ea7f41b 100644 --- a/roles/ceph-handler/tasks/handler_mgrs.yml +++ b/roles/ceph-handler/tasks/handler_mgrs.yml @@ -6,13 +6,13 @@ - name: copy mgr restart script template: src: restart_mgr_daemon.sh.j2 - dest: /tmp/restart_mgr_daemon.sh + dest: "{{ tmpdirpath.path }}/restart_mgr_daemon.sh" owner: root group: root mode: 0750 - name: restart ceph mgr daemon(s) - command: /usr/bin/env bash /tmp/restart_mgr_daemon.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_mgr_daemon.sh when: - hostvars[item]['handler_mgr_status'] | default(False) | bool - hostvars[item]['_mgr_handler_called'] | default(False) | bool diff --git a/roles/ceph-handler/tasks/handler_mons.yml b/roles/ceph-handler/tasks/handler_mons.yml index b4543e53b..91521a23e 100644 --- a/roles/ceph-handler/tasks/handler_mons.yml +++ b/roles/ceph-handler/tasks/handler_mons.yml @@ -9,13 +9,13 @@ - name: copy mon restart script template: src: restart_mon_daemon.sh.j2 - dest: /tmp/restart_mon_daemon.sh + dest: "{{ tmpdirpath.path }}/restart_mon_daemon.sh" owner: root group: root mode: 0750 - name: restart ceph mon daemon(s) - command: /usr/bin/env bash /tmp/restart_mon_daemon.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_mon_daemon.sh when: # We do not want to run these checks on initial deployment (`socket.rc == 0`) - hostvars[item]['handler_mon_status'] | default(False) | bool diff --git a/roles/ceph-handler/tasks/handler_nfss.yml b/roles/ceph-handler/tasks/handler_nfss.yml index beea2750a..98cd5f6c1 100644 --- a/roles/ceph-handler/tasks/handler_nfss.yml +++ b/roles/ceph-handler/tasks/handler_nfss.yml @@ -6,13 +6,13 @@ - name: copy nfs restart script template: src: restart_nfs_daemon.sh.j2 - dest: /tmp/restart_nfs_daemon.sh + dest: "{{ tmpdirpath.path }}/restart_nfs_daemon.sh" owner: root group: root mode: 0750 - name: restart ceph nfs daemon(s) - command: /usr/bin/env bash /tmp/restart_nfs_daemon.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_nfs_daemon.sh when: - hostvars[item]['handler_nfs_status'] | default(False) | bool - hostvars[item]['_nfs_handler_called'] | default(False) | bool diff --git a/roles/ceph-handler/tasks/handler_osds.yml b/roles/ceph-handler/tasks/handler_osds.yml index 0fbcfb7fa..2652b967e 100644 --- a/roles/ceph-handler/tasks/handler_osds.yml +++ b/roles/ceph-handler/tasks/handler_osds.yml @@ -18,13 +18,13 @@ - name: copy osd restart script template: src: restart_osd_daemon.sh.j2 - dest: /tmp/restart_osd_daemon.sh + dest: "{{ tmpdirpath.path }}/restart_osd_daemon.sh" owner: root group: root mode: 0750 - name: restart ceph osds daemon(s) - command: /usr/bin/env bash /tmp/restart_osd_daemon.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_osd_daemon.sh when: - hostvars[item]['handler_osd_status'] | default(False) | bool - handler_health_osd_check | bool diff --git a/roles/ceph-handler/tasks/handler_rbd_target_api_gw.yml b/roles/ceph-handler/tasks/handler_rbd_target_api_gw.yml index c8bfb12c2..f792c1458 100644 --- a/roles/ceph-handler/tasks/handler_rbd_target_api_gw.yml +++ b/roles/ceph-handler/tasks/handler_rbd_target_api_gw.yml @@ -6,13 +6,13 @@ - name: copy rbd-target-api restart script template: src: restart_rbd_target_api.sh.j2 - dest: /tmp/restart_rbd_target_api.sh + dest: "{{ tmpdirpath.path }}/restart_rbd_target_api.sh" owner: root group: root mode: 0750 - name: restart rbd-target-api - command: /usr/bin/env bash /tmp/restart_rbd_target_api.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rbd_target_api.sh when: - ceph_rbd_target_api_stat.get('rc') == 0 - hostvars[item]['_rbd_target_api_handler_called'] | default(False) | bool @@ -32,13 +32,13 @@ - name: copy rbd-target-gw restart script template: src: restart_rbd_target_gw.sh.j2 - dest: /tmp/restart_rbd_target_gw.sh + dest: "{{ tmpdirpath.path }}/restart_rbd_target_gw.sh" owner: root group: root mode: 0750 - name: restart rbd-target-gw - command: /usr/bin/env bash /tmp/restart_rbd_target_gw.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rbd_target_gw.sh when: - ceph_rbd_target_gw_stat.get('rc') == 0 - hostvars[item]['_rbd_target_gw_handler_called'] | default(False) | bool diff --git a/roles/ceph-handler/tasks/handler_rbdmirrors.yml b/roles/ceph-handler/tasks/handler_rbdmirrors.yml index 28ccb6ade..1baff68e8 100644 --- a/roles/ceph-handler/tasks/handler_rbdmirrors.yml +++ b/roles/ceph-handler/tasks/handler_rbdmirrors.yml @@ -6,13 +6,13 @@ - name: copy rbd mirror restart script template: src: restart_rbd_mirror_daemon.sh.j2 - dest: /tmp/restart_rbd_mirror_daemon.sh + dest: "{{ tmpdirpath.path }}/restart_rbd_mirror_daemon.sh" owner: root group: root mode: 0750 - name: restart ceph rbd mirror daemon(s) - command: /usr/bin/env bash /tmp/restart_rbd_mirror_daemon.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rbd_mirror_daemon.sh when: - hostvars[item]['handler_rbd_mirror_status'] | default(False) | bool - hostvars[item]['_rbdmirror_handler_called'] | default(False) | bool diff --git a/roles/ceph-handler/tasks/handler_rgws.yml b/roles/ceph-handler/tasks/handler_rgws.yml index aa3c1bea6..bbcd7775d 100644 --- a/roles/ceph-handler/tasks/handler_rgws.yml +++ b/roles/ceph-handler/tasks/handler_rgws.yml @@ -6,13 +6,13 @@ - name: copy rgw restart script template: src: restart_rgw_daemon.sh.j2 - dest: /tmp/restart_rgw_daemon.sh + dest: "{{ tmpdirpath.path }}/restart_rgw_daemon.sh" owner: root group: root mode: 0750 - name: restart ceph rgw daemon(s) - command: /usr/bin/env bash /tmp/restart_rgw_daemon.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_rgw_daemon.sh when: - hostvars[item]['handler_rgw_status'] | default(False) | bool - hostvars[item]['_rgw_handler_called'] | default(False) | bool diff --git a/roles/ceph-handler/tasks/handler_tcmu_runner.yml b/roles/ceph-handler/tasks/handler_tcmu_runner.yml index d2a82fb92..70e9d50b6 100644 --- a/roles/ceph-handler/tasks/handler_tcmu_runner.yml +++ b/roles/ceph-handler/tasks/handler_tcmu_runner.yml @@ -6,13 +6,13 @@ - name: copy tcmu-runner restart script template: src: restart_tcmu_runner.sh.j2 - dest: /tmp/restart_tcmu_runner.sh + dest: "{{ tmpdirpath.path }}/restart_tcmu_runner.sh" owner: root group: root mode: 0750 - name: restart tcmu-runner - command: /usr/bin/env bash /tmp/restart_tcmu_runner.sh + command: /usr/bin/env bash {{ hostvars[item]['tmpdirpath']['path'] }}/restart_tcmu_runner.sh when: - ceph_tcmu_runner_stat.get('rc') == 0 - hostvars[item]['_tcmu_runner_handler_called'] | default(False) | bool